| 導購 | 订阅 | 在线投稿
分享
 
 
 

Worm.Mytob.az

來源:互聯網網民  2008-08-14 22:19:11  評論

病毒名稱(中文):

郵件僞裝者

病毒別名:

威脅級別:

★☆☆☆☆

病毒類型:

蠕蟲病毒

病毒長度:

49278

影響系統:

Win9xWinNT

病毒行爲:

這是一個通過郵件傳播的病毒,他會開啓系統的後門,修改用戶計算機的安全設置,並且會通過IRC遠程控制機器,對其他的計算機進行攻擊.對用戶帶來很多麻煩.

1.生成文件:

%system%\nec.exe

2.增加注冊表項,使病毒開機運行.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

WINDOWSSYSTEM

nec.exe

3.注冊爲服務項目:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

WINDOWSSYSTEM

nec.exe

4.設置連接共享服務,爲其他病毒的傳播埋下伏筆.

5.修改防火牆規則,使病毒不被防火牆阻攔.

6.修改host,延長病毒生命周期.

127.0.0.1www.trendmicro.com

127.0.0.1www.microsoft.com

127.0.0.1trendmicro.com

127.0.0.1rads.mcafee.com

127.0.0.1customer.symantec.com

127.0.0.1liveupdate.symantec.com

127.0.0.1us.mcafee.com

127.0.0.1updates.symantec.com

127.0.0.1update.symantec.com

127.0.0.1www.nai.com

127.0.0.1nai.com

127.0.0.1secure.nai.com

127.0.0.1dispatch.mcafee.com

127.0.0.1download.mcafee.com

127.0.0.1www.my-etrust.com

127.0.0.1my-etrust.com

127.0.0.1mast.mcafee.com

127.0.0.1ca.com

27.0.0.1www.ca.com

127.0.0.1networkassociates.com

127.0.0.1www.networkassociates.com

127.0.0.1avp.com

127.0.0.1www.kaspersky.com

127.0.0.1www.avp.com

127.0.0.1kaspersky.com

127.0.0.1www.f-secure.com

127.0.0.1f-secure.com

127.0.0.1viruslist.com

127.0.0.1www.viruslist.com

127.0.0.1liveupdate.symantecliveupdate.com

127.0.0.1mcafee.com

127.0.0.1www.mcafee.com

127.0.0.1sophos.com

127.0.0.1www.sophos.com

127.0.0.1symantec.com

27.0.0.1securityresponse.symantec.com

127.0.0.1www.symantec.com

7.結束上千種程序,包括以下的:

ACKWIN32.EXE

ADAWARE.EXE

ADVXDWIN.EXE

AGENTSVR.EXE

AGENTW.EXE

ALERTSVC.EXE

ALEVIR.EXE

ALOGSERV.EXE

AMON9X.EXE

ANTI-TROJAN.EXE

ANTIVIRUS.EXE

ANTS.EXE

APIMONITOR.EXE

APLICA32.EXE

APVXDWIN.EXE

ARR.EXEATCON.EXE

ATGUARD.EXE

ATRO55EN.EXE

ATUPDATER.EXE

ATUPDATER.EXE

ATWATCH.EXE

AU.EXE

AUPDATE.EXE

AUTODOWN.EXE

AUTOTRACE.EXE

AUTOUPDATE.EXE

AVCONSOL.EXE

AVE32.EXE

AVGCC32.EXE

AVGCTRL.EXE

AVGNT.EXE

AVGSERV.EXE

AVGSERV9.EXE

AVGUARD.EXE

AVGW.EXE

AVKPOP.EXE

AVKSERV.EXE

AVKSERVICE.EXE

AVKWCTl9.EXE

AVLTMAIN.EXE

AVNT.EXE

AVP.EXE

AVP32.EXE

AVPDOS32.EXE

AVPM.EXE

AVPTC32.EXE

AVPUPD.EXE

AVPUPD.EXE

AVSCHED32.EXE

AVSYNMGR.EXE

AVWINNT.EXE

AVWUPD.EXE

AVWUPD32.EXE

AVWUPSRV.EXE

AVXMONITOR9X.EXE

AVXMONITORNT.EXE

AVXQUAR.EXE

AVXQUAR.EXE

BACKWEB.EXE

BARGAINS.EXE

WNAD.EXE

WNT.EXE

WRADMIN.EXE

WRCTRL.EXE

WSBGATE.EXEWUPDATER.EXE

WUPDT.EXE

WYVERNWORKSFIREWALL.EXE

XPF202EN.EXE

ZAPRO.EXE

ZAPSETUP3001.EXE

ZATUTOR.EXE

ZONALM2601.EXE

ZONEALARM.EXE

_AVP32.EXE

_AVPCC.EXE

_AVPM.EXE

CMD.EXE

ASKMGR.EX

8.鏈接到irc.blackcarder.net的#skyline2,接收遠程控制的命令.

