病毒名称:
Worm.Gibe
类别: 蠕虫病毒
病毒资料:
病毒简介:
这是一个VB写的蠕虫病毒。普通用户很容易中招。因为病毒以微软的名誉,说附件是微软产品的补丁。邮件的正文写得很长,在风格上模仿得也很像。病毒还打开微软官方网页,这样用户更不会猜疑。
破坏方法:
一:释放三个文件到系统中
%WINDOWS%UPDATE855.EXE 用来作病毒邮件的附件,是病毒本身的拷贝。
%WINDOWS%MSBUGADV.EXE 打开微软的网页http://www.microsoft.com/isapi/goregwiz.ASP?target=/contactus/contactus.asp
装模作样,增加真实性。
%WINDOWS%DX3DRNDR.EXE
二、 UPDATE855.EXE 写注册表
HKLM\Software\Microsoft\Windows\CurrentVersion
\Run\DxLoad
数据为%WINDOWS%DX3DRndr.exe
三、信件的正文:
known security vulnerabilities affecting Internet EXPlorer,Outlook and Outlook Express as well as five newly discovered vulnerabilities. Install now to protect your computer from these vulnerabilities, the most serious of which could allow an attacker to
run executable on your system. This update includes the functionality of all previously released patches.
System requirements:
Win 9x/Me/2000/NT/XP
This update applies to:
Microsoft Internet Explorer, version 4.01 and later
Microsoft Outlook, version 8.00 and later
Microsoft Outlook Express, version 4.01 and later
Recommendation:
Customers should install the patch at the earliest opportunity.
How to install:
Run attached file. Click Yes on displayed dialog box.
How to use:
You don't need to do anything after installing this item.
Microsoft Technical Support is available at
http://support.microsoft.com/
For security-related information about Microsoft prodUCts, please visit the Microsoft Security Advisor web site at
http://www.microsoft.com/security
Contact us at
http://www.microsoft.com/isapi/goregwiz.asp?target=3D/contactus/= contactus.asp
Please do not reply to this message. It was sent from an unmonitored e-mail address and we are unable to respond to any replies.
Thank you for using Microsoft products.
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2003-3-17