瑞星网站每日安全播报(2010年4月14日) bbs.ikaka.com

networkedition - 2010-4-14 16:49:00

引用:

网址均来自瑞星每日安全播报，我们详细分析其中所挂恶意网址，对于已失效的恶意网址就不再分析。

引用:

注：以下分析出的恶意网址均包含有真实网马下载地址，请勿直接下载并运行，以免系统中招。

引用:

1. http://finance.asiadcp.com/（亚洲财经）
2. http://stat.6to23.com/(中国学生网)
3. http://tea.ahnw.gov.cn/(茶网·中国)

用户系统信息：Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)

networkedition - 2010-4-14 16:49:00

Log is generated by FreShow.
[wide]http://finance.asiadcp.com/templets/flash/?wow/=/3u/9728.html
[object]http://www.baishiketong.com/job/image/wm/aliqq.html
[script]http://www.xin21.com/xuyuan/images/main/wow.jpg?垰
[frame]http://www.baishiketong.com/job/image/wm/mm.html
[object]http://www.baishiketong.com/job/image/wm/mm.exe
[script]http://s40.cnzz.com/stat.php?id=559618&web_id=559618&show=pic1
[script]http://count37.51yes.com/click.aspx?id=373042133&logo=6

networkedition - 2010-4-14 16:49:00

Log is generated by FreShow.
[wide]http://stat.6to23.com/
[frame]http://www.ipp.co.kr/editor/uploads/junk/ie.htm
[object]http://www.ipp.co.kr/editor/uploads/junk/s.exe

networkedition - 2010-4-14 16:50:00

Log is generated by FreShow.
[wide]http://tea.ahnw.gov.cn/ShowZx.asp?id=26796
[script]http://220.231.180.83:60000/ads_website.php?REFERER=http://tea.ahnw.gov.cn1
[object]http://weilaixiaohai6.3322.org:8800/dz/34.htm
[script]http://s14.cnzz.com/stat.php?id=187857&web_id=187857&show=pic1

辛达星郁 - 2010-4-14 17:28:00

关于:hxxp://stat.6to23.com/解密的日志(全体输出 - 4):

Level 0>hxxp://stat.6to23.com/
Level 1>hxxp://www.ipp.co.kr/editor/uploads/junk/ie.htm
Level 2>hxxp://www.ipp.co.kr/editor/uploads/junk/s.exe
Level 2>hxxp://www.ipp.co.kr/editor/uploads/junk/jxfhack.gif

日志由 Redoce2.0第89次修正版于 2010-4-14 17:25:59 生成。

瑞星卡卡安全论坛