瑞星卡卡安全论坛

首页 » 技术交流区 » 恶意网站交流 » 每日网马播报 » 瑞星网站每日安全播报(2010年12月30日)
networkedition - 2010-12-30 15:47:00


引用:
网址均来自瑞星每日安全播报,我们详细分析其中所挂恶意网址,对于已失效的恶意网址就不再分析。



引用:
注:以下分析出的恶意网址均包含有真实网马下载地址,请勿直接下载并运行,以免系统中招。



引用:


1.  http://333cn.com/(中国设计之窗-- 首页)
2.  http://zs.ankang.gov.cn/(安康市招商网)
3.  http://jxjy.ecust.edu.cn/(欢迎访问华东理工大学!)
4.  http://www.scinfo.gov.cn/(遂昌科技信息网--您身边的网上科普学校)
5.  http://mec.dlmu.edu.cn/(大连海事大学)


用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; InfoPath.2)
networkedition - 2010-12-30 15:48:00
Log generated by networkedition use mdecoder 0.67
[root]http://333cn.com/(中国设计之窗-首页)
    [script]http://www.333cn.com/cms/phpAdsNew/adx.js
        [iframe]http://www.phgczx.cn/js/1.html
            [script]http://www.lnsi.org/saa/xx/1.js
                [iframe]http://www.lnsi.org/saa/xx/18.htm
                    [script]http://www.lnsi.org/saa/xx/party.css
                [exp]http://www.lnsi.org/saa/xx/19.htm(Exploit.Ie0dayCVE0806.a)
                    [virus]http://www.lnsi.org/saa/xx/1.exe
                [exp]http://www.lnsi.org/saa/xx/of.htm(Exploit.OfficeSpreadsheet.a)
                    [script]http://www.lnsi.org/saa/xx/bgg.jpg
                    [script]http://www.lnsi.org/saa/xx/agg.jpg
                    [script]http://js.users.51.la/4171175.js
                    [virus]http://www.lnsi.org/saa/xx/1.exe
            [script]http://js.users.51.la/4337606.js
    [script]http://www.333cn.com/cms/phpAdsNew/adlayer.php?what=zone:24&layerstyle=simple&align=center&valign=middle&padding=5&closetime=12&padding=5&shifth=0&shiftv=0&closebutton=f&backcolor=FFFFFF&noborder=t
    [script]http://www.333cn.com/cms/phpAdsNew/adx.js
    [script]http://333cn.com/

        [script]http://www.333cn.com/cms/phpAdsNew/adx.js
        [script]http://www.333cn.com/cms/phpAdsNew/adlayer.php?what=zone:24&layerstyle=simple&align=center&valign=middle&padding=5&closetime=12&padding=5&shifth=0&shiftv=0&closebutton=f&backcolor=FFFFFF&noborder=t
        [script]http://www.333cn.com/cms/phpAdsNew/adx.js
        [script]http://333cn.com/

        [script]http://www.333cn.com/cms/phpAdsNew/adx.js
        [script]http://333cn.com/

        [script]http://www.333cn.com/cms/phpAdsNew/adx.js
        [script]http://333cn.com/

        [script]http://www.333cn.com/cms/phpAdsNew/adx.js
        [script]http://333cn.com/

        [script]http://www.333cn.com/cms/phpAdsNew/adx.js
        [script]http://333cn.com/

        [script]http://www.333cn.com/blog/batch.javascript.php?param=VzhZbFY7BWRdalAnAXcFd1Q6CnlTI1UnBzQGN1w9UDwEZA01BGEFYg98BmIHegJhBmkBOAcrAjFRLAsqUz9XPVctWXNWJAVmXWJQNgFgBWZUMgozU39VZgd6BjtcKlAxBGwNJgQpBW4PfQZhB2kCdAZoATEHbQJuUWYLeVMTVxdXCVlDVnsFa11oUD4BZwVzVHAKZlN8VWQHegY3XDlQNgRhDTEEcgVuDz4GYAcnAjkGPQFtBysCc1F2CztTPVc3VzlZdFY4BWJdb1B8AT8FN1RwCiVTJVU1Bz8GMVw7UCEEbQ07BHIFKA9iBioHewJoBmIBKgdgAmVRdws4Uz5XPld1WTFWewVqXWRQIAF9BWZUOAozUzxVMgc7BntcalBlBCYNOQRjBXQPIAZkB28CZQZpATIHcAIvUTILdlMjVyJXNlkvViAFb110UD4BbAVYVCwKI1MyVT0HMAY3XCxQCgRlDT0EWQVuDz0GYQdtAng=
        [script]http://www.333cn.com/blog/batch.javascript.php?param=BWoANVU4VzYLPAN0VSMEdlQ6AHNVJVIgUmFRYAFgUDcAYQk/VTBWewkyUCEPYQVjA21fLAU3AC0APQoqUzNSMgV6AHZVPld7CzMDYVUuBGNUMwA1VThSNVIgUUcBQFAGAE4Jf1U7Vj0JOFA6D3QFKAM4Xy8FMAAtADEKOVM0Uj8FbQAtVT5XOAsyAy9VYwQ2VG8Ac1UlUiVSYlFpAWBQNgB5CTxVMlY6CXpQYQ81BSgDe192BWQAaAA3CjtTI1IzBWcALVV4V2QLeAN0VSoEalRwAC9VI1IyUmpRZgFmUCEAUgkiVT5WLgk8UAwPbAVuA1dfagVoAGYANwog
        [script]http://www.333cn.com/bbs/api/javascript.php?key=newthreads_index
        [script]http://www.333cn.com/bbs/api/javascript.php?key=resource_index
        [script]http://www.333cn.com/cms/phpAdsNew/adx.js
        [script]http://333cn.com/

