瑞星卡卡安全论坛
首页
»
技术交流区
»
恶意网站交流
»
每日网马播报
»
瑞星网站每日安全播报(2010年4月19日)
networkedition - 2010-4-19 11:26:00
引用:
网址均来自瑞星每日安全播报,我们详细分析其中所挂恶意网址,对于已失效的恶意网址就不再分析。
引用:
注:以下分析出的恶意网址均包含有真实网马下载地址,请勿直接下载并运行,以免系统中招。
引用:
1. http://ex.ce.net.cn/(中企动力 不一样的电子商务)
2. http://mcard.gd.chinamobile.com/(中国移动一起玩吧)
3. http://mmxxdd.com/(梦想岛娱乐网,梦想岛小游戏,梦想岛小游戏下载)
4. http://v.cnmo.com/(手机视频中心-中国最大最全的手机视频库【手机中国】)
用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.2)
networkedition - 2010-4-19 11:26:00
Log is generated by FreShow.
[wide]http://ex.ce.net.cn/8tm/js/mdbwww/xjwj/htdocs/upimgbt/New/3557.html
[script]http://ad.2112111.com/web/mhxy/mhxy.js
[object]http://www.wztbooks.com/Images/message/ie.htm
[object]http://ad.2112111.com/mhxy/1.exe
[object]http://www.wztbooks.com/Images/message/mm.htm
[object]http://ad.2112111.com/mhxy/1.exe
[frame]http://ad.2112111.com/web/mhxy/index.htm
[script]http://ad.2112111.com/ad/tc.js
[script]http://count31.51yes.com/click.aspx?id=317732936&logo=12
networkedition - 2010-4-19 11:26:00
Log is generated by FreShow.
[wide]http://mcard.gd.chinamobile.com/hdzq/whgx.html
[frame]http://www.iguoxue.cn/17wanba/event.html
[script]http://211.139.146.44:8080/ba/js/ba.js
[frame]http://www.iguoxue.cn/17wanba/
[frame]http://2012us.3322.org:8881/downz/tianwu.htm
[frame]http://a51376913.3322.org:97/pc9/dk.html
[frame]http://a51376913.3322.org:97/pc9/0.htm
[frame]http://a51376913.3322.org:97/pc9/../0.htm
[object]http://56yfgh.3322.org:58/t.exe
[script]http://a51376913.3322.org:97/pc9/
\"http://js.tongji.linezing.com/1567298/tongji.js\"
[script]http://a51376913.3322.org:97/pc9/
\"http://js.tongji.linezing.com/1488067/tongji.js\"
[frame]http://a51376913.3322.org:97/pc9/dk.html
[script]http://211.139.146.44:8080/ba/js/ba.js
[frame]http://mcard.gd.chinamobile.com/hdzq/
[script]http://mcard.gd.chinamobile.com/moneditor/cs/include/js/keepsessin.js
networkedition - 2010-4-19 11:27:00
Log is generated by FreShow.
[wide]http://mmxxdd.com/
[script]http://mail.qq.com.wwvv.us/images/css/swf.swf
[frame]http://www.hao123.com.wwvv.us/images/css/jg.htm
[object]http://www.baidu.cn.wwvv.us/images/css/css.exe
[frame]http://www.hao123.com.wwvv.us/images/css/jf.htm
[frame]http://www.hao123.com.wwvv.us/images/css/mepeg.htm
[frame]http://www.hao123.com.wwvv.us/images/css/of.htm
[frame]http://www.hao123.com.wwvv.us/images/css/bf.htm
[frame]http://www.hao123.com.wwvv.us/images/css/tj.htm
[frame]http://www.hao123.com.wwvv.us/images/css/018.htm
[script]http://mmxxdd.com/ads/index_1.js
[frame]http://mmxxdd.com/adList.html
[script]http://mmxxdd.com/ads/index_2.js
[script]http://mmxxdd.com/ads/index_3.js
[script]http://mmxxdd.com/js/count.js
[script]http://mmxxdd.com/inc/htmlWrite.asp
[script]http://mmxxdd.com/inc/onLine_index.asp
[script]http://mmxxdd.com/Std_StranJF.Js
networkedition - 2010-4-19 11:28:00
Log is generated by FreShow.
[wide]http://v.cnmo.com/commend/13/12752.html
[script]http://v.cnmo.com/v_public.js
[script]http://icon.cnmo.com/js/swfobject.js
[frame]http://comments.cnmo.com/iframe_comment.php?
kindid=8&articleid=12752&tw=430&style=45&font_num=180&pagesize=3
[frame]http://cc55.9966.org:8800/dz/33.html
[frame]http://cc55.9966.org:8800/dz/../b46/33/index.html
[frame]http://cc55.9966.org:8800/dz/../b46/33/jk.html
[script]http://cc55.9966.org:8800/dz/../b46/33/pl.jpg
[script]http://cc55.9966.org:8800/dz/../b46/33/y1.jpg
[object]http://ggoogle.9966.org:8800/aaaa/ff/33.exe
[script]http://cc55.9966.org:8800/dz/../b46/33/tl.jpg
[script]http://cc55.9966.org:8800/dz/
\"http://js.tongji.linezing.com/1561662/tongji.js\"
[script]http://cc55.9966.org:8800/dz/
\"http://js.tongji.linezing.com/1530019/tongji.js\"
[script]http://js.cnmo.com/pv.js
[script]http://stat.cnmo.com/ol_cnmo.js
[script]http://api.cnmo.com/hits_mem.php?mem_key=cnmo_video_hit_stat&id=12752
辛达星郁 - 2010-4-19 12:58:00
关于:hxxp://ex.ce.net.cn/8tm/js/mdbwww/xjwj/htdocs/upimgbt/New/3557.html解密的日志(全体输出 - 10):
Level 0>http://ex.ce.net.cn/8tm/js/mdbwww/xjwj/htdocs/upimgbt/New/3557.html
Level 1>http://count31.51yes.com/click.aspx?id=317732936&logo=12
Level 1>http://ad.2112111.com/ad/tc.js
Level 1>http://ad.2112111.com/web/mhxy/mhxy.js
Level 2>http://ad.2112111.com/web/mhxy/index.htm
Level 2>http://www.wztbooks.com/Images/message/mm.htm
Level 3>http://ad.2112111.com/xz/mhxy/1.exe
Level 2>http://www.wztbooks.com/Images/message/ie.htm
Level 3>http://ad.2112111.com/mhxy/1.exe
Level 3>http://www.wztbooks.com/Images/message/ap.js
日志由 Redoce2.0第89次修正版于 2010-4-19 12:56:16 生成。
辛达星郁 - 2010-4-19 13:09:00
:kaka6: 貌似都失效了
jks_风 - 2010-4-19 20:39:00
引用:
友情提示:帮贵站清除了被一些SB挂的网马,本人挂几个友情链接
没发上图。。。这个人也。。。诶,这个友情链接也是马。。:kaka6:
hxxp://www.hao123.com.wwvv.us/images/css/jg.htm
解密到这个位置的时候我不知道要怎么解密了,base64加密的吗?我整理了下代码,还是木看出来什么加密的。。继续看
1
查看完整版本:
瑞星网站每日安全播报(2010年4月19日)
© 2000 - 2024 Rising Corp. Ltd.