病毒名称(中文):
病毒别名:
威胁级别:
★★☆☆☆
病毒类型:
其它
病毒长度:
43247
影响系统:
Win9xWinNT
病毒行为:
该病毒为一个电子邮件蠕虫病毒.该病毒通过向外发送大量的带毒电子邮件来传播自身,且邮件内容极具欺骗性,诱使用户打开带毒附件而感染病毒.
该病毒的邮件内容大概如下:(英文或德文)
First,SorryformyverybadEnglish!
Someonesendyourprivatemailsonmyemailaccount!
IthinkitsanMail-ProviderorSMTPerror.
Normally,Ideletesuchemailsimmediately,butinthemail-textisaname&adress.
Ithinkitsyournameandadress.Thesenderofthismailsisinthetextfiletoo.
附件为:随机
1.复制自身到系统目录下,文件名可能为以下之一:
sys
host
dir
expoler
win
run
log
32
disc
crypt
data
diag
spool
service
smss32
2.在注册表HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
下增加自启动项键值为上面生成的文件名
3.创建以下文件:
%System%\dgsfzipp.gmx
%System%\read.me
%System%\dgssxy.yoi
%System%\sysmms32.lla
%System%\cvqaikxt.apk
%System%\Odin-Anon.Ger
%System%\datamx.dam
%System%\nonrunso.ber
4.从以下扩展名文件中获取Email地址
pmr
phtm
stm
slk
inbox
imb
csv
bak
imh
xhtml
imm
imh
cms
nws
vcf
ctl
dhtm
cgi
pp
ppt
msg
jsp
oft
vbs
uin
ldb
abc
pst
cfg
mdw
mbx
mdx
mda
adp
nab
fdb
vap
dsp
ade
sln
dsw
mde
frm
bas
adr
cls
ini
ldif
log
mdb
xml
wsh
tbb
abx
abd
adb
pl
rtf
mmf
doc
ods
nch
xls
nsf
txt
wab
eml
hlp
mht
nfo
php
asp
shtml
dbx
5.发送带毒邮件到上面找到的邮件地址中,但该病毒不会发送带毒邮件到包含以下字符串的邮箱内
ntp-
ntp@
ntp.
info@
test@
office
@www
@from.
support
smtp-
@smtp.
gold-certs
ftp.
.dial.
.ppp.
anyone
subscribe
announce
@gmetref
sql.
someone
nothing
you@
user@
reciver@
somebody
secure
me@
whatever@
whoever@
anywhere
yourname
mustermann@
.kundenserver.
mailer-daemon
variabel
password
noreply
--dav
law2
.sul.t-
.qmail@
t-ipconnect
t-dialin
ipt.aol
time
postmas
service
freeav
@ca.
abuse
winrar
domain.
host.
viren
bitdefender
spybot
detection
ewido.
emsisoft
linux
@foo.
winzip
@example.
bellcore.
@arin
mozilla
@iana
@avp
icrosoft.
@sophos
@panda
@kaspers
free-av
antivir
virus
verizon.
@ikarus.
@nai.
@messagelab
nlpmail01.
clock
6.该带毒邮件的特征大概如下:
发件人:
假造
主题:
I"vegotYOURemailonmyaccount!!
EyduDOOFNase,warumbeantw...
正文:
Oneofthefollowing:
Hello,
First,SorryformyverybadEnglish!
Someonesendyourprivatemailsonmyemailaccount!
Ithinkit"sanMail-ProviderorSMTPerror.
Normally,Ideletesuchemailsimmediately,butinthemail-textisa
name&adress.Ithinkit"syournameandadress.
Inthelast8daysi"vegot7mailsinmymail-box,buttherecipient
areyou,notme.lol
OK,I"vecopiedallemailtextintheWindowsText-Editorandi"ve
zippedthetextfilewithWinZip.
Thesenderofthismailsisinthetextfile,too.
bye
WarumbeantwortestDumeineE-Mailsnicht?
KommenmeineMailsnichtmehrbeidiranoderso???
HabemirjetztextraeineneueMailAdressebeiGMXgemacht!
Ichhoffemal,dassiejetztzudirdurchdringenwird.
InmeinenanderenMailshabeicheinigeWichtigeDinge
niedergeschrieben,hatteaberkeineLustallesnochmalzuschreiben.
DeshalbhabeichdiealtenMail-TexteimTexteditorkopiertundmit
Winzipkleinergemacht.
Lesenunddiesmalauchbescheidgeben!!!!
tschau.....
附件:
扩展名可能为.pif,.zip,.scr,.bat,或.com