网站(幻樱论坛)被黑客植入木马
今日,log.mtian.net接网友xiaoqiang305上报,网站(主页标题:幻樱论坛)(URL:http://www.hy008.com/)被黑客植入网页木马。 系统有漏洞的用户访问该页面将可能被安装木马病毒等恶意程序,可以导致电脑被黑客控制并且被 窃取敏感信息。以下是网友xiaoqiang305对该网站其中一个页面的挂马分析:
Log generated by xiaoqiang305 use mdecoder 0.51
[root]http://www.hy008.com/index.php( 幻樱论坛 | 幻樱字幕组 | 幻樱砂之团 | 相棒 |日剧 - Powered by Discuz!)
[script]http://www.hy008.com/include/js/common.js?0Nf
[script]http://www.023jc.com/ask/logo.jpg
[iframe]http://m0lx0.9966.org:99/01/01.htm
[script]http://m0lx0.9966.org:99/01/ap.js
[exe]http://jbf.acde.xicp.cn/x/01.exe
[flash]http://www.hy008.com/images/logo.swf
[script]http://www.hy008.com/ducedis/indextrans/template/dcitbox.js
[script]http://www.hy008.com/ducedis/indextrans/template/titleloc.js
[script]http://www.hy008.com/ducedis/indextrans/template/flash.js
[script]http://www.hy008.com/ducedis/indextrans/template/dicta.js
[script]http://www.hy008.com/ducedis/indextrans/template/weather.js
[iframe]http://weather.qq.com/inc/
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
[script]http://www.hy008.com/include/javascript/slide.js
log.mtian.net提醒大家安装防网马软件来防范此类挂马网页的攻击,并及时检查并安装系统及第 三方软件的补丁。
处理办法
http://hi.baidu.com/neuzhuzhu/blog/item/57daaf7ab89706e12e73b397.html