病毒名称:
W32.Chet@mm
类别: 蠕虫
病毒资料:
受影响系统:Windows 95, Windows 98, Windows NT, windows 2000, Windows XP, Windows Me
不受影响系统:Macintosh, Unix, Linux
病毒危害:
1.发送大量病毒邮件:感染后会将自身发送给Windows地址簿中的所有联系人;
2.泄露机密信息:会将被感染用户所有联系人的邮件地址、被感染机器IP地址及机器名等信息发送给黑客。
邮件特征:
From:main@world.com
主题:All people!!
正文:Dear ladies and gentlemen!
The given letter does not contain viruses, and is not Spam.
We ask you to be in earnest to this letter. As you know America and
England have begun bombardment of Iraq, cause of its threat for all the world.
It isn‘t the truth. The real reason is in money laundering and also to cover up tracesafter acts of terrorism September, 11, 2001. Are real proofs of connection betweenBush and Al-Qaeda necessary for you? Please! There is a friendly dialogue betweenBin Laden and the secretary of a state security of USA in the given photos.
In the following photo you‘ll see, how FBI discusses how to strike over New York to losepeople as mUCh as possible. And the document representing the super confidentialagreement between CIA and Al-Qaeda is submitted to your attention. All this
circus was specially played to powder brains!! You‘ll find out the truth.
Naked truth, instead of TV showed.
For your convenience, and to make letter less, all documentary materials
(photos and MS Word documents) are located in one EXE file. Open it, and all materials will be
installed on your computer. You will receive the freshest and classified
documents automatically from our site.
It isn‘t a virus! You can trust us absolutely. We hope, that it will open your
eyes on many things occurring in this world.
附件:11september.exe
注意:附件的文件名末尾有一个空格
技术特征:
该邮件蠕虫运行后,会:
1.将自己复制成C:%system%Synchost1.exe;
2.添加键值ICQ1 C:%system%synchost1.exe
至注册表HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun中,使得病毒在每次启动Windows时会自动运行;
3.创建文件C:Boot.txt,文件长度为零字节;
4.搜索注册表,以查找Windows地址簿文件的位置,然后将自己发送给地址簿中的所有联系人。
病毒的清除法:
使用光华反病毒软件,彻底删除。
病毒演示:
病毒FAQ:
别名:W32/Chet@MM [McAfee], W32/Chet-A [Sophos], Win32.Chet [CA], WORM_CHET.A [Trend], I-Worm.Chet [AVP]
发现日期:
2002-9-10
