病毒名称(中文):
混合蠕虫
病毒别名:
Backdoor.ForBot.a[AVP]
威胁级别:
★★★☆☆
病毒类型:
蠕虫病毒
病毒长度:
303616
影响系统:
Win9xWinNTWin2000WinXPWin2003
病毒行为:
IRCBot
编写工具:MicrosoftVisualC++6.0
传染条件:
利用IRC等工具,将自己伪装为共享资源,引诱用户下载使用,及利用漏洞传播
发作条件:
系统修改:
A、在系统安装目录下生成如下文件,并将病毒前一个运行文件删除:
%System%smsc.exe
smsc并运行这个新生成的文件
B、
1、在注册表主键:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentversionRunServices
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentversionRun
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentversionRunServices
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentversionRun
下添加如下键值:
"Win32USB2Driver"="smsc.exe"
C、创建一个名为"Win32USB2Driver"服务
发作现象:
A、对下列网站进行DOS攻击
www.schlund.net
www.utwente.nl
verio.fr
www.1und1.de
www.switch.ch
www.belwue.de
de.yahoo.com
www.xo.net
www.stanford.edu
www.verio.com
www.nocster.com
www.rit.edu
www.cogentco.com
www.burst.net
nitro.ucsc.edu
www.level3.com
www.above.net
www.lib.nthu.edu.tw
www.st.lib.keio.ac.jp
www.d1asia.com
www.nifty.com
yahoo.co.jp
B、DOS攻击包括
HTTPFLOOD
UPDFLOOD
PINFFLOOD
SYNFLOOD
C、通过IRC进行传播,控制感染机器
D、利用多种微软漏洞进行传播。
E、获取游戏CD-Key
Battlefield1942
BlackandWhite
CommandandConquer
Counter-Strike
FIFA2002
FIFA2003
GlobalOperations
GunmanChronicles
Half-Life
HiddenandDangerous2
IGI2CovertStrike
IndustryGiant2
JamesBond007Nightfire
MedalofHonorAlliedAssault
MedalofHonorAlliedAssaultBreakthrough
MedalofHonorAlliedAssaultSpearhead
NascarRacing2002
NascarRacing2003
NHL2002
NHL2003
NeedForSpeedHotPursuit2
NeedForSpeedUnderground
NeverwinterNights
Ravenshield
ShogunTotalWarWarlordEdition
SoldiersOfAnarchy
SoldierOfFortune2
TheGladiators
UnrealTournament2003
F、会对关闭多种杀毒软件的进程
ACKWIN32.EXE
ADVXDWIN.EXE
AGENTSVR.EXE
ALERTSVC.EXE
ALOGSERV.EXE
AMON9X.EXE
ANTI-TROJAN.EXE
ANTIVIRUS.EXE
ANTS.EXE
APIMONITOR.EXE
APLICA32.EXE
APVXDWIN.EXE
ATCON.EXE
ATGUARD.EXE
ATRO55EN.EXE
ATUPDATER.EXE
ATWATCH.EXE
AUPDATE.EXE
AUTODOWN.EXE
AUTOUPDATE.EXE
AVCONSOL.EXE
AVE32.EXE
AVGCC32.EXE
AVGCTRL.EXE
AVGNT.EXE
AVGSERV.EXE
AVGSERV9.EXE
AVGUARD.EXE
AVGW.EXE
AVNT.EXE
AVP.EXE
AVP32.EXE
AVPCC.EXE
AVPDOS32.EXE
AVPM.EXE
AVPTC32.EXE
AVPUPD.EXE
AVWIN95.EXE
AVWINNT.EXE
AVWUPD32.EXE
AVWUPSRV.EXE
AVXMONITOR9X.EXE
AVXMONITORNT.EXE
AVXQUAR.EXE
AckWin32.EXE
AutoTrace.EXE
AvSynMgr.AVSYNMGR.EXE
AvgServ.EXE
Avgctrl.EXE
AvkServ.EXE
Avsched32.EXE
BD_PROFESSIONAL.EXE
BIDEF.EXE
BIDSERVER.EXE
BIPCP.EXE
BIPCPEVALSETUP.EXE
BISP.EXE
BLACKD.EXE
BLACKICE.EXE
BOOTWARN.EXE
BORG2.EXE
BS120.EXE
BlackICE.EXE
CDP.EXE
CFGWIZ.EXE
CFIADMIN.EXE
CFIAUDIT.EXE
CFINET.EXE
CFINET32.EXE
CLAW95CF.EXE
CLEAN.EXE
CLEANER.EXE
CLEANER3.EXE
CLEANPC.EXE
CMGRDIAN.EXE
CMON0EXE
CONNECTIONMONITOR.EXE
CPD.EXE
CPF9X206.EXE
CPFNT206.EXE
CTRL.EXE
CV.EXE
CWNB181.EXE
CWNTDWMO.EXE
Claw95.EXE
Claw95cf.EXE
DEFWATCH.EXE
DEPUTY.EXE
DOORS.EXE
DPF.EXE
DPFSETUP.EXE
DRWATSON.EXE
DRWEB32.EXE
DVP95.EXE
DVP95_0.EXE
ECENGINE.EXE
EFPEADM.EXE
ENT.EXE
ESAFE.EXE
ESCANH95.EXE
ESCANHNT.EXE
ESCANV95.EXE
ESPWATCH.EXE
ETRUSTCIPE.EXE
EVPN.EXE
EXANTIVIRUS-CNET.EXE
EXE.AVXW.EXE
EXPERT.EXE
F-AGNT95.EXE
F-PROT.EXE
F-PROT95.EXE
F-STOPW.EXE
FAST.EXE
FINDVIRU.EXE
FIREWALL.EXE
FLOWPROTECTOR.EXE
FP-WIN.EXE
FP-WIN_TRIAL.EXE
FPROT.EXE
FRW.EXE
FSAV.EXE
FSAV530STBYB.EXE
等等。
非凡说明:
