瑞星网站每日安全播报(2009年6月15日) bbs.ikaka.com

networkedition - 2009-6-15 12:40:00

引用:

网址均来自瑞星每日安全播报，我们详细分析其中所挂恶意网址，对于已失效的恶意网址就不在分析。

引用:

注：以下分析出的恶意网址均包含有真实网马下载地址，请勿直接下载并运行，以免系统中招。

引用:

1. http://341158.ctc-w253.dns.com.cn/(美丽俱乐部)
2. http://ju.aeeboo.com/(制片厂剧组--爱播网)
3. http://trade.artron.net/(雅昌网上藏品信息发布平台)
4. http://114.gznet.com/page.aspx?id=10000125(118114——号码百事通)
5. http://gx.gongkong.com/( 中国工控网-中国自动化)
　　

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

networkedition - 2009-6-15 12:41:00

Log is generated by FreShow.
[wide]http://341158.ctc-w253.dns.com.cn/
[script]http://341158.ctc-w253.dns.com.cn/./package/fir_global.js
[ani]http://341158.ctc-w253.dns.com.cn/./images/index_042.jpg);
[ani]http://341158.ctc-w253.dns.com.cn/./images/index_051.jpg);padding:0px
[ani]http://341158.ctc-w253.dns.com.cn/./images/index_051.jpg);padding:0px
[script]http://baido.ch.ma/js.js?google_ad_format=600x90_as
[frame]http://baido.ch.ma/http:\/\/www.zlflawyer.com\/360\/360.htm
[frame]http://www.zlflawyer.com/360/x.htm
[script]http://www.zlflawyer.com/360/all.css
[frame]http://www.zlflawyer.com/360/3.htm
[object]http://www.zlflawyer.com/360/3.css
[object]http://360.xl.cx/v.css
[frame]http://www.zlflawyer.com/360/4.htm
[object]http://www.zlflawyer.com/360/2.css
[object]http://360.xl.cx/v.css
[frame]http://www.zlflawyer.com/360/1.htm
[script]http://www.zlflawyer.com/360/1.css
[object]http://360.xl.cx/v.css
[script]http://www.zlflawyer.com/360/15.js
[script]http://www.zlflawyer.com/360/16.js
[frame]http://www.zlflawyer.com/360/office.htm
[object]http://www.zlflawyer.com/360/office.css
[object]http://360.xl.cx/v.css
[frame]http://www.zlflawyer.com/360/newlz.htm
[object]http://www.zlflawyer.com/360/newlz.css
[object]http://360.xl.cx/v.css
[frame]http://www.zlflawyer.com/360/s.htm
[object]http://www.zlflawyer.com/360/office.css
[object]http://360.xl.cx/v.css
[frame]http://www.zlflawyer.com/360/bf.htm
[script]http://www.zlflawyer.com/360/2.css
[script]http://www.zlflawyer.com/360/bf.js
[object]http://360.xl.cx/v.css
[frame]http://www.zlflawyer.com/360/cx.htm
[object]http://www.zlflawyer.com/360/2.css
[object]http://360.xl.cx/v.css
[frame]http://www.zlflawyer.com/360/2.htm
[object]http://www.zlflawyer.com/360/2.css
[object]http://360.xl.cx/v.css
[frame]http://www.zlflawyer.com/360/pp.htm
[frame]http://www.zlflawyer.com/360/pp.pdf
[object]http://360.xl.cx/v.css
[frame]http://www.zlflawyer.com/360/7.htm
[script]http://www.zlflawyer.com/360/7.css
[object]http://360.xl.cx/v.css
[script]http://js.tongji.cn.yahoo.com/806392/ystat.js

networkedition - 2009-6-15 12:42:00

Log is generated by FreShow.
[wide]http://ju.aeeboo.com/comments.aspx?articleid=94&curpage=10
[script]http://3b3.org/c.js
[frame]http://ccndk822.cn/a/a100.htm
[frame]http://ccndk822.cn/a/index.htm
[frame]http://ccndk822.cn/a/flash.htm
[frame]http://ccndk822.cn/a/a44.htm
[script]http://ccndk822.cn/a/14.js
[object]http://tes10.com/wm/svchost.exe
[frame]http://ccndk822.cn/a/office.htm
[script]http://ccndk822.cn/a/of.js
[object]http://tes10.com/wm/svchost.exe
[frame]http://ccndk822.cn/a/02.htm
[script]http://ccndk822.cn/a/set.js
[object]http://tes10.com/wm/svchost.exe
[frame]http://ccndk822.cn/a/pef.pdf
[object]http://tes10.com/wm/svchost.exe
[script]http://ccndk822.cn/a/\"http:\/\/js.tongji.cn.yahoo.com\/1083501\/ystat.js\"
[script]http://s31.cnzz.com/stat.php?id=1408284&web_id=1408284
[frame]http://ccndk822.cn/a/a100.htm
[script]http://3b3.org/\"http:\/\/js.tongji.linezing.com\/1136402\/tongji.js\"
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://image.aeeboo.com/aeeboocount.js
[script]http://vip4.1tong.com.cn/link/count.php?id=535
[script]http://count28.51yes.com/click.aspx?id=285829580&logo=9

