|
| 病毒预警:光华反病毒资讯(2月5日-2月11日) |
| 来源:网络 时间:2007-2-5 |
|
光华反病毒研究中心近日进行病毒特征码更新,请用户尽快到光华网站www.viruschina.com下载升级包,以下是几个重要病毒的简介:
一、邮件病毒:W32.Vutsog.A@mm 危害级别:★★★★★
根据光华反病毒研究中心专家介绍,这是一个邮件病毒,长度 73,217 字节,感染 Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP 系统,它利用远程执行漏洞传播,当收到、打开此病毒时,有以下危害:
A 复制自身到 C:\Program Files\Internet Explorer\iexplore.exe
B 复制原来的 C:\Program Files\Internet Explorer\iexplore.exe 到 C:\WINDOWS\system32\dllcache
C 创建文件
系统目录\dllcache\svchost.exe:svchost.exe
系统目录\svchost.exe:svchost.exe
Win目录%\lsass.exe
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LUALL.EXE
C::\Program Files\McAfee.com\Agent\mcupdate.exe
D 生成文件
c:\zyxwvuts.log
系统目录\msfsr.sys
系统目录\drivers\[随机].sys
E 增加键值 "SvcHost" = "C:\WINDOWS\system32\svchost.exe:svchost.exe"
到 HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
使得病毒每次开机后自动执行
F 增加键值"[随机]" = "[随机]:*:enabled:@xpsp2res.dll,-22019"
到HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy
\StandardProfile\AuthorizedApplications\List
使得病毒每次开机后自动执行
G 注册病毒作为以下特性的服务
服务名:SvcHost
显示名: SvcHost
描述: Generic Host Process for Win32 Services. If this service is disabled, any services that explicitly depend on it will fail to start.
位置: C:\WINDOWS\system32\svchost.exe:svchost.exe
H 将自身做为以下服务执行
Automatic LiveUpdate Scheduler
LiveUpdate
I 修改二进制文件附件到 wuaserv 服务上执行
C:\WINDOWS\system32\svchost.exe:svchost.exe
J 增加以下服务加载驱动 msfsr.sys
服务名: msfsr
显示名: msfsr
K 结束以下进程
Browser
lanmanserver
McShield
navapsvc
sharedaccess
SymAppCore
wscsvc
L 关闭系统对 C:\Program Files\Internet Explorer\iexplore.exe 保护
M 修改 system.ini 使得病毒开机后执行
N 连接 IRC 服务器 www.mi5.gov.uk 等待黑客命令
O 利用远程执行漏洞传播
P 收集以下位置的邮件地址簿
用户目录
Local Settings
Temporary Internet Files
Q 使用自带的邮件引擎发送病毒自身,邮件特性为
发件人(以下之一):
updates@McAfee.com
updates@Microsoft.com
updates@Symantec.com
主题(以下之一):
Data format error.
Destination host is not responding.
Mail quota exceeded.
Mail transaction failed.
Mail transaction failed. Data format error.
Mail transaction failed. Mail quota exceeded.
Mail transaction failed. Message is too large.
Mail transaction failed. Partial message is available.
Mail transaction failed. Service unavailable.
Mail transaction failed. Session aborted.
Message is too large.
Network failure.
Service unavailable.
Your message could not be delivered.
Your message is undeliverable.
Your message was not delivered.
附件(以下之一):
Alien vs. Predator 2
Angelina Jolie
Assassin
Auto Assault
BioShock
Britney Spears
CSI: London
Carmen Electra
Command & Conquer 3: Tiberium Wars
Crysis
Dragonball
Dungeons & Dragons Online: Stormreach
Enemy Territory: Quake Wars
Extreme Ghouls n’ Ghosts
Final Fantasy XIII
Full Auto
Full Auto 2: Battlelines
Ghost Recon: Advanced Warfighter
Ghost Rider
Grey’s Anatomy - next season
Half-Life 2: Aftermath
Halo 3
Hellgate: London
Heroes season 2
Hilary Duff
Huxley
Indiana Jones 4
Jennifer Lopez
Jericho season 2
Jessica Alba
Jessica Simpson
Killzone PS3
Live Free or Die Hard
Lost season 4
Metal Gear: Subsistence
Neverwinter Nights 2
Pamela Anderson
Paris Hilton
Premonition
Pursuit Force
Rainbow Six: Vegas
Resident Evil 3
Resident Evil 5
Resistance: Fall of Man
Rush Hour 3
Shark season 2
Six Degrees season 2
Smith season 2
Spider-Man 3
Splinter Cell: Double Agent
Spore
Star Trek: Legacy
Star Wars: Empire at War
Starcraft: Ghost
Studio 60 on the Sunset Strip season 2
Tekken
Terminator 4
The Hills Have Eyes II
Unreal Tournament 2007
Virtua Fighter 5
Warhammer Online Age Of Reckoning
attachment
casino
details
document
gaming
instructions
letter
message
myspace
myspacedetails
onlinecasino
onlinegaming
onlinepoker
poker
pokerstrategy
pokertechnique
readme
s Creed
transcript
your SSN etc
your bank account details
your financial details
your financial information
your personal details
your personal information
your tax returns
yourmyspacedetails
yoursite
yourwebsite
yousite
youtube-you
附件扩展名(以下之一):
.gif
.html
.jpeg
.mp3
.rtf
.txt
.wav
.wma
R 搜索以下路径复制病毒自身
BearShare
Collections
Downloads
my shared folder
share
shared
upload
uploads
S 复制病毒为以下名称之一
10,000 B.C.
