病毒名称:
I-Worm.Pandem
类别: 蠕虫病毒
病毒资料:
破坏方法:
这是一个蠕虫病毒,假冒w32_pandemonium@katamail.com发信。
创建一个线程监听TCP 61282 端口,接收远程控制命令。
1.邮件标题为
W32/PANDEMONIUM's Report
或 Wonderful!
2.邮件正文为
Take a look to the attachment, it's fantastic!
X-MimeOLE: ProdUCed By Microsoft MimeOLE V5.00.2919.6700
Importance: High
X-Mailer: Microsoft Outlook, Build 10.0.2627
X-MSMail-Priority: High
X-Priority: 1 (Highest)
3.附件为
spoofer.zip 或 spoofer.exe
4.病毒试图拷贝自己为下列文件
c:\program files\gnucleus\downloads\incoming
\Hotmail Hack.exe
c:\program files\gnucleus\downloads
\Hotmail Hack.exe
c:\program files\KMD\my shared folder
\Hotmail Hack.exe
c:\program files\BearShare\Shared
\Hotmail Hack.exe
c:\program files\KaZaa Lite\My Shared Folder
\Hotmail Hack.exe
c:\program files\KaZaa\My Shared Folder
\Hotmail Hack.exe
c:\program files\Morpheus\my shared folder
\Hotmail Hack.exe
c:\program files\eDonkey2000\incoming
\Hotmail Hack.exe
c:\program files\direct connect\received files
\Hotmail Hack.exe
c:\program files\grokster\my grokster
\Hotmail Hack.exe
c:\program files\limeWire\shared
\Hotmail Hack.exe
c:\program files\gnucleus\downloads\incoming
\Norton keygen-All vers.exe
c:\program files\icq\shared files
\Hotmail Hack.exe
c:\program files\gnucleus\downloads
\Norton keygen-All vers.exe
c:\program files\KMD\my shared folder
\Norton keygen-All vers.exe
c:\program files\BearShare\Shared
\Norton keygen-All vers.exe
c:\program files\KaZaa Lite\My Shared Folder
\Norton keygen-All vers.exe
c:\program files\KaZaa\My Shared Folder
\Norton keygen-All vers.exe
c:\program files\Morpheus\my shared folder
\Norton keygen-All vers.exe
c:\program files\eDonkey2000\incoming
\Norton keygen-All vers.exe
c:\program files\direct connect\received files
\Norton keygen-All vers.exe
c:\program files\grokster\my grokster
\Norton keygen-All vers.exe
c:\program files\limeWire\shared
\Norton keygen-All vers.exe
c:\program files\gnucleus\downloads\incoming
\Hacker.scr
c:\program files\icq\shared files
\Norton keygen-All vers.exe
c:\program files\gnucleus\downloads
\Hacker.scr
c:\program files\KMD\my shared folder
\Hacker.scr
c:\program files\BearShare\Shared\Hacker.scr
c:\program files\KaZaa Lite\My Shared Folder\Hacker.scr
c:\program files\KaZaa\My Shared Folder
\Hacker.scr
c:\program files\Morpheus\my shared folder
\Hacker.scr
c:\program files\eDonkey2000\incoming\Hacker.scr
c:\program files\direct connect\received files\Hacker.scr
c:\program files\grokster\my grokster\Hacker.scr
c:\program files\limeWire\shared\Hacker.scr
c:\program files\gnucleus\downloads\incoming
\credit card.exe
c:\program files\icq\shared files\Hacker.scr
c:\program files\gnucleus\downloads
\credit card.exe
c:\program files\KMD\my shared folder
\credit card.exe
c:\program files\BearShare\Shared\credit card.exe
c:\program files\KaZaa Lite\My Shared Folder
\credit card.exe
c:\program files\KaZaa\My Shared Folder
\credit card.exe
c:\program files\Morpheus\my shared folder
\credit card.exe
c:\program files\eDonkey2000\incoming
\credit card.exe
c:\program files\direct connect\received files
\credit card.exe
c:\program files\grokster\my grokster
\credit card.exe
c:\program files\limeWire\shared\credit card.exe
c:\program files\gnucleus\downloads\incoming
\Microsoft Nuker 2003.exe
c:\program files\icq\shared files\credit card.exe
c:\program files\gnucleus\downloads
\Microsoft Nuker 2003.exe
c:\program files\KMD\my shared folder
\Microsoft Nuker 2003.exe
c:\program files\BearShare\Shared
\Microsoft Nuker 2003.exe
c:\program files\KaZaa Lite\My Shared Folder
\Microsoft Nuker 2003.exe
c:\program files\KaZaa\My Shared Folder
\Microsoft Nuker 2003.exe
c:\program files\Morpheus\my shared folder
\Microsoft Nuker 2003.exe
c:\program files\eDonkey2000\incoming
\Microsoft Nuker 2003.exe
c:\program files\direct connect\received files
\Microsoft Nuker 2003.exe
c:\program files\grokster\my grokster
\Microsoft Nuker 2003.exe
c:\program files\limeWire\shared
\Microsoft Nuker 2003.exe
c:\program files\gnucleus\downloads\incoming
\Simpsons.exe
c:\program files\icq
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
Windows下的PE病毒。
发现日期:
2003-9-22