Worm.Bagz.h - 王朝网络宽屏版

病毒名称(中文):

袋子变种H

病毒别名:

Email-Worm.Win32.Bagz.h[AVP]

威胁级别:

★★☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

41985

影响系统:

Win9xWinNT

病毒行为:

这是一个向外发送电子邮件的蠕虫病毒。该病毒会将自己注册系统服务，并开启一个隐蔽的代理，通过本地机器发送邮件。邮件的发送者是伪造的，邮件的附件是一个html文件，每封邮件的附件名可能是不同的。

1)将病毒拷贝到%System%\hicom.exe，并将其进程注册为系统服务WorkingNetworkConnections。

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TY164

"Type"=0x20

"Start"=0x2

"ErrorControl"=0x0

"ImagePath"="%System%\hicom.exe"

"DisplayName"="WorkingNetworkConnections"

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TY164\Security

"Security"=01001480A0000000...

"ObjectName"="LocalSystem"

"Description"="Managesthisoutconfigtest"

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_TY164

"NextInstance"=0x1

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_TY164\0000\Control

"*NewlyCreated*"=0x0

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_TY164\0000

"Service"="TY164"

"Legacy"=0x1

"ConfigFlags"=0x0

"Class"="LegacyDriver"

"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"

"DeviceDesc"="WorkingNetworkConnections"

HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TY164\Enum

"0"="Root\LEGACY_TY164\0000"

"Count"=0x1

"NextInstance"=0x1

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent

(Default)=0x8

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_TY164\0000\Control

ActiveService="TY164"

2)尝试连接到预定的站点

3)开启一个隐蔽的代理，并通过染毒机器发送邮件

邮件发送人：

姓：

Alexander

Alpert

Albert

Horowitz

Hollaender

Hohenemser

Hoch

Hirsch

Himmelfarb

Hillel

Herzog

Hersch

Herzberg

Herman

Hellman

Heller

Heck

Hecht

Handler

Halpern

Halperin

Gysi

Gunzberg

Gr1nberg

Gruber

Grossman

Greenberg

Gralnick

Gould

Gottlieb

Goldwyn

Goldenson

Goldberg

Glucksman

Glickman

Glazer

Gershwin

Gersh

Gelbman

Geffen

Friedman

Fried

Freud

Frankel

Fleisher

Fleischer

Fishbein

Fisch

Fish

Finkelstein

Finkbein

Finkel

Fink

Feldman

Feinberg

Feidelberg

Farber

Emmanuel

Ellison

Ellis

Adorno

Adler

Abrahams

名：

Kelly

Ingrid

Helen

Giselle

Fran

Erica

Ellen

Yvonne

Winnie

Wilma

Wendy

Vivian

Vicki

Ursula

Tori

Terri

Samantha

Sarah

Randi

Roxanne

Patty

Paula

Nicole

Norah

Melanie

Maureen

Lindsey

Linda

Laura

Kelly

Kate

Katherine

Jennifer

Julia

Ingrid

Helen

Diane

Debbie

Carolyn

Cathy

Barbara

Brenda

Anne

Allison

Amanda

Sally

Gina

Martha

Lynda

发送邮箱：

admin@rambler.ru

admin@yandex.ru

admin@gmail.com

admin@hotmail.com

admin@mail.ru