2007年5月11日星期五

据说allyes.com的很多广告页面被挂马了?国内Spaces用户的大灾难。。

对于用“中国”区域申请live space的windows未补丁用户。。。哈哈。这几天,allyes.com的多个广告生成页面都被挂马,指向allyes.com,挂的是http://7y7.us/1.htm,通过多重脚本调用,实现调用MS07-017 ANI格式漏洞的exploit和ms06-014漏洞的利用程序,下载hTTp://7y7.us/oK/svchost.exe。virustotal结果如下:

Complete scanning result of "svchost_virus.exe.app", received in VirusTotal at 05.11.2007, 13:48:33 (CET).

Antivirus Version Update Result
AhnLab-V3 2007.5.10.0 05.11.2007 no virus found
AntiVir 7.4.0.15 05.11.2007 TR/Crypt.ULPM.Gen
Authentium 4.93.8 05.10.2007 no virus found
Avast 4.7.997.0 05.11.2007 no virus found
AVG 7.5.0.467 05.10.2007 no virus found
BitDefender 7.2 05.11.2007 no virus found
CAT-QuickHeal 9.00 05.10.2007 (Suspicious) - DNAScan
ClamAV devel-20070416 05.11.2007 no virus found
DrWeb 4.33 05.11.2007 no virus found
eSafe 7.0.15.0 05.10.2007 suspicious Trojan/Worm
eTrust-Vet 30.7.3627 05.11.2007 no virus found
Ewido 4.0 05.11.2007 no virus found
FileAdvisor 1 05.11.2007 no virus found
Fortinet 2.85.0.0 05.11.2007 suspicious
F-Prot 4.3.2.48 05.10.2007 no virus found
F-Secure 6.70.13030.0 05.11.2007 no virus found
Ikarus T3.1.1.7 05.11.2007 no virus found
Kaspersky 4.0.2.24 05.11.2007 no virus found
McAfee 5028 05.10.2007 no virus found
Microsoft 1.2503 05.11.2007 PWS:Win32/Frethog.C
NOD32v2 2258 05.11.2007 no virus found
Norman 5.80.02 05.11.2007 no virus found
Panda 9.0.0.4 05.10.2007 Suspicious file
Prevx1 V2 05.11.2007 no virus found
Sophos 4.17.0 05.08.2007 no virus found
Sunbelt 2.2.907.0 05.05.2007 no virus found
Symantec 10 05.11.2007 no virus found
TheHacker 6.1.6.112 05.10.2007 no virus found
VBA32 3.12.0 05.10.2007 no virus found
VirusBuster 4.3.7:9 05.10.2007 Trojan.OnlineGames.Gen!Pac.19
Webwasher-Gateway 6.0.1 05.11.2007 Trojan.Crypt.ULPM.Gen

Aditional Information
File size: 21045 bytes
MD5: d66d26129ead45e96986e3b162986b1d
SHA1: 63c80ae12a57a87f5168d19bea0e593c2176b510
Complete scanning result of "svchost_virus.exe.app", received in VirusTotal at 05.11.2007, 13:08:19 (CET).


看到了,卡巴、NOD32、麦咖啡、诺顿均免杀。但是可以信任的的小红伞却将其当场击毙。

进一步分析得知这个也只是个downloader,下回一堆命名??so.exe和??so1.dll的东西,以前都见过,似乎都是盗各种游戏帐号的。技术,竟然如此轻易就沦落到如此地步。
唉。

发帖者 时间:

没有评论:

发表评论

订阅: 博文评论 (Atom)