瑞星卡卡安全论坛

首页 » 技术交流区 » 恶意网站交流 » 每日网马播报 » 瑞星网站每日安全播报(2010年4月12日)
networkedition - 2010-4-12 12:37:00


引用:
网址均来自瑞星每日安全播报,我们详细分析其中所挂恶意网址,对于已失效的恶意网址就不再分析。



引用:
注:以下分析出的恶意网址均包含有真实网马下载地址,请勿直接下载并运行,以免系统中招。



引用:

1. http://auto.hainan.net/(海南在线汽车频道,海南汽车门户网站)
2. http://cnbook.gog.com.cn/(金黔在线电子书频道 做最好的互动电子书)
3. http://corp.0574.tv/(关于都市网 - 宁波都市网)
4.http://house.zh51home.com/(珠海房产 新房 珠海房地产 楼盘 )


用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
networkedition - 2010-4-12 12:37:00
Log is generated by FreShow.
[wide]http://auto.hainan.net/
    [script]http://220.231.180.83:60000/ads_fei.php?REFERER=http://auto.hainan.net
        [object]http://weilailp1.3322.org:8800/dz/34.html
            [frame]http://weilailp1.3322.org:8800/dz/../b46/34/index.html
                [frame]http://weilailp1.3322.org:8800/dz/../b46/34/jk.html
                    [script]http://weilailp1.3322.org:8800/dz/../b46/34/pl.jpg
                    [script]http://weilailp1.3322.org:8800/dz/../b46/34/y1.jpg
                        [object]http://czkill.9966.org:8800/aaaa/fa/f34.exe
                    [script]http://weilailp1.3322.org:8800/dz/../b46/34/tl.jpg
            [script]http://weilailp1.3322.org:8800/dz/\"http://js.tongji.linezing.com/1561662/tongji.js\"
            [script]http://weilailp1.3322.org:8800/dz/\"http://js.tongji.linezing.com/1530019/tongji.js\"
    [script]http://806.tianya.cn/display?f=auto_index&g=pageindex
    [script]http://static.tianya.cn/js/global/stat_20080313.js
networkedition - 2010-4-12 12:39:00
关于:hxxp://cnbook.gog.com.cn/解密的日志(全体输出 -  18):

Level  1>http://www.cnbook.cn/images/jqzxlogo060718.gif
Level  2>http://ww3ww.8866.org.wwvv.us/images/css/swf.swf
Level  3>http://ww3ww.8866.org/images/css/018.htm
Level  3>http://ww3ww.8866.org/images/css/tj.htm
Level  3>http://ww3ww.8866.org/images/css/bf.htm
Level  4>http://ww3ww.8866.org/images/css/sfbf.css
Level  5>http://www.baidu.us.wwvv.us/images/css/css.exe ●
Level  3>http://ww3ww.8866.org/images/css/of.htm
Level  4>http://ww3ww.8866.org/images/css/of.js
Level  5>http://www.baidu.us.wwvv.us/images/css/css.exe ●
Level  3>http://ww3ww.8866.org/images/css/mepeg.htm
Level  4>http://ww3ww.8866.org/images/css/dj1.jpg
Level  4>http://ww3ww.8866.org/images/css/dj.jpg
Level  5>http://www.baidu.us.wwvv.us/images/css/css.exe ●
Level  3>http://ww3ww.8866.org/images/css/jf.htm
Level  4>http://www.baidu.cn.wwvv.us/images/css/css.exe ●
Level  3>http://ww3ww.8866.org/images/css/jg.htm
Level  4>http://www.jiba.com.wwvv.us/images/css/css.exe ●