        [flash]http://www.333cn.com/images/ad/chahuachina_160_150.swf
        [script]http://www.333cn.com/shop/goods_script.php?intro_type=is_best&need_image=true&goods_num=5&arrange=v&charset=GB2312&sitename=涓浗璁捐涔嬬獥
        [script]http://www.333cn.com/cms/phpAdsNew/adx.js
        [script]http://333cn.com/

        [script]http://333cn.com/google-analytics.com/ga.js
    [script]http://www.333cn.com/cms/phpAdsNew/adx.js
    [script]http://333cn.com/

    [script]http://www.333cn.com/cms/phpAdsNew/adx.js
    [script]http://333cn.com/

    [script]http://www.333cn.com/cms/phpAdsNew/adx.js
    [script]http://333cn.com/

    [script]http://www.333cn.com/cms/phpAdsNew/adx.js
    [script]http://333cn.com/

    [script]http://www.333cn.com/blog/batch.javascript.php?param=VzhZbFY7BWRdalAnAXcFd1Q6CnlTI1UnBzQGN1w9UDwEZA01BGEFYg98BmIHegJhBmkBOAcrAjFRLAsqUz9XPVctWXNWJAVmXWJQNgFgBWZUMgozU39VZgd6BjtcKlAxBGwNJgQpBW4PfQZhB2kCdAZoATEHbQJuUWYLeVMTVxdXCVlDVnsFa11oUD4BZwVzVHAKZlN8VWQHegY3XDlQNgRhDTEEcgVuDz4GYAcnAjkGPQFtBysCc1F2CztTPVc3VzlZdFY4BWJdb1B8AT8FN1RwCiVTJVU1Bz8GMVw7UCEEbQ07BHIFKA9iBioHewJoBmIBKgdgAmVRdws4Uz5XPld1WTFWewVqXWRQIAF9BWZUOAozUzxVMgc7BntcalBlBCYNOQRjBXQPIAZkB28CZQZpATIHcAIvUTILdlMjVyJXNlkvViAFb110UD4BbAVYVCwKI1MyVT0HMAY3XCxQCgRlDT0EWQVuDz0GYQdtAng=
    [script]http://www.333cn.com/blog/batch.javascript.php?param=BWoANVU4VzYLPAN0VSMEdlQ6AHNVJVIgUmFRYAFgUDcAYQk/VTBWewkyUCEPYQVjA21fLAU3AC0APQoqUzNSMgV6AHZVPld7CzMDYVUuBGNUMwA1VThSNVIgUUcBQFAGAE4Jf1U7Vj0JOFA6D3QFKAM4Xy8FMAAtADEKOVM0Uj8FbQAtVT5XOAsyAy9VYwQ2VG8Ac1UlUiVSYlFpAWBQNgB5CTxVMlY6CXpQYQ81BSgDe192BWQAaAA3CjtTI1IzBWcALVV4V2QLeAN0VSoEalRwAC9VI1IyUmpRZgFmUCEAUgkiVT5WLgk8UAwPbAVuA1dfagVoAGYANwog
    [script]http://www.333cn.com/bbs/api/javascript.php?key=newthreads_index
    [script]http://www.333cn.com/bbs/api/javascript.php?key=resource_index
    [script]http://www.333cn.com/cms/phpAdsNew/adx.js
    [script]http://333cn.com/

    [flash]http://www.333cn.com/images/ad/chahuachina_160_150.swf
    [script]http://www.333cn.com/shop/goods_script.php?intro_type=is_best&need_image=true&goods_num=5&arrange=v&charset=GB2312&sitename=涓浗璁捐涔嬬獥
    [script]http://www.333cn.com/cms/phpAdsNew/adx.js
    [script]http://333cn.com/

