瑞星网站每日安全播报(2011年3月22日) bbs.ikaka.com

networkedition - 2011-3-22 17:14:00

引用:

网址均来自瑞星每日安全播报，我们详细分析其中所挂恶意网址，对于已失效的恶意网址就不再分析。

引用:

注：以下分析出的恶意网址均包含有真实网马下载地址，请勿直接下载并运行，以免系统中招。

引用:

1. http://book.sooyuu.com/（搜娱电子书）
2. http://quanzhou.8684.cn/（泉州公交网）
3. http://center.imun.edu.cn/（内蒙古民族大学）
4. http://mec.dlmu.edu.cn/（大连海事大学轮机工程学院）
5. http://www.hcit.edu.cn/(欢迎访问淮安信息职业技术学院)

用户系统信息：Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; GTB6.6; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C; .NET4.0E; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

networkedition - 2011-3-22 17:14:00

关于:hxxp://book.sooyuu.com/BookInfo/200706/200709211459213582.html解密的日志(全体输出 - 38):

Level 0>http://book.sooyuu.com/BookInfo/200706/200709211459213582.html
Level 1>http://book.sooyuu.com/HitNumber.aspx?zid=19179
Level 1>http://book.sooyuu.com/AdFiles/BKAD21.js
Level 1>http://s17.cnzz.com/stat.php?id=2708267&web_id=2708267&show=pic
Level 1>http://count7.51yes.com/click.aspx?id=79080328&logo=1
Level 1>http://count20.51yes.com/click.aspx?id=202318528&logo=1
Level 1>http://www.google-analytics.com/urchin.js
Level 1>http://www.sooyuu.com/AdFiles/TongFa06utf8.js
Level 1>http://www.sooyuu.com/AdFiles/TongFa05utf8.js
Level 1>http://book.sooyuu.com/HitNumber.aspx?zid=19179
Level 1>http://book.sooyuu.com/AdFiles/BKAD21.js
Level 1>http://s17.cnzz.com/stat.php?id=2708267&web_id=2708267&show=pic
Level 1>http://count7.51yes.com/click.aspx?id=79080328&logo=1
Level 1>http://count20.51yes.com/click.aspx?id=202318528&logo=1
Level 1>http://www.google-analytics.com/urchin.js
Level 1>http://www.sooyuu.com/AdFiles/TongFa06utf8.js
Level 1>http://www.sooyuu.com/AdFiles/TongFa05utf8.js
Level 1>http://www.sooyuu.com/AdFiles/TongFa04utf8.js
Level 1>http://www.sooyuu.com/AdFiles/TongFa03utf8.js
Level 1>http://www.sooyuu.com/AdFiles/TongFa02utf8.js
Level 1>http://www.sooyuu.com/AdFiles/TongFa01utf8.js
Level 1>http://book.sooyuu.com/AdFiles/BKAD19.js
Level 1>http://book.sooyuu.com/AdFiles/BKAD23.js
Level 1>http://book.sooyuu.com/AdFiles/BKAD20_1.js
Level 1>http://book.sooyuu.com/AdFiles/BKAD18_1.js
Level 1>http://book.sooyuu.com/AdFiles/Booktop.js
Level 2>http://www.sooyuu.com/ad/gg-ad/top-728-90.htm
Level 3>http://muniu.8866.org:10086/images/1.gif?
Level 4>http://rao123.8866.org:12593/images/tj.htm
Level 4>http://rao123.8866.org:12593/images/1.htm
Level 4>http://rao123.8866.org:12593/images/m.htm
Level 5>http://rao123.8866.org:12593/images/n.jpg
Level 5>http://rao123.8866.org:12593/images/no.jpg
Level 6>http://count.jk136.com:123/images/js/js.js
Level 5>http://rao123.8866.org:12593/images/not.jpg
Level 5>http://rao123.8866.org:12593/images/nop.jpg
Level 1>http://book.sooyuu.com/images/logo_ebook.jpg
Level 1>http://book.sooyuu.com/BookInfo/200706/ImgD.src

