病毒名称(中文):
袋子变种H
病毒别名:
Email-Worm.Win32.Bagz.h[AVP]
威胁级别:
★★☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
41985
影响系统:
Win9xWinNT
病毒行为:
这是一个向外发送电子邮件的蠕虫病毒。该病毒会将自己注册系统服务,并开启一个隐蔽的代理,通过本地机器发送邮件。邮件的发送者是伪造的,邮件的附件是一个html文件,每封邮件的附件名可能是不同的。
1)将病毒拷贝到%System%\hicom.exe,并将其进程注册为系统服务WorkingNetworkConnections。
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TY164
"Type"=0x20
"Start"=0x2
"ErrorControl"=0x0
"ImagePath"="%System%\hicom.exe"
"DisplayName"="WorkingNetworkConnections"
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TY164\Security
"Security"=01001480A0000000...
"ObjectName"="LocalSystem"
"Description"="Managesthisoutconfigtest"
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_TY164
"NextInstance"=0x1
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_TY164\0000\Control
"*NewlyCreated*"=0x0
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_TY164\0000
"Service"="TY164"
"Legacy"=0x1
"ConfigFlags"=0x0
"Class"="LegacyDriver"
"ClassGUID"="{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc"="WorkingNetworkConnections"
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\TY164\Enum
"0"="Root\LEGACY_TY164\0000"
"Count"=0x1
"NextInstance"=0x1
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent
(Default)=0x8
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_TY164\0000\Control
ActiveService="TY164"
2)尝试连接到预定的站点
3)开启一个隐蔽的代理,并通过染毒机器发送邮件
邮件发送人:
姓:
Alexander
Alpert
Albert
Horowitz
Hollaender
Hohenemser
Hoch
Hirsch
Himmelfarb
Hillel
Herzog
Hersch
Herzberg
Herman
Hellman
Heller
Heck
Hecht
Handler
Halpern
Halperin
Gysi
Gunzberg
Gr1nberg
Gruber
Grossman
Greenberg
Gralnick
Gould
Gottlieb
Goldwyn
Goldenson
Goldberg
Glucksman
Glickman
Glazer
Gershwin
Gersh
Gelbman
Geffen
Friedman
Fried
Freud
Frankel
Fleisher
Fleischer
Fishbein
Fisch
Fish
Finkelstein
Finkbein
Finkel
Fink
Feldman
Feinberg
Feidelberg
Farber
Emmanuel
Ellison
Ellis
Adorno
Adler
Abrahams
名:
Kelly
Ingrid
Helen
Giselle
Fran
Erica
Ellen
Yvonne
Winnie
Wilma
Wendy
Vivian
Vicki
Ursula
Tori
Terri
Samantha
Sarah
Randi
Roxanne
Patty
Paula
Nicole
Norah
Melanie
Maureen
Lindsey
Linda
Laura
Kelly
Kate
Katherine
Jennifer
Julia
Ingrid
Helen
Diane
Debbie
Carolyn
Cathy
Barbara
Brenda
Anne
Allison
Amanda
Sally
Gina
Martha
Lynda
发送邮箱:
admin@rambler.ru
admin@yandex.ru
admin@gmail.com
admin@hotmail.com
admin@mail.ru
