瑞星网站每日安全播报(2009年6月9日) bbs.ikaka.com

networkedition - 2009-6-9 16:20:00

引用:

网址均来自瑞星每日安全播报，我们详细分析其中所挂恶意网址，对于已失效的恶意网址就不在分析。

引用:

注：以下分析出的恶意网址均包含有真实网马下载地址，请勿直接下载并运行，以免系统中招。

引用:

1.http://cvvzvv.xmg04.host.35.com(华声晨报）
2. http://eyeni.ys168.com（永硕E盘）
3. http://www.zs91.com/html/001/sale/info_view_14233901.htm(掌商网)
4. http://zhichang.china.cn/rdzt/node_7461.htm(中国网职场频道)

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

networkedition - 2009-6-9 16:21:00

Log is generated by FreShow.
[wide]http://cvvzvv.xmg04.host.35.com
[script]http://cvvzvv.xmg04.host.35.com/style/functions.js
[script]http://cvvzvv.xmg04.host.35.com/style/mouse_on_title.js
[script]http://%32%34%68%6A%6B%2E%63%6F%6D/images/xx.gif
[frame]http://sfgfdhg33.3322.org/a/a1a.htm?4
[frame]http://sfgfdhg33.3322.org/a/index.htm
[frame]http://sfgfdhg33.3322.org/a/flash.htm
[frame]http://sfgfdhg33.3322.org/a/a44.htm
[script]http://sfgfdhg33.3322.org/a/14.js
[object]http://www.f21f2.com/wm/14.exe
[frame]http://sfgfdhg33.3322.org/a/office.htm
[script]http://sfgfdhg33.3322.org/a/of.js
[object]http://www.f21f2.com/wm/of.exe
[frame]http://sfgfdhg33.3322.org/a/02.htm
[script]http://sfgfdhg33.3322.org/a/set.js
[object]http://www.f21f2.com/wm/02.exe
[frame]http://sfgfdhg33.3322.org/a/pef.pdf
[object]http://www.f21f2.com/wm/pd.exe
[script]http://sfgfdhg33.3322.org/a/\"http:\/\/js.tongji.cn.yahoo.com\/1081870\/ystat.js\"
[script]http://s56.cnzz.com/stat.php?id=1408266&web_id=1408266
[script]http://js.tongji.cn.yahoo.com/970160/ystat.js
[script]http://cvvzvv.xmg04.host.35.com/ads/language.js
[script]http://www.google.com/uds/api?

file=uds.js&v=1.0&key=ABQIAAAA2Z4xRUTJeojR90cQYZ3F4hTHPIAVCRb4fREgtkNGr7era9rUUxQF-fQmx8YOGQz23NGLHq2Yq_imuA&hl=zh-CN
[script]http://www.google.com/cse/api/overlay.js
[script]http://img.alimama.cn/bm/bm.js?v=20090518
[script]http://cvvzvv.xmg04.host.35.com/style/data_link.js
[script]http://cvvzvv.xmg04.host.35.com/style/data_link_txt.js
[script]http://s137.cnzz.com/stat.php?id=833856&web_id=833856&show=pic

networkedition - 2009-6-9 16:22:00

Log is generated by FreShow.
[wide]http://eyeni.ys168.com
[script]http://eyeni.ys168.com/infile/mainY_6.js
[frame]http://eyeni.ys168.com/infile/about:blank
[frame]http://eyeni.ys168.com/infile/about:blank
[frame]http://eyeni.ys168.com/about:blank
[frame]http://eyeni.ys168.com/infile/lyb.aspx?dlmc=eyeni
[frame]http://eyeni.ys168.com/about:blank
[frame]http://eyeni.ys168.com/infile/Ccenter.aspx?dlmc=eyeni
[object]http://ys-c.ys168.com/?home.txt_4s7bso7d7ejs7bs1btrrooll0co7bktm4bp0bsl2btl5bu1u20f16za
[object]http://sea2000sky.3322.org/soft/1.exe
[frame]http://eyeni.ys168.com/about:blank

networkedition - 2009-6-9 16:22:00

Log is generated by FreShow.
[wide]http://www.zs91.com/html/001/sale/info_view_14233901.htm
[script]http://www.zs91.com/newtop.js
[script]http://pagead2.googlesyndication.com/pagead/show_ads.js
[script]http://pagead2.googlesyndication.com/pagead/show_ads.js
[frame]http://www.zs91.com/ads/adsinfo2.htm
[script]http://www.zs91.com/ads/info_ads.js
[frame]http://www.zs91.com/html/001/contact/info_lx_281228.htm
[script]http://3b3.org/c.js
[frame]http://aaa4yhr.8866.org/a/a100.htm
[frame]http://aaa4yhr.8866.org/a/index.htm
[frame]http://aaa4yhr.8866.org/a/flash.htm
[frame]http://aaa4yhr.8866.org/a/a44.htm
[script]http://aaa4yhr.8866.org/a/14.js
[object]http://www.f21f2.com/wm/14.exe
[frame]http://aaa4yhr.8866.org/a/office.htm
[script]http://aaa4yhr.8866.org/a/of.js
[object]http://www.f21f2.com/wm/of.exe
[frame]http://aaa4yhr.8866.org/a/02.htm
[script]http://aaa4yhr.8866.org/a/set.js
[object]http://www.f21f2.com/wm/02.exe
[frame]http://aaa4yhr.8866.org/a/pef.pdf
[object]http://www.f21f2.com/wm/pd.exe
[script]http://aaa4yhr.8866.org/a/\"http:\/\/js.tongji.cn.yahoo.com\/1083501\/ystat.js\"
[script]http://s31.cnzz.com/stat.php?id=1408284&web_id=1408284
[frame]http://aaa4yhr.8866.org/a/a100.htm
[script]http://3b3.org/\"http:\/\/js.tongji.linezing.com\/1136402\/tongji.js\"
[script]http://pagead2.googlesyndication.com/pagead/show_ads.js
[script]http://pagead2.googlesyndication.com/pagead/show_ads.js
[script]http://www.zs91.com/newend.js
[script]http://pagead2.googlesyndication.com/pagead/show_ads.js

