Worm.Beagle.xk

Worm.Beagle.xk,2005年8月26日處理,蠕蟲病毒