networkedition - 2009-6-15 12:42:00

Log is generated by FreShow.
[wide]http://trade.artron.net/
[script]http://3565.qlql.net/j.js
[script]http://js.users.51.la/2781798.js
[frame]http://3565.qlql.net/http:\/\/tyujghj.cn:338\/b049781\/b04.htm
[script]http://js.tongji.cn.yahoo.com/650086/ystat.js
[script]http://stat.artron.net/state.js
[script]http://trade.artron.net/+url+
[script]http://js.users.51.la/476319.js
[script]http://stattest.artron.net/stat.js
[script]http://www.artron.net/js/nadCouplet2c.js

networkedition - 2009-6-15 12:45:00

Log is generated by FreShow.
[wide]http://114.gznet.com/page.aspx?id=10000125
[frame]http://114.gznet.com/IframeIndexbar.htm
[script]http://3b3.org/c.js
[frame]http://ccndk822.cn/a/a100.htm
[frame]http://ccndk822.cn/a/index.htm
[frame]http://ccndk822.cn/a/flash.htm
[frame]http://ccndk822.cn/a/a44.htm
[script]http://ccndk822.cn/a/14.js
[object]http://tes10.com/wm/svchost.exe
[frame]http://ccndk822.cn/a/office.htm
[script]http://ccndk822.cn/a/of.js
[object]http://tes10.com/wm/svchost.exe
[frame]http://ccndk822.cn/a/02.htm
[script]http://ccndk822.cn/a/set.js
[object]http://tes10.com/wm/svchost.exe
[frame]http://ccndk822.cn/a/pef.pdf
[object]http://tes10.com/wm/svchost.exe
[script]http://ccndk822.cn/a/\"http:\/\/js.tongji.cn.yahoo.com\/1083501\/ystat.js\"
[script]http://s31.cnzz.com/stat.php?id=1408284&web_id=1408284
[frame]http://ccndk822.cn/a/a100.htm
[script]http://3b3.org/\"http:\/\/js.tongji.linezing.com\/1136402\/tongji.js\"
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[frame]http://114.gznet.com/IframeCopyright.htm

networkedition - 2009-6-15 12:48:00

Log is generated by FreShow.
[wide]http://gx.gongkong.com/caa/home/renwudetail.asp?renwu_id=5
[script]http://r02.3322.org/c.js
[frame]http://ccndk822.cn/a/a100.htm
[frame]http://ccndk822.cn/a/index.htm
[frame]http://ccndk822.cn/a/flash.htm
[frame]http://ccndk822.cn/a/a44.htm
[script]http://ccndk822.cn/a/14.js
[object]http://tes10.com/wm/svchost.exe
[frame]http://ccndk822.cn/a/office.htm
[script]http://ccndk822.cn/a/of.js
[object]http://tes10.com/wm/svchost.exe
[frame]http://ccndk822.cn/a/02.htm
[script]http://ccndk822.cn/a/set.js
[object]http://tes10.com/wm/svchost.exe
[frame]http://ccndk822.cn/a/pef.pdf
[object]http://tes10.com/wm/svchost.exe
[script]http://ccndk822.cn/a/\"http:\/\/js.tongji.cn.yahoo.com\/1083501\/ystat.js\"
[script]http://s31.cnzz.com/stat.php?id=1408284&web_id=1408284
[frame]http://ccndk822.cn/a/a100.htm
[script]http://r02.3322.org/\"http:\/\/js.tongji.linezing.com\/1136402\/tongji.js\"
[script]http://r02.3322.org/c.js
[script]http://r02.3322.org/c.js
[script]http://r02.3322.org/c.js
[script]http://r08.3322.org/c.js
[script]http://r08.3322.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js
[script]http://3b3.org/c.js

李紫蓝加油 - 2009-6-15 17:15:00

:default69:

singerh - 2009-6-15 20:22:00

学习，楼主标为红色的都是有毒的代码吧？

singerh - 2009-6-15 20:23:00

.css文件怎么也会是病毒吗？请赐教。

networkedition - 2009-6-16 9:09:00

是呀，将css扩展名修改为exe就可以运行了。不要实机运行哟:kaka12:

fy08 - 2009-6-16 12:37:00

:default69: 谢谢楼主
好像http://114.gznet.com是贵州电信的号码百事通吧:default2:

瑞星卡卡安全论坛