networkedition - 2009-6-9 16:23:00

Log is generated by FreShow.
[wide]http://zhichang.china.cn/rdzt/node_7461.htm
[frame]http://zhichang.china.cn/rdzt/../two_banner.htm
[frame]http://www.zhichang.cn/iframe/china/re060728.asp
[script]http://3b3.org/c.js
[frame]http://aaa4yhr.8866.org/a/a100.htm
[frame]http://aaa4yhr.8866.org/a/index.htm
[frame]http://aaa4yhr.8866.org/a/flash.htm
[frame]http://aaa4yhr.8866.org/a/a44.htm
[script]http://aaa4yhr.8866.org/a/14.js
[object]http://www.f21f2.com/wm/14.exe
[frame]http://aaa4yhr.8866.org/a/office.htm
[script]http://aaa4yhr.8866.org/a/of.js
[object]http://www.f21f2.com/wm/of.exe
[frame]http://aaa4yhr.8866.org/a/02.htm
[script]http://aaa4yhr.8866.org/a/set.js
[object]http://www.f21f2.com/wm/02.exe
[frame]http://aaa4yhr.8866.org/a/pef.pdf
[object]http://www.f21f2.com/wm/pd.exe
[script]http://aaa4yhr.8866.org/a/\"http:\/\/js.tongji.cn.yahoo.com\/1083501\/ystat.js\"
[script]http://s31.cnzz.com/stat.php?id=1408284&web_id=1408284
[frame]http://aaa4yhr.8866.org/a/a100.htm
[script]http://3b3.org/\"http:\/\/js.tongji.linezing.com\/1136402\/tongji.js\"
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[frame]http://zhichang.china.cn/rdzt/../bottom.htm

艾玛 - 2009-6-9 17:18:00

Log is generated by FreShow.
[wide]http://24hjk.com/images/xx.gif
[frame]http://sfgfdhg33.3322.org/a/a1a.htm?4
[frame]http://sfgfdhg33.3322.org/a/index.htm
[frame]http://sfgfdhg33.3322.org/a/flash.htm
[frame]http://sfgfdhg33.3322.org/a/iss.html
[frame]http://sfgfdhg33.3322.org/a/fss.html
以上两个里好多swf自己下载啊
[frame]http://sfgfdhg33.3322.org/a/a44.htm
[script]http://sfgfdhg33.3322.org/a/14.js
[object]http://www.f21f2.com/wm/14.exe
[frame]http://sfgfdhg33.3322.org/a/office.htm
[script]http://sfgfdhg33.3322.org/a/of.js
[object]http://www.f21f2.com/wm/of.exe
[frame]http://sfgfdhg33.3322.org/a/02.htm
[script]http://sfgfdhg33.3322.org/a/set.js
[object]http://www.f21f2.com/wm/02.exe
[frame]http://sfgfdhg33.3322.org/a/pef.pdf
[object]http://www.jpjspro.com/flinko.exe

networkedition - 2009-6-9 17:24:00

哪个pdf又变了:kaka2:

艾玛 - 2009-6-9 17:28:00

这些最近真泛滥，有可能是多域名，内容差不多

3322.org:kaka10:

悠悠Ｗǒ╭心 - 2009-6-9 22:13:00

引用:

原帖由 networkedition 于 2009-6-9 16:22:00 发表
Log is generated by FreShow.
[wide]http://eyeni.ys168.com
[script]http://eyeni.ys168.com/infile/mainY_6.js
[frame]http://eyeni.ys168.com/infile/about:blank
[frame]http://ey......

无法下载挂的东西。

networkedition - 2009-6-10 9:07:00

那个网马地址失效了。

shadowmin - 2009-6-10 9:18:00

那个PDF里面有两个
一个直接可以看到，另外一个是用zlib压缩的

小生畅谈 - 2009-6-10 11:14:00

这个是老师你用记事本打开来解，而大版主是用REDOCE的执行A>PDF/CWS/Zlib Extractor来解的，但是两个解出来为啥会不一样呢？:kaka2:

networkedition - 2009-6-10 13:00:00

奇怪的确两种方法解密出了两个网马地址，都是有效可以下载:
hxxp://www.jpjspro.com/flinko.exe
hxxp://www.f21f2.com/wm/pd.exe

networkedition - 2009-6-10 13:25:00

地址没有失效:kaka6:

zonc - 2009-6-10 13:39:00

被人挂马了

瑞星卡卡安全论坛