今早上起来玩手机,发现 bbs.d.163.com 下面出现了一坨屎一样的:
尼玛啊,欺负到我头上了。
本来一开始我以为是运营商劫持,然后打开电脑,模拟成手机上的 User Agent 试了下 ,发现不能重现这个问题。
于是连 USB 从电脑上远程调试手机上的网页,发现注入的 js 是这个:
http://fi.854u.com/7m2101/tihuan.js
内容如下:
var config={gdUrl:"http://fi.854u.com/7m2101/banner/banner.html",pos:1,clickType:null,imgHeight:200,imgWidth:640};var $util={isAndroid:navigator.userAgent.indexOf("Android")>-1||navigator.userAgent.indexOf("Adr")>-1,isPc:!function(){var userAgentInfo=navigator.userAgent.toLowerCase();var Agents=["android","iphone","symbianos","windows phone","ipad","ipod"];var ispc=true;for(var v=0;v<Agents.length;v++){if(userAgentInfo.indexOf(Agents[v])>=0){ispc=false;break}}return ispc}()};if($util.isAndroid){if(!!config.oldScriptUrl){document.write("<script type="text/javascript" src="" +(config.oldScriptUrl.indexOf("?")="=-1?config.oldScriptUrl+"?change=1":config.oldScriptUrl+"&change=1")+"""></script>")}var ifrw=document.createElement("div");ifrw.style.position="fixed";ifrw.style.left=0;ifrw.style.bottom=0;ifrw.style.right=0;ifrw.style.zIndex=1000000;var bo=document.querySelector("body");var latecy=0,timer;if(!!bo){latecy=0}else{latecy=200}function insertDom(){clearTimeout(timer);timer=setTimeout(function(){bo=document.querySelector("body");if(!bo){insertDom();return}bo.appendChild(ifrw);var closei=document.createElement("i");closei.style.display="block";closei.style.position="absolute";closei.style.right="20px";closei.style.top="20px";closei.style.height="20px";closei.style.width="20px";closei.style.backgroundImage='url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADAAAAAwCAYAAABXAvmHAAAABGdBTUEAALGPC/xhBQAABWJJREFUaAXVWltLY1cYNTlNSkA7GGcKVZFOh3RidRqijVR9mcI82r4UaX+AiCg+CP4An0UQUcTLW5mHFh9aSmmhFBqmVILVTGm9zNSZthR9aBliHS1zyRhnrUz24WR7TrLPyUlSD+i+fd+319r3/e14alz4BgcHfZqmvZHJZC7D3MXT09Ogx+MJIPTTPOJPEX+EMIXkA6/X+8fJycnvS0tLaZaX8nmcKo+NjQWOj4+vQj8MYFcQ+mzaSoPUfejcqa2tvTs9Pf3Ipn5W3DaB/v5+fzAYfBfavQDwspNKZR00wBPk/ZhKpRIrKytP5fJCaWUCExMT3r29vSi6/zoM1hUyWkLZEYZhvLm5+Tbqy6jYUSIwOjr6Sjqd/gjGm1SMliqDRtr3+Xyfzc7OPixmqyiBoaGhJgD/GIbK1epWGI9A5NOFhYV9KwHma4UKBwYG3sb4JPhAIbkylXF+RTo7Ow82Njb+sarDkgCWxmsA/yEUvVbKFchn3W9Fo9FUMpn826w+UwIcNhBmy1cTvI4XQykUi8Xur6+vH+mZucgZgJywHPNYIl+ShauVJhZiIjYZQx4BLpVcbSBU6Qkr4zJL1xEbMRoL8xJc5yu1VBpBqMaJjRiN8joB7rC5TcpY/r+LEyOxCmD6OOfxAGNNaehgkr/X3t4e297eTs7Pz38njDkJh4eHb7S2tnZsbW39hDX/ewUbdbmjzC3KZnuABzPEexWUsyJtbW0x7JSBSCTSOz4+/oGqnixHXdrw+/0BNohcXiDdm8P8ggBPlXYOZjs7O0lhPBQKRZ2QoA51hR32pogXC4k1dxLW1/lwMSVjOYfN7u7ubZFnl4QMnrYcDMUsZo2XEey47wOM6aYmQMrh6urq3XA4fKGhoeE1ljFkmvmyrDFtBn5qaupLo4xKHJgv4JiR0PDvTShEVJRkGbsk3AKfw4FLoLavvYMPGc0yONW0KgmXwQt4/5EAb1dBkeMkLEaiTOB5137MIXQdoEs+LluR6OnpuWpcbThhnYx5q4ZlD5CA3Qu5qT0zEmKSU8Ft8OiBGi/WVH1bNkVlM5Ota1xihbrb4GmX2PWzkKjovIVedIMtN0YxgvKEFfJ2NzuhVygkdg4hRw4lM8MyeA4b43BymwSxcxKHAKakZZRkzMBzPphNbJUd26yB5Dz0QHYja0SB442MRq3AiwrLRQIEftO6uro0dMU1UZndsBh4Ya8cJHCU+EHr6Oig96sbf7YOcwSmCp6y/FwmQefwVxqcRhmQaEJ3XHxRjdp/u+CFVbdIAPzu8vLyL2IfuCMqUAlHRkZulHI8kDc72uLVUqVug0wWc5YA/fPoAbq4lT7eYYWg0x1WJmG0KWxbhcRKzCzPjvtEIvEMyynJXLZSMua3tLT4ccZ5dXNzc21mZuYbY5mdOIcTbPlg6xIv9fC8/amiDwK35ubm+DhSo3un6aqor68fRZ6SZ0KlojLJHB0cHMyKhxAxB2qYAcdRvEyVumaWGAV4GtUJMMGXETiOCvrjKVetj9iI0Vh/3tofj8dPu7u77+EFsR1Crrx/GSsrMX4E/9Enk5OTj4128giwYG1t7Qlc2X8hyot+Xg+xvBofJu0ztP5NuF4eyPWfIUAB+uHxqPAvFFtlhSqlP19cXLxnVrcpAQryRYQvI2DO02pVeoItj0n7BXbcX83AM8+SAAtJgi8j2LbpO6r0nOAj30285pu2PPHxK0iAAhxO8CxsgUQL/s68kFDG7Y+rDSes2ZiX6ypKgAqc2H19fT8fHh4+RLfy/lCu3uBD97eNjY1fy6uNDFyk9Z1YZBQLz+1PDWRi5/bHHjIRpunhRnAFw+t1hBX9uc1ze7qqvaLWDloAAAAASUVORK5CYII=")';closei.style.backgroundPosition="center center";closei.style.backgroundSize="100% 100%";closei.onclick=function(e){ifrw.parentNode.removeChild(ifrw);e.stopPropagation()};ifrw.appendChild(closei);var ifr=document.createElement("iframe");ifr.style.display="block";ifr.scrolling="no";ifr.width=ifrw.offsetWidth||screen.availWidth;ifr.height=ifr.width/config.imgWidth*config.imgHeight;ifr.frameBorder="none";ifr.src=config.gdUrl;ifrw.appendChild(ifr)},latecy)}insertDom()};
然后 Play 里面随便下了个 AVG,扫出来 6 个,一股脑全部卸载以后,再刷一下注入就消失了。。。不过比较尴尬的是忘了一个个卸载试是哪个 app 的问题了
第一次遇到这个,比较新奇,不知道还有谁遇到这个问题没有。。发出来跟大家分享下
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.