病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
48003
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
这是一个通过邮件传播的蠕虫病毒。同时该病毒也是一个后门程序,该病毒运行后,自动连接IRC聊天室,等待黑客命令进行对用户的远程控制及攻击;该病毒会进行溢出攻击和共享攻击。建议用户及时打上漏洞补丁及关闭ipc$等共享服务。该病毒会搜索用户主机上的doc、htm及txt文件,读取上面的邮件地址,并把带有病毒的邮件发送到那些地址。
1,生成文件
%system%\winint.exe
2,添加服务
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MicrosoftSystemDebugger
启动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MicrosoftSystemDebugger
"ImagePath"="%system%\winint.exe"
3,邮件内容
Dearuser%s,
Youhavesuccessfullyupdatedthepasswordofyour%saccount.
Ifyoudidnotauthorizethischangeorifyouneedassistancewithyouraccount,pleasecontact%scustomerserviceat:%s
Thankyouforusing%s!
The%sSupportTeam
+++Attachment:NoVirus(Clean)
+++%sAntivirus-www.%s
Dearuser%s,
Ithascometoourattentionthatyour%sUserProfile(x)recordsareoutofdate.Forfurtherdetailsseetheattacheddocument.
Thankyouforusing%s!
The%sSupportTeam
+++Attachment:NoVirus(Clean)
+++%sAntivirus-www.%s
Dear%sMember,
Wehavetemporarilysuspendedyouremailaccount%s.
Thismightbeduetoeitherofthefollowingreasons:
1.Arecentchangeinyourpersonalinformation(i.e.changeofaddress).
2.Submitinginvalidinformationduringtheinitialsignupprocess.
3.Aninnabilitytoaccuratelyverifyyourselectedoptionofsubscriptionduetoaninternalerrorwithinourprocessors.
Seethedetailstoreactivateyour%saccount.
Sincerely,The%sSupportTeam
+++Attachment:NoVirus(Clean)
+++%sAntivirus-www.%s
Dear%sMember,
Youre-mailaccountwasusedtosendahugeamountofunsolicitedspammessagesduringtherecentweek.Ifyoucouldpleasetake5-10minutesoutofyouronlineexperienceandconfirmtheattacheddocumentsoyouwillnotrunintoanyfutureproblemswiththeonlineservice.
Ifyouchoosetoignoreourrequest,youleaveusnochoicebuttocancelyourmembership.
Virtuallyyours,
The%sSupportTeam
+++Attachment:NoVirusfound
+++%sAntivirus-www.%s