9.在用戶計算機上建立一個到137.118.240.20119091的ftp,使用戶機器成爲病毒中轉站.

10.搜索下列文件中的郵箱地址:

.txt

.htmb

.shtl

.cgil

.jspl

.xmls

.phpq

.aspd

.dbxn

.tbbg

.adbh

.wab

.pl

並且會避免含有向以下字符的地址發送郵件:

avp

syma

microsof

msn.

hotmail

panda

sopho

borlan

.gov

.mil

berkeley

unix

math

bsd

mit.e

gnu

fsf.

ibm.com

google

kernel

linux

fido

11.下載HellBot::v3beta2並且啓動.

12.SYN攻擊.

13.發郵件:

發件人爲以下隨機的名字和搜索到的域名的組合:

root

info

samples

postmaster

webmaster

noone

nobody

nothing

anyone

someone

your

you

me

bugs

rating

privacy

service

help

admin

內容爲以下五條隨機一條:

Onceyouhavecompletedtheformintheattachedfile,youraccountrecordswillnotbeinterruptedandwillcontinueasnormal.

Theoriginalmessagehasbeenincludedasanattachment.

Weregrettoinformyouthatyouraccounthasbeensuspendedduetotheviolationofoursitepolicy,moreinfoisattached.

Weattachedsomeimportantinformationregardingyouraccount.

Pleasereadtheattacheddocumentandfollowit"sinstructions.

附件爲以下格式:

