病毒名称:
Worm.Win32.Atak.j
类别: 蠕虫病毒
病毒资料:
破坏方法:
一个简单的蠕虫病毒.
病毒行为:
病毒运行后,将自己复制到%system%目录下,文件名为%随机字符%.exe.并在WIN.INI的WINDOWS节RUN项中加入%system%\%随机字符%.EXE以达到随系统启动的目的.
随后病毒驻留内存,搜索磁盘尝试从以下扩展名的文件中提取email地址.并向其发送病毒
邮件.
病毒将跳过地址中包含以下字串的地址
@pspl
@norman
@ozemail
@karpersky
@commandsoftware
@centralcommand
@eAladdin
@free-av
@bitdefender
@vsnl
@complex
@f-secure
@sophos
@symantec
@microsoft
submit
virus
samples
microsoft
邮件标题:
human spirit
Not Wars
and get money
for fun
will freedom
to other
with me
Not spam
...
邮件正文:
We have installed our anti-spam tools to protect your email
Your account info has been setting up to block spam email
We have make a few change for our customer. Please be informed
We have upgraded your account features
Your account has been upgraded with our new services
has been attached as a file and ready to be printed
[please change it after registeration]
(You can change it later)
(temp. pwd only)
(temporary passWord)
Remember this note
Please take note this info
Keep this info
Your account info
know about account features.
learn about our features.
get more info.
find out our services.
...
邮件附件扩展名:
.zip
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2004-12-17