Worm.Gurong.a - 王朝网络宽屏版

病毒名称(中文):

病毒别名:

威胁级别:

★☆☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

28160

影响系统:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行为:

这是一个通过邮件传播的蠕虫病毒，改病毒会搜索被感染机器上的邮件地址，并且向搜索到的地址发送自己本身出去，严重影响被感染机器所在的网络。

1.生成文件:

%System%\wmedia16.exe

2.添加注册表起始项,使病毒开机运行:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

WMedia16

wmedia16.exe

3.搜索被感染机器上的地址簿和一下的文件后缀结尾的文件;

adb

asp

dbx

htm

php

sht

tbb

txt

wab

4.假如所搜索到的邮件地址带有以下的字符，则不发邮件:

.aero

.gov

.mil

accoun

AccountRobot

acketst

admin

alert

anyone

arin.

avp

berkeley

borlan

bsd

bugs

certific

contact

example

feste

fethard

fido

foo.

fraud

fsf.

gnu

gold-certs

google

gov.

help

hotmail

iana

ibm.com

icrosof

icrosoft

ietf

info

inpris

isc.o

isi.e

kernel

linux

listserv

math

mit.e

mozilla

msn.

mydomai

nobody

nodomai

noone

not

nothing

ntivi

page

panda

pgp

postmaster

privacy

rating

rfc-ed

ripe.

root

ruslis

samples

secur

sendmail

service

site

soft

somebody

someone

sopho

spm

submit

support

syma

tanford.e

the.bat

unix

usenet

utgers.ed

webmaster

webmoney

you

your

5.邮件的发信人为以下其中随机一个;

adam

alex

alexey

alice

andrew

anna

bob

boris

brenda

brent

brian

claudia

craig

cyber

dan

dave

david

debby

den

dmitry

frank

george

gerhard

helen

ilya

james

jane

jayson

jerry

jim

jimmy

joe

john

jose

julie

kevin

lee

leo

linda

maria

marina

mary

matt

michael

mike

nikolay

olga

peter

ray

robert

sam

sandra

serg

smith

steve

tom

vlad

vladimir

邮件的主题为以下随即一个:

Greetings!

Hellofriend;)

Heydear!

Hey!Howareyoudoingbud?

Re:Hello

Re:Igotit!Tryitnow!

Re[2]:wazzupbro

Wazzapbro!!

邮件的内容为:

Greetings!Checkoutmyportfolio,please!Hereissomemyphotosinthearchive.

Greetings.Hereissomemynudephotosintheattachment.

Hellobro!Hereismynewgirlfriend"sphoto!Checkitout!

Hellobuddy!Takealookatattachment!Hereismynude17-yrsister!

Hello!HereisNEWsmilespackforMSNmessenger!Itisreallycool;)

Hello!Isentyounewskypeplug-in,asyouwished.

Hello!ThereisNEWplug-inforMSN.Tryitout!

Heybro!Checkoutattachment!Thereisanewplug-inforskype!

Heydear!Hereismyphotos,asIpromised.

Heyfriend!TrythisnewsmilespackforMSNmessenger!

Heyman!Takealookatattachment!

Whatzupman!Thereismynude17-yrsisterintheattachment!

附件名为以下两部分的组合:

body

conf_data

doc

document

i_love_u

i_luv_u

port_imgs

sex_girls

sex_pics

后缀:

bat

cmd

exe

pif

scr

txt

zip