.exe

.scr

.pif

.zip

 
特别声明:以上内容(如有图片或视频亦包括在内)为网络用户发布,本站仅提供信息存储服务。
 
病毒名稱(中文): 郵件僞裝者 病毒別名: 威脅級別: ★☆☆☆☆ 病毒類型: 蠕蟲病毒 病毒長度: 49278 影響系統: Win9xWinNT 病毒行爲: 這是一個通過郵件傳播的病毒,他會開啓系統的後門,修改用戶計算機的安全設置,並且會通過IRC遠程控制機器,對其他的計算機進行攻擊.對用戶帶來很多麻煩. 1.生成文件: %system%\nec.exe 2.增加注冊表項,使病毒開機運行. HKLM\Software\Microsoft\Windows\CurrentVersion\Run WINDOWSSYSTEM nec.exe 3.注冊爲服務項目: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices WINDOWSSYSTEM nec.exe 4.設置連接共享服務,爲其他病毒的傳播埋下伏筆. 5.修改防火牆規則,使病毒不被防火牆阻攔. 6.修改host,延長病毒生命周期. 127.0.0.1 www.trendmicro.com 127.0.0.1 www.microsoft.com 127.0.0.1 trendmicro.com 127.0.0.1 rads.mcafee.com 127.0.0.1 customer.symantec.com 127.0.0.1 liveupdate.symantec.com 127.0.0.1 us.mcafee.com 127.0.0.1 updates.symantec.com 127.0.0.1 update.symantec.com 127.0.0.1 www.nai.com 127.0.0.1 nai.com 127.0.0.1 secure.nai.com 127.0.0.1 dispatch.mcafee.com 127.0.0.1 download.mcafee.com 127.0.0.1 www.my-etrust.com 127.0.0.1 my-etrust.com 127.0.0.1 mast.mcafee.com 127.0.0.1 ca.com 27.0.0.1 www.ca.com 127.0.0.1 networkassociates.com 127.0.0.1 www.networkassociates.com 127.0.0.1 avp.com 127.0.0.1 www.kaspersky.com 127.0.0.1 www.avp.com 127.0.0.1 kaspersky.com 127.0.0.1 www.f-secure.com 127.0.0.1 f-secure.com 127.0.0.1 viruslist.com 127.0.0.1 www.viruslist.com 127.0.0.1 liveupdate.symantecliveupdate.com 127.0.0.1 mcafee.com 127.0.0.1 www.mcafee.com 127.0.0.1 sophos.com 127.0.0.1 www.sophos.com 127.0.0.1 symantec.com 27.0.0.1 securityresponse.symantec.com 127.0.0.1 www.symantec.com 7.結束上千種程序,包括以下的: ACKWIN32.EXE ADAWARE.EXE ADVXDWIN.EXE AGENTSVR.EXE AGENTW.EXE ALERTSVC.EXE ALEVIR.EXE ALOGSERV.EXE AMON9X.EXE ANTI-TROJAN.EXE ANTIVIRUS.EXE ANTS.EXE APIMONITOR.EXE APLICA32.EXE APVXDWIN.EXE ARR.EXEATCON.EXE ATGUARD.EXE ATRO55EN.EXE ATUPDATER.EXE ATUPDATER.EXE ATWATCH.EXE AU.EXE AUPDATE.EXE AUTODOWN.EXE AUTOTRACE.EXE AUTOUPDATE.EXE AVCONSOL.EXE AVE32.EXE AVGCC32.EXE AVGCTRL.EXE AVGNT.EXE AVGSERV.EXE AVGSERV9.EXE AVGUARD.EXE AVGW.EXE AVKPOP.EXE AVKSERV.EXE AVKSERVICE.EXE AVKWCTl9.EXE AVLTMAIN.EXE AVNT.EXE AVP.EXE AVP32.EXE AVPDOS32.EXE AVPM.EXE AVPTC32.EXE AVPUPD.EXE AVPUPD.EXE AVSCHED32.EXE AVSYNMGR.EXE AVWINNT.EXE AVWUPD.EXE AVWUPD32.EXE AVWUPSRV.EXE AVXMONITOR9X.EXE AVXMONITORNT.EXE AVXQUAR.EXE AVXQUAR.EXE BACKWEB.EXE BARGAINS.EXE WNAD.EXE WNT.EXE WRADMIN.EXE WRCTRL.EXE WSBGATE.EXEWUPDATER.EXE WUPDT.EXE WYVERNWORKSFIREWALL.EXE XPF202EN.EXE ZAPRO.EXE ZAPSETUP3001.EXE ZATUTOR.EXE ZONALM2601.EXE ZONEALARM.EXE _AVP32.EXE _AVPCC.EXE _AVPM.EXE CMD.EXE ASKMGR.EX 8.鏈接到irc.blackcarder.net的#skyline2,接收遠程控制的命令. 9.在用戶計算機上建立一個到137.118.240.20119091的ftp,使用戶機器成爲病毒中轉站. 10.搜索下列文件中的郵箱地址: .txt .htmb .shtl .cgil .jspl .xmls .phpq .aspd .dbxn .tbbg .adbh .wab .pl 並且會避免含有向以下字符的地址發送郵件: avp syma microsof msn. hotmail panda sopho borlan .gov .mil berkeley unix math bsd mit.e gnu fsf. ibm.com google kernel linux fido 11.下載HellBot::v3beta2並且啓動. 12.SYN攻擊. 13.發郵件: 發件人爲以下隨機的名字和搜索到的域名的組合: root info samples postmaster webmaster noone nobody nothing anyone someone your you me bugs rating privacy service help admin 內容爲以下五條隨機一條: Onceyouhavecompletedtheformintheattachedfile,youraccountrecordswillnotbeinterruptedandwillcontinueasnormal. Theoriginalmessagehasbeenincludedasanattachment. Weregrettoinformyouthatyouraccounthasbeensuspendedduetotheviolationofoursitepolicy,moreinfoisattached. Weattachedsomeimportantinformationregardingyouraccount. Pleasereadtheattacheddocumentandfollowit"sinstructions. 附件爲以下格式: .exe .scr .pif .zip
󰈣󰈤
王朝萬家燈火計劃
期待原創作者加盟
 
 
 
>>返回首頁<<
 
 
 
 
 
 熱帖排行
 
 
 
靜靜地坐在廢墟上,四周的荒凉一望無際,忽然覺得,淒涼也很美
© 2005- 王朝網路 版權所有