基本介紹
病毒信息,病毒原理:,技術特點,A、,B、,C、,D、,E、,解決方案:,安全建議:,
病毒信息
病毒別名: I-Worm.Mydoom.q [AVP]
WORM_RATOS.A [趨勢]
病毒類型: 蠕蟲
受影響系統:Win9x/WinNT/Win2K/WinXP/Win2003
發作現象:
通過以下註冊表鍵值函獲得,SMTP地址
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts
"SMTP Email Address"
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts
"SMTP Email Address"
病毒原理:
在如下後綴名檔案中搜尋郵件地址
.htm .sht .php .asp .dbx .tbb .adb .wab .pl
如果搜尋的郵件地址含有以下字元
"syma"
"icrosof"
"msn."
"hotmail"
"panda"
"sopho"
"borlan"
"inpris"
"example"
"mydomai"
"nodomai"
"ruslis"
".gov"
"gov."
".mil"
"foo."
"unix"
"math"
"bsd"
"mit.e"
"gnu"
"fsf."
"ibm.com"
"google"
"kernel"
"linux"
"fido"
"usenet"
"iana"
"ietf"
"rfc-ed"
"sendmail"
"arin."
"ripe."
"isi.e"
"isc.o"
"secur"
"acketst"
"pgp"
"tanford.e"
"utgers.ed"
"mozilla"
"icrosoft"
"support"
"ntivi"