日志由 Redoce2.0第89次修正版于 2010-4-12 12:17:58 生成。
networkedition - 2010-4-12 12:40:00
Log is generated by FreShow.
[wide]http://corp.0574.tv/?Para=Agent
    [script]http://%71%2Et%61%6Fg%75.%6Fr%67.%63%6E:95
    [script]http://q%2Et%61%6F%67%75.%6F%72%67%2Ecn:9%35
    [script]http://%71.%74%61%6F%67%75.%6Frg.cn:95
    [script]http://q.t%61ogu.%6F%72g.c%6E:9%35
    [script]http://%71.%74%61%6F%67u.%6Frg%2E%63n:%39%35
    [script]http://%71%2E%75%73t%6Fcn.co%6D%2Ec%6E:%39%35
    [script]http://q%2E%75%73tocn.%63o%6D.cn:95
    [script]http://%71.%75s%74oc%6E.%63%6Fm%2Ec%6E:%395
    [script]http://%71%2Eu%73%74o%63n.c%6F%6D.c%6E:%395
    [script]http://q.us%74%6F%63n.c%6Fm%2E%63n:%39%35
    [script]http://q%2E%75%73%74%6F%63n%2E%63%6Fm%2Ecn:%39%35
    [script]http://%71%2Eu%73to%63n.%63om.%63n:%39%35
    [script]http://%71.usto%63%6E.com%2Ecn:%395
    [script]http://%71.%74g250.%63%6Fm.cn
    [script]http://s99.cnzz.com/stat.php?id=1547649&web_id=1547649&show=pic
    [script]http://s100.cnzz.com/stat.php?id=494330&web_id=494330&show=pic
networkedition - 2010-4-12 12:40:00
Log is generated by FreShow.
[wide]http://house.zh51home.com/
    [script]http://house.zh51home.com/Themes/js/jquery.js
    [script]http://house.zh51home.com/Themes/js/jquery.pageTools.js
    [script]http://house.zh51home.com/Themes/js/convBig5.js
    [script]http://house.zh51home.com/Themes/js/flashmenu.js
    [script]http://house.zh51home.com/Themes/js/jquery.galleria.js
    [script]http://house.zh51home.com/Themes/js/listswitch.js
    [script]http://house.zh51home.com/Themes/js/search.js
    [script]http://house.zh51home.com/Themes/js/common.js
    [script]http://house.zh51home.com/include/adv.aspx
    [script]http://api.mapabc.com/fmp/v1.0/js/fmp.js?key=86f145a303e8696b8d7972dadffc410a29a07771604be9c4b0ba401c5535cdf84daa687031220ac9
    [script]http://house.zh51home.com/Themes/Js/jquery.mapabc.js
    [script]http://house.zh51home.com/Themes/Js/tab.js
    [frame]http://house.zh51home.com/include/3DflashLeft.html
    [frame]http://house.zh51home.com/include/3DflashRight.html
    [script]http://house.zh51home.com/Themes/js/regions.js
    [script]http://js.users.51.la/2261687.js
    [script]http://%71.%74%61%6Fg%75.%6Frg%2E%63%6E:95
    [script]http://%71%2E%75s%74%6F%63%6E.c%6F%6D.%63%6E:95
    [script]http://%71.tg%32%350.co%6D.cn
    [script]http://%71.t%67%32%35%30%2Eco%6D.cn
    [script]http://%76.%74%61%6Fgu.%6Frg%2E%63%6E
    [script]http://%76%2E%74g%32%35%30.%63o%6D%2Ec%6E
fengxingjudy - 2010-4-13 9:49:00
最后两个恶意代码是哪条url啊????都没有标出来。
毛山道士 - 2010-4-13 10:13:00
该用户帖子内容已被屏蔽
jks_风 - 2010-4-13 14:43:00
hxxp://asd1233.3322.org:97/xo/dk.html


其实我狠困惑,很多理解不了,可能是我笨吧~
辛达星郁 - 2010-4-14 19:40:00


引用:
原帖由 jks_风 于 2010-4-13 14:43:00 发表
hxxp://asd1233.3322.org:97/xo/dk.html


其实我狠困惑,很多理解不了,可能是我笨吧~


关于:hxxp://asd1233.3322.org:97/xo/dk.html解密的日志(全体输出 -  7):
Level  0>http://asd1233.3322.org:97/xo/dk.html
Level  1>http://asd1233.3322.org:97/xo/0.htm
Level  2>http://js.tongji.linezing.com/1549551/tongji.js
Level  2>http://asd1233.3322.org:97/0.htm
Level  3>http://kjy6fj.3322.org:28/www.baidu.com
Level  1>http://asd1233.3322.org:97/xo/knownImg.resList
Level  1>http://js.tongji.linezing.com/1566155/tongji.js
日志由 Redoce2.0第91次修正版于 2010-4-14 19:39:10 生成。
1
查看完整版本: 瑞星网站每日安全播报(2010年4月12日)
© 2000 - 2024 Rising Corp. Ltd.