28 Weeks Later
30 Days of Night
Across the Universe
Alien vs. Predator 2
Alpha Dog
American Gangster
Angel-A
Angelina Jolie
Are We Done Yet?
Atonement
August Rush
Balls of Fury
Because I Said So
Beowulf
Black Book
Blades of Glory
Breach
Britney Spears
Captivity
Carmen Electra
Dallas
Death at a Funeral
Delta Farce
Disturbia
Dragonball
Eastern Promises
El Cantante
Enchanted
Epic Movie
Evening
Fantastic Four 2
Firehouse Dog
Fly Me to the Moon
Foodfight!
Fracture
Fragile
Freedom Writers
Full of It
Ghost Rider
God Grew Tired of Us
Grind House
Hairspray
Halloween
Halo
Hannibal Rising
Hilary Duff
His Dark Materials-The Golden Compass
Horton Hears a Who
Hostel 2
Hot Fuzz
Hot Rod
In the Land of Women
Inkheart
Iron Man
Jennifer Lopez
Jessica Alba
Jessica Simpson
Journey 3-D
Jumper
Kung Fu Panda
La Vie en Rose
Live Free or Die Hard
Lucky You
Lust, Caution
Master of Time and Space
Next
No Reservations
Ocean’s Thirteen
Offside
Opus-The Last Christmas
Pamela Anderson
Paris Hilton
Pathfinder
Perfect Stranger
Premonition
Pride
Pride & Glory
Prom Night (2007)
Reservation Road
Resident Evil 3
Rocket Science
Rogue
Romeo & Juliet-Sealed with a Kiss
Rush Hour 3
Seven Day Itch
Severance
Shoot ’Em Up
Shooter
Silk
Skinwalkers
Slow Burn
Smokin’ Aces
Southland Tales
Spider-Man 3
Spring Breakdown
Stardust
Stomp the Yard
Strange Wilderness
Strangers
Sunshine
Super Bad
Surf’s Up
Talk to Me
Terminator 4
The Assassination of Jesse James
The Astronaut Farmer
The Dark Is Rising
The Flock
The Half Life of Timofey Berezin
The Hills Have Eyes II
The Hitcher
The Hoax
The Host
The Ice at the Bottom of the World
The Invasion
The Invisible
The Kingdom
The Last Legion
The Last Sin Eater
The Lives of Others
The Messengers
The Namesake
The Number 23
The Reaping
The Simpsons
The Spiderwick Chronicles
The TV Set
The Transformers
The Ultimate Gift
The Valet
The Waterhorse
This Christmas
Trade
Trick ’r Treat
Underdog
Untraceable
Vacancy
Vantage Point
Whisper
Wild Hogs
Wonder Woman
Zodiac
扩展名为以下名称之一
.scr
.avi.com
.mp4.com
.iso.exe
.zip.exe
- Full.exe
- Keygen.exe
光华反病毒软件已经对这种病毒进行了处理,请用户升级后,使用光华反病毒软件清除。
二 木马病毒 Trojan.Killwma 危害级别:★★☆☆☆
根据光华反病毒研究中心专家介绍,Trojan.Killwma 是一个木马病毒,长度 90,112 字节,感染 Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP 系统,破坏硬盘上的 .wma 文件。当收到、打开此病毒时,主要有以下危害:
A 生成文件[木马].exe
B 停止当前所有计划任务
C 增加一个计划任务,在五分钟后启动自身
D 搜索所有的 .wma 文件
E 破坏文件头,使得这些文件不能播放
F 有时重启计算机
北京日月光华软件公司网站(www.viruschina.com)每日进行病毒特征码更新,光华反病毒研究中心专家提醒您:请尽快到光华安全网站在线订购光华反病毒软件来防范病毒的入侵,时刻保护您的电脑安全。光华反病毒软件用户升级到2月5日的病毒库(免费下载地址为:http://www.viruschina.com/html/update.asp)就可以完全查杀这些病毒。
|
|
|
|
|
