病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
23040
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
这是一个通过邮件传播的蠕虫病毒。该病毒发作后,会从本机搜集邮件地址,然后把病毒以附件形式发送给搜索到的邮箱。
1,生成文件
%system%\lmovie.exe
%windows%\vcualts32.exe
%system%\lmovie.exeopen
2,添加启动项
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
"MovieM"="%system%\lmovie.exe"
3,从下列文件中搜集邮件地址
.wab
.txt
.msg
.htm
.shtm
.stm
.xml
.dbx
.mbx
.mdx
.eml
.nch
.mmf
.ods
4,附件文件名为
annabensonsexvideo.exe
katebeckinsalenudepictures.exe
jennaelfmansexanaldeepthroat
missamericaPorno,sex,oral,analcool,awesome!!.exe
PornoScreensaver.scr
Serials.txt.exe
barrettjacksonnudephotos,movies,pornvideo.exe
BritneySpearssexphotos.exe
parishiltonPornopicsarhive,xxx.exe
WindowsSourcecodeupdate.doc.exe
AheadNero10.exe
WindownVistaBetaLeak.exe
IEbeta7.exe
Serials2005database.exe
XXXhardcoreimages.exe
AdobePhotoshop9full.exe
5,过滤含有下列字符串的邮件地址
@hotmail
@msn
@microsoft
rating@
f-secur
news
update
anyone@
bugs@
contract@
feste
gold-certs@
help@
info@
nobody@
noone@
kasp
admin
icrosoft
support
ntivi
unix
bsd
linux
listserv
certific
sopho
@foo
@iana
free-av
@messagelab
winzip
winrar
samples
abuse
panda
cafee
spam
pgp
@avp.
noreply
local
root@
postmaster@
6,邮件主题
WillYouBeMyValentine?
Loveyouwithallmyheart!
Seeyoutonight!
ComeBeWithMe,myLove!
Mydreamiscomingtrue!
7,邮件内容
LoveatthelipswastouchAssweetasIcouldbear;Andoncethatseemedtoomuch;IlivedonairThatcrossedmefromsweetthings,Theflowof-wasitmuskFromhiddengrapevinespringsDownhillatdusk?IhadtheswirlandacheFromspraysofhoneysuckleThatwhentheyregatheredshakeDewontheknuckle.Icravedstrongsweets,butthoseSeemedstrongwhenIwasyoung;ThepetaloftheroseItwasthatstung.NownojoybutlackssaltThatisnotdashedwithpainAndwearinessandfault;IcravethestainOftears,theaftermarkOfalmosttoomuchlove,ThesweetofbitterbarkAndburningclove.WhenstiffandsoreandscarredItakeawaymyhandFromleaningonithardIngrassandsandThehurtisnotenough:IlongforweightandstrengthTofeeltheearthasroughToallmylength.
Iwokeupinawhiteroomwithwhitelacecurtains.Snowcoveredlandscape;I