    [script]http://333cn.com/google-analytics.com/ga.js
networkedition - 2010-12-30 15:50:00
Log generated by networkedition use mdecoder 0.67
[root]http://zs.ankang.gov.cn/(安康市招商网)
    [script]http://zs.ankang.gov.cn/include/dedeajax2.js
    [script]http://zs.ankang.gov.cn/images/js/j.js
    [flash]http://zs.ankang.gov.cn/{$InstallDir}Skin/sealove/top.swf
    [flash]http://zs.ankang.gov.cn/uploads/media/zssp01.wmv
    [script]http://zs.ankang.gov.cn/include/date.js
    [iframe]http://www.tianqi123.com/php/current_city.php?c0=red&c1=D96C00&bg=EFF5F9&w=160&h=21&text=yes&show_image=yes
        [script]http://www.linkwan.com/gb/broadmeter/VisitorInfo/systeminfo.asp?OnlyAddress=yes
            [script]http://partner.googleadservices.com/gampad/google_service.js
    [flash]http://zs.ankang.gov.cn/images/focus.swf
    [flash]http://zs.ankang.gov.cn/images/focus.swf
    [flash]http://zs.ankang.gov.cn/../../index.php
    [script]http://www2.ak.gov.cn/stat/stat.jsp?id=2800
    [exp]http://www.hhrmyy.com/mima/ie.html(Exploit.Ie0dayCVE0806.a)
    [iframe]http://www.hhrmyy.com/mima/test.html
        [script]http://www.hhrmyy.com/mima/scvhost.txt
networkedition - 2010-12-30 15:50:00
关于:hxxp://jxjy.ecust.edu.cn/jpkc/ktjy/7564.shtml解密的日志(全体输出 -  8):

Level  0>http://jxjy.ecust.edu.cn/jpkc/ktjy/7564.shtml
Level  1>http://jxjy1.whysyou.com/gamejxjy1/jxjysm1.js
Level  2>http://smwm2.everyck.com:1120/smwm1/ie.html
Level  3>http://smwm2.everyck.com:1120/smwm1/js.css
Level  3>http://smwm2.everyck.com:1120/smwm1/css.css
Level  3>http://smwm2.everyck.com:1120/smwm1/party.css
Level  4>http://sma.yearsov.com:438/sma/c.css
Level  1>http://js.users.51.la/4342050.js
networkedition - 2010-12-30 15:51:00
Log generated by networkedition use mdecoder 0.67
[root]http://www.scinfo.gov.cn/zhutan/class1/Index.html(遂昌科技信息网 >> 竹炭类专利大全 >> 中国竹炭类专利)
    [flash]http:///zhutan/images/top.swf
    [script]http://www.scinfo.gov.cn/zhutan/JS/Article_Hot2.js
    [iframe]http://www.hb600.com/Inc/DEEPSNOW/Evil.htm
        [iframe]http://www.hb600.com/Inc/DEEPSNOW/Flash.htm
        [exp]http://www.hb600.com/Inc/DEEPSNOW/Ms06014.htm(Exploit.Ms06014.a)
            [virus]http://www.hb600.com/Inc/DEEPSNOW/DEEP.exe
        [iframe]http://www.hb600.com/Inc/DEEPSNOW/Lz.htm
        [iframe]http://www.hb600.com/Inc/DEEPSNOW/Bfyy.htm
        [iframe]http://www.hb600.com/Inc/DEEPSNOW/MsAccess.htm
        [iframe]http://www.hb600.com/Inc/DEEPSNOW/Cx.htm
        [iframe]http://www.hb600.com/Inc/DEEPSNOW/Real.htm
        [iframe]http://www.hb600.com/Inc/DEEPSNOW/Real.htm
    [iframe]http://www.hb600.com/Inc/DEEPSNOW/bfyy.htm
    [exp]http://www.hb600.com/Inc/DEEPSNOW/Ms06014.htm(Exploit.Ms06014.a)
    [iframe]http://www.hb600.com/Inc/DEEPSNOW/Ms08011.htm
    [iframe]http://www.hb600.com/Inc/DEEPSNOW/MsAccess.htm
    [iframe]http://www.hb600.com/Inc/DEEPSNOW/Cx.htm
    [iframe]http://www.hb600.com/Inc/DEEPSNOW/Lz.htm
    [exp]http://www.hb600.com/Inc/DEEPSNOW/MS07004.htm(Exploit.Ms07004.c)
        [virus]http://www.hb600.com/Inc/DEEPSNOW/DEEP.exe
    [iframe]http://www.hb600.com/Inc/DEEPSNOW/Ms08053.htm
    [iframe]http://www.hb600.com/Inc/DEEPSNOW/Real.htm
networkedition - 2010-12-30 15:51:00
Log generated by networkedition use mdecoder 0.67
[root]http://mec.dlmu.edu.cn/photo/x7.htm(Exploit.Ie0dayCVE0806.a)
    [script]http://mec.dlmu.edu.cn/photo/nb.js
    [script]http://mec.dlmu.edu.cn/photo/nb2.js
    [script]http://mec.dlmu.edu.cn/photo/nb3.js
    [virus]http://xuxiao1234.3322.org:88/nb.exe
1
查看完整版本: 瑞星网站每日安全播报(2010年12月30日)
© 2000 - 2024 Rising Corp. Ltd.