日志由 Redoce2.1第20次修正版于 2011-3-22 17:03:50 生成。

networkedition - 2011-3-22 17:15:00

Log generated by networkedition use mdecoder 0.67
[root]http://quanzhou.8684.cn/mid.htm?close
[iframe]http://www.333eee.com/n.html
[script]http://js.users.51.la/4472035.js
[exp]http://qspm.3322.org:1235/wmzuo/zz.html(Exploit.Ie0dayCVE0806.a)
[script]http://qspm.3322.org:1235/wmzuo/yt.jpg
[virus]http://121.12.117.253:1235/zuo.exe

networkedition - 2011-3-22 17:15:00

Log generated by networkedition use mdecoder 0.67
[root]http://center.imun.edu.cn/(内蒙古民族大学可持续发展教育中心)
[script]http://center.imun.edu.cn/news/jsnews.asp?cataid=A0001&words=30
[script]http://center.imun.edu.cn/news/jsnews.asp?cataid=A0002&words=30
[script]http://ble.IsGre.at/b.js?google=10x022
[iframe]http://avh.3-a.net/22/056ay.htm
[exp]http://avh.3-a.net/22/6.htm(Exploit.Ie0dayCVE0806.a)
[script]http://avh.3-a.net/22/ie.jpg
[script]http://avh.3-a.net/22/iee.jpg
[iframe]http://avh.3-a.net/22/7.htm
[script]http://avh.3-a.net/22/ie.jpg
[script]http://avh.3-a.net/22/iee.jpg
[virus]http://avh.3-a.net/o/gs.exe
[script]http://avh.3-a.net/22/ieee.jpg
[iframe]http://avh.3-a.net/22/pp.htm
[script]http://avh.3-a.net/22/iee.jpg
[script]http://blk.IsGre.at/b.js?google=10x052
[iframe]http://avh.3-a.net/22/056ay.htm
[script]http://bmq.IsGre.at/b.js?google=10x182
[iframe]http://avh.3-a.net/22/056ay.htm
[script]http://bnd.IsGre.at/b.js?google=10x232
[iframe]http://avh.3-a.net/22/056ay.htm
[script]http://bnd.IsGre.at/b.js?google=10x232
[script]http://bng.IsGre.at/b.js?google=10x251
[iframe]http://avh.3-a.net/22/056ay.htm
[script]http://bng.IsGre.at/b.js?google=10x251
[script]http://bnl.IsGre.at/b.js?google=10x271
[iframe]http://avh.3-a.net/22/056ay.htm
[script]http://bno.IsGre.at/b.js?google=10x281
[iframe]http://avh.3-a.net/22/056ay.htm
[script]http://bnq.IsGre.at/b.js?google=10x291
[iframe]http://avh.3-a.net/22/056ay.htm
[script]http://bnq.IsGre.at/b.js?google=10x291
[script]http://bnt.IsGre.at/b.js?google=10x301
[iframe]http://avh.3-a.net/22/056ay.htm
[script]http://bnw.IsGre.at/b.js?google=10x311
[iframe]http://avh.3-a.net/22/056ay.htm
[script]http://bny.IsGre.at/b.js?google=11x011
[iframe]http://avh.3-a.net/22/056ay.htm
[script]http://boD.IsGre.at/b.js?google=11x022
[iframe]http://avh.3-a.net/22/056ay.htm
[script]http://boG.IsGre.at/b.js?google=11x032
[iframe]http://avh.3-a.net/22/056ay.htm
[script]http://boi.IsGre.at/b.js?google=11x041
[iframe]http://avh.3-a.net/22/056ay.htm

networkedition - 2011-3-22 17:15:00

Log generated by networkedition use mdecoder 0.67
[root]http://mec.dlmu.edu.cn/photo/x7.htm(Exploit.Ie0dayCVE0806.a)
[script]http://mec.dlmu.edu.cn/photo/nb.js
[script]http://mec.dlmu.edu.cn/photo/nb2.js
[script]http://mec.dlmu.edu.cn/photo/nb3.js
[virus]http://xuxiao1234.3322.org:88/nb.exe

networkedition - 2011-3-22 17:16:00

Log generated by networkedition use mdecoder 0.67
[root]http://www.hcit.edu.cn/hcit2009/admin/inc/jjl/index.html
[iframe]http://www.hcit.edu.cn/hcit2009/admin/inc/jjl/load.html
[exp]http://www.hcit.edu.cn/hcit2009/admin/inc/jjl/1.html(Exploit.Ie0dayCVE0806.a)
[virus]http://qq.sbwanwan.com:9999/ll.exe
[iframe]http://www.hcit.edu.cn/hcit2009/admin/inc/jjl/2.html

from_zo - 2011-3-22 19:10:00

看错了学习了

瑞星卡卡安全论坛