台灣電路板協會網站被植入惡意連結
2008 年 09 月 24 日 – 10:51:40更新:目前網站維護中
台灣電路板協會網站被植入惡意連結,此惡意程式為 TR/ATRAPS.Gen,最近有瀏覽這個網頁的網友,請要盡速檢查自己的電腦是否有中毒的情形。
惡意連結/程式碼是放置在上述網址 (其他網頁,應該要仔細檢查) 中的:
下面是網頁信譽評等掃描的結果:
Google Search 查詢結果(未發現異狀),如下圖所示:
阿碼科技 HackAlert (偵測惡意行為) 查詢結果(發現異狀),如下圖所示:
McAfee SiteAdvisor 查詢結果(未發現異狀),如下圖所示:
趨勢科技網頁信譽評等查詢結果(未發現異狀),如下圖所示:
finjan 網頁信譽評等查詢結果(未發現異狀),如下圖所示:
Dr.Web 網頁信譽評等查詢結果(未發現異狀),如下圖所示:
Exploit Prevention Labs 網頁信譽評等查詢結果(發現異狀),如下圖所示:
賽門鐵克 Safe Web 查詢結果(發現異狀),如下圖所示:
下列是 VirusTotal 掃描結果 (僅提供參考):
File rondll32.exe received on 09.24.2008 04:40:55 (CET)
Result: 22/36 (61.12%)
Antivirus Version Last Update Result
AhnLab-V3 2008.9.23.1 2008.09.24 -
AntiVir 7.8.1.34 2008.09.23 TR/ATRAPS.Gen
Authentium 5.1.0.4 2008.09.23 W32/Agent.L.gen!Eldorado
Avast 4.8.1195.0 2008.09.23 -
AVG 8.0.0.161 2008.09.23 -
BitDefender 7.2 2008.09.24 Generic.Malware.SFP!Pk!g.996552B9
CAT-QuickHeal 9.50 2008.09.24 (Suspicious) – DNAScan
ClamAV 0.93.1 2008.09.24 -
DrWeb 4.44.0.09170 2008.09.24 DLOADER.Trojan
eSafe 7.0.17.0 2008.09.23 Suspicious File
eTrust-Vet 31.6.6101 2008.09.23 -
Ewido 4.0 2008.09.23 -
F-Prot 4.4.4.56 2008.09.23 W32/Agent.L.gen!Eldorado
F-Secure 8.0.14332.0 2008.09.24 W32/Packed_Upack.A
Fortinet 3.113.0.0 2008.09.23 -
GData 19 2008.09.24 Generic.Malware.SFP!Pk!g.996552B9
Ikarus T3.1.1.34.0 2008.09.24 -
K7AntiVirus 7.10.469 2008.09.23 -
Kaspersky 7.0.0.125 2008.09.24 Trojan-Downloader.Win32.Agent.ahlw
McAfee 5390 2008.09.23 New Malware.aj
Microsoft 1.3903 2008.09.24 -
NOD32v2 3466 2008.09.23 a variant of Win32/TrojanDownloader.Agent.AFLS
Norman 5.80.02 2008.09.23 W32/Packed_Upack.A
Panda 9.0.0.4 2008.09.23 Suspicious file
PCTools 4.4.2.0 2008.09.23 Packed/Upack
Prevx1 V2 2008.09.24 -
Rising 20.63.12.00 2008.09.23 -
Sophos 4.33.0 2008.09.24 Mal/Emogen-N
Sunbelt 3.1.1666.1 2008.09.24 VIPRE.Suspicious
Symantec 10 2008.09.24 Downloader
TheHacker 6.3.0.9.092 2008.09.24 W32/Behav-Heuristic-060
TrendMicro 8.700.0.1004 2008.09.23 PAK_Generic.006
VBA32 3.12.8.5 2008.09.23 -
ViRobot 2008.9.23.1389 2008.09.23 -
VirusBuster 4.5.11.0 2008.09.23 Packed/Upack
Webwasher-Gateway 6.6.2 2008.09.23 Trojan.ATRAPS.Gen
Additional information
File size: 21068 bytes
MD5…: 0a806a6036de056f49ca964f9bee9940
SHA1..: af44ebeffe7030f6bcd7d0c1333098eb71f20943
SHA256: 64cd7a4fae77dc812524fd5ba6238a47c66dd7bf5491565a662ae9dce5a6add2
SHA512: 694e38236b0fbd7c2e658213c7e205b0790287be6ead6f940e878536ddfd74be
3cc246433464bd0c8ec94672aa1a9786ea895b6b43508285708f13afee7b2328
PEiD..: -
TrID..: File type identification
DOS Executable Generic (100.0%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0×401018
timedatestamp…..: 0x4011b0be (Fri Jan 23 23:39:42 2004)
machinetype…….: 0x14c (I386)
( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
PS 0×1000 0×16000 0x1f0 5.16 9647b2122a252399a053072e93d7ee29
@$A 0×17000 0xd000 0x504c 7.99 92f6c75930d3c0a0051ed5154e975f54
rcA@ 0×24000 0×1000 0x1f0 5.16 9647b2122a252399a053072e93d7ee29
( 0 imports )
( 0 exports )
packers (Kaspersky): PE_Patch, UPack
