用戶訪問該網站後,若計算機存在系統或軟件漏洞,將可能被安裝***病毒等惡意程序,可以導致電腦被***控制並且被竊取敏感信息。
掛馬分析:
[wide]hxxp://se.kaixinfou1.com/
[script]hxxp://seseunion.com/js/kaixin.js
[frame]hxxp://www.yd0987.cn/ydll/9.htm
[frame]hxxp://www.sb7896.cn/a260/fxx.htm
[frame]hxxp://www.sb7896.cn/a260/fx.htm
[frame]hxxp://www.sb7896.cn/a260/ilink.html
[script]hxxp://www.sb7896.cn/a260/swfobject.js
[script]hxxp://www.sb7896.cn/a260/flash.js
[swf]hxxp://www.sb7896.cn/a260/./i115.swf
[swf]hxxp://www.sb7896.cn/a260/./i45.swf
[swf]hxxp://www.sb7896.cn/a260/./i16.swf
[swf]hxxp://www.sb7896.cn/a260/x2ex2fx69x36x34x2ex73x77x66
[swf]hxxp://www.sb7896.cn/a260/./i28.swf
[swf]hxxp://www.sb7896.cn/a260/x2ex2fx69x34x37x2ex73x77x66
[frame]hxxp://www.sb7896.cn/a260/flink.html
[script]hxxp://www.sb7896.cn/a260/swfobject.js
[script]hxxp://www.sb7896.cn/a260/flash.js
[swf]hxxp://www.sb7896.cn/a260/./f115.swf
[swf]hxxp://www.sb7896.cn/a260/./f64.swf
[swf]hxxp://www.sb7896.cn/a260/./f47.swf
[swf]hxxp://www.sb7896.cn/a260/./f45.swf
[swf]hxxp://www.sb7896.cn/a260/./f28.swf
[swf]hxxp://www.sb7896.cn/a260/./f16.swf
[frame]hxxp://www.sb7896.cn/a260/../a1/ss.htm
[script]hxxp://www.sb7896.cn/a260/../a1/xmybrx.js
[frame]hxxp://www.sb7896.cn/a260/../a1/ms06014.htm
[script]hxxp://www.sb7896.cn/a260/../a1/06014.js
[exe]hxxp://d.wixww.com:88/new/a1.css
[frame]hxxp://www.sb7896.cn/a260/../a1/sina.htm
[script]hxxp://www.sb7896.cn/a260/../a1/sina.js
[script]hxxp://www.sb7896.cn/a260/../a1/wokaono.js
[exe]hxxp://d.opqxn.com/new/a2.css
[frame]hxxp://www.sb7896.cn/a260/../a1/no.htm
[script]hxxp://www.sb7896.cn/a260/../a1/wokaono.js
[exe]hxxp://d.opqxn.com/new/a2.css
[frame]hxxp://www.sb7896.cn/a260/../a1/bfyy.htm
[frame]hxxp://www.sb7896.cn/a260/../a1/glworld.html
[script]hxxp://www.sb7896.cn/a260/../a1/hohogl.js
[frame]hxxp://www.sb7896.cn/a260/../a1/real.htm
[script]hxxp://www.sb7896.cn/a260/../a1/mybrreal.js
[script]hxxp://js.tongji.cn.yahoo.com/857114/ystet.js
[script]hxxp://2.newlinkexchange.ws/link/5click.js
[script]hxxp://se.kaixinfou1.com//js/top.js
[script]hxxp://se.kaixinfou1.com//js/banner.js
[script]hxxp://s7.cnzz.com/stat.php?id=1156213&web_id=1156213
[script]hxxp://se.kaixinfou1.com//js/tongji.js
[script]hxxp://js.tongji.cn.yahoo.com/901487/ystat.js
[script]hxxp://js.tongji.cn.yahoo.com/910601/ystat.js
[script]hxxp://s.vdoing.com/u/107/55106.js
[script]hxxp://seseunion.com/js/kaixin.js
[frame]hxxp://www.yd0987.cn/ydll/9.htm
[frame]hxxp://www.sb7896.cn/a260/fxx.htm
[frame]hxxp://www.sb7896.cn/a260/fx.htm
[frame]hxxp://www.sb7896.cn/a260/ilink.html
[script]hxxp://www.sb7896.cn/a260/swfobject.js
[script]hxxp://www.sb7896.cn/a260/flash.js
[swf]hxxp://www.sb7896.cn/a260/./i115.swf
[swf]hxxp://www.sb7896.cn/a260/./i45.swf
[swf]hxxp://www.sb7896.cn/a260/./i16.swf
[swf]hxxp://www.sb7896.cn/a260/x2ex2fx69x36x34x2ex73x77x66
[swf]hxxp://www.sb7896.cn/a260/./i28.swf
[swf]hxxp://www.sb7896.cn/a260/x2ex2fx69x34x37x2ex73x77x66
[frame]hxxp://www.sb7896.cn/a260/flink.html
[script]hxxp://www.sb7896.cn/a260/swfobject.js
[script]hxxp://www.sb7896.cn/a260/flash.js
[swf]hxxp://www.sb7896.cn/a260/./f115.swf
[swf]hxxp://www.sb7896.cn/a260/./f64.swf
[swf]hxxp://www.sb7896.cn/a260/./f47.swf
[swf]hxxp://www.sb7896.cn/a260/./f45.swf
[swf]hxxp://www.sb7896.cn/a260/./f28.swf
[swf]hxxp://www.sb7896.cn/a260/./f16.swf
[frame]hxxp://www.sb7896.cn/a260/../a1/ss.htm
[script]hxxp://www.sb7896.cn/a260/../a1/xmybrx.js
[frame]hxxp://www.sb7896.cn/a260/../a1/ms06014.htm
[script]hxxp://www.sb7896.cn/a260/../a1/06014.js
[exe]hxxp://d.wixww.com:88/new/a1.css
[frame]hxxp://www.sb7896.cn/a260/../a1/sina.htm
[script]hxxp://www.sb7896.cn/a260/../a1/sina.js
[script]hxxp://www.sb7896.cn/a260/../a1/wokaono.js
[exe]hxxp://d.opqxn.com/new/a2.css
[frame]hxxp://www.sb7896.cn/a260/../a1/no.htm
[script]hxxp://www.sb7896.cn/a260/../a1/wokaono.js
[exe]hxxp://d.opqxn.com/new/a2.css
[frame]hxxp://www.sb7896.cn/a260/../a1/bfyy.htm
[frame]hxxp://www.sb7896.cn/a260/../a1/glworld.html
[script]hxxp://www.sb7896.cn/a260/../a1/hohogl.js
[frame]hxxp://www.sb7896.cn/a260/../a1/real.htm
[script]hxxp://www.sb7896.cn/a260/../a1/mybrreal.js
[script]hxxp://js.tongji.cn.yahoo.com/857114/ystet.js
[script]hxxp://2.newlinkexchange.ws/link/5click.js
[script]hxxp://se.kaixinfou1.com//js/top.js
[script]hxxp://se.kaixinfou1.com//js/banner.js
[script]hxxp://s7.cnzz.com/stat.php?id=1156213&web_id=1156213
[script]hxxp://se.kaixinfou1.com//js/tongji.js
[script]hxxp://js.tongji.cn.yahoo.com/901487/ystat.js
[script]hxxp://js.tongji.cn.yahoo.com/910601/ystat.js
[script]hxxp://s.vdoing.com/u/107/55106.js
最終會下載a1.css/a2.css/*.swf等文件,這些downloader最終又會下載其它程序運行,來達到完全控制訪問者的系統。