病毒名称(中文):
病毒别名:
I-Worm.Nihilit.u[AVP]
威胁级别:
★☆☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
213504
影响系统:
Win9xWinNTWin2000WinXPWin2003
病毒行为:
编写工具:
传染条件:通过P2P、mIRC、邮件等,进行传播
发作条件:
系统修改:
A、将自身复制到kazaaP2P软件中文件名一般如下:
preteensex.avi.exe
14_year_old_on_beach.exe
15_year_old_on_beach.exe
16_year_old_on_beach.exefetish_bondage_preteen_porno.exe
jenna_jameson_sex_scene_huge_dick_blowjob.exe
nikki_nova_sex_scene_huge_dick_blowjob.exe
jenna_jameson-built_for_speed.exe
cute_girl_giving_head.exe
jenna_jameson-shower_scene.exe
jenna_jameson-xxx_nurse_scene.exe
chubby_girl_fucked_from_all_angles_xxx.exe
kill_osama_bin_laden_game.exe
caught_on_camera-man_hit_by_car-faces_of_death.exe
chubby_girl_bukkake_gang_banged_sucking_cock.exe
brutal_preteen_porn_xxx.exe
illegal_porno-15_year_old_raped_by_two_men_on_boat.exe
windows_xp_key_generator_and_cracker.exe
Cichosz_loves_you.exe
winzip_key_generator.exe
cat_attacks_child.exe
evil_pranksters-light_church_on_fire.exe
Necronomikon_is_back.exe
divx_codec_installer.exe
B、复制自身到系统目录%WinBootDir%system32中,文件名如下
hot_girl_on_the_beach_sucking_cock_and_fucking_guy.exe
devin_in_elevator_sex.exe
microsoft_office_xp_cracked.exe
microsoft_visual_studio6.0.exe
microsoft_.NET.exe
[DiVX]_Lord_of_the_rings.exe
[DiVX]_Harry_Potter_and_the_sorcerors_stone.exe
macromedia_flash_5.0.exe
macromedia_dreamweaver_4.0.exe
nuke_afghanistan_game.exe
Britney_Spears_Nude_Cum.exe
Christina_Agulera_Nude_Cum.exe
Christina_Ricci_Nude_Cum.exe
AIM_Password_Stealer.exe
AIM_Account_Stealer.exe
AIM_Account_Hacker.exe
AIM_Flooder.exe
MSN_Password_Hacker_and_Stealer.exe
MSN_Flooder.exe
Hacking_Tool_Collection.exe
C、生成BAS文件并调用debug命令生成BASVBS脚本
D、修改注册表,降低MsOffice的安全级别
E、对Word模版进行修改,注入宏病毒
F、修改mIRC的脚本文件
G、在注册表主键:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
下添加如下键值:
"vbsfile"="%WINDOWSROOT%Nihilit.vbs"
发作现象:
A、释放宏病毒,并搜索所有Word文档进行感染
B、窃取感染机器密码,并发送到指定信箱
C、对微软、赛门铁克等网站通过Ping命令进行Dos攻击
D、试图关闭杀毒软件进程
E、试图进行IIS4.0远程溢出
非凡说明: