中華新時代協會網站被植入惡意連結
2008 年 04 月 29 日 – 14:34:12中華新時代協會網站被植入惡意連結,此惡意程式為 TSPY_ONLINEG.FYU,最近有瀏覽這個網頁的網友,請要盡速檢查自己的電腦是否有中毒的情形。(Credit: Google)
對此網址,McAfee SiteAdvisor、趨勢科技網頁信譽評等(Web Reputation Service)查詢結果,都顯示正常,證明此種技術並非Web安全威脅的完美解決分案,換言之,資訊安全絕對無法做到百分百的安全。
惡意連結/程式碼是放置在首頁 (其他頁面可能要仔細檢查一下囉) 中的:
Google Search查詢結果(發現異狀),如下圖所示:
McAfee SiteAdvisor查詢結果(未發現異狀,如果檢測上列的惡意連結,它還是無法偵測到),如下圖所示:
趨勢科技網頁信譽評等查詢結果(未發現異狀,如果檢測上列的惡意連結,它可以偵測到),如下圖所示:
執行之後,有下面的行為:
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\MicroSofts.vbs
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\b2[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\webx[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\down[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\gm[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\CSS[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\vccd[1].htm
C:\_uninsep.bat
到目前為止 (2008/4/25 @ 12:22),下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考):
down[1].exe:
[ Trend ], "TSPY_ONLINEG.FYU"
MicroSofts.pif:
[ Trend ], "TSPY_ONLINEG.FYU"
b2[1].htm:
[ Alpha_Gen ], "Heur_Infrm-1″
[ HBEDV ], "HTML/Infected.WebPage.Gen"
[ Norman ], "Trojan HTML/Exploit!IFrame.G"
[ WebWasher ], "Script.Infected.WebPage.Gen"
CSS[1].js:
[ Kaspersky ], "Trojan-Downloader.VBS.Psyme.oq"
[ HBEDV ], "HTML/Rce.Gen"
[ Clamav ], "JS.Psyme-36″
[ Grisoft ], "Virus found VBS/Psyme"
[ eAladdin ], "VB.Agent.hh (Non-Removable)"
[ Authentium ], "VBS/Psyme.FF"
[ WebWasher ], "Script.Rce.Gen"
gm[1].htm:
[ WebWasher ], "BlockReason.46 (suspicious)"
vccd[1].htm:
[ Alpha_Gen ], "Heur_Infrm-2″
[ Norman ], "Trojan HTML/Exploit!IFrame.G"
webx[1].htm:
[ HBEDV ], "HEUR/Exploit.HTML"
