基本介紹
- 中文名:Blebla.B病毒
- 外文名:Blebla. B virus
- 讀音:Blebla.B bìng dú
- 別名:Troj_Blebla.B,Verona, Verona.B,W32/Blebla.B@MM
- 複製方式:自身複製
- 屬性:網路蠕蟲
病毒簡介,病毒運行,蠕蟲副本啟動,蠕蟲病毒執行,
病毒簡介
病毒名稱:Blebla.B
別名:Troj_Blebla.B,Verona, Verona.B,W32/Blebla.B@MM
病毒運行
病毒運行的時候,它將自身複製到C:\Windows\sysrnj.exe,並在註冊表中創建以下內容:
HKEY_CLASSES_ROOT\rnjfile
\DefaultIcon= %1
\shell\open\command = sysrnj.exe "%1" %*
蠕蟲副本啟動
當"rnjfile" 被指定,上面提到的鍵值將運行這個蠕蟲副本,接著修改下列鍵值:
HKEY_CLASSES_ROOT
\.exe = rnjfile
\.jpg = rnjfile
\.jpeg = rnjfile
\.jpe = rnjfile
\.bmp = rnjfile
\.gif = rnjfile
\.avi = rnjfile
\.mpg = rnjfile
\.mpeg = rnjfile
\.wmf = rnjfile
\.wma = rnjfile
\.wmv = rnjfile
\.mp3 = rnjfile
\.mp2 = rnjfile
\.vqf = rnjfile
\.doc = rnjfile
\.xls = rnjfile
\.zip = rnjfile
\.rar = rnjfile
\.lha = rnjfile
\.arj = rnjfile
\.reg = rnjfile
上面列出的任何一個檔案被打開都將使該蠕蟲副本啟動。
該蠕蟲將自身傳送到新聞組 alt.comp.virus ,訊息內容如下:
From: "Romeo&Juliet"
Subject:[Romeo&Juliet] R.i.P.
蠕蟲病毒執行
Romeo&Juliet
where is my juliet ?
where is my romeo ?
hi
last wish ???
lol :)
,,...'
!!!
newborn
merry christmas!
surprise !
Caution: NEW VIRUS !
scandal !
^_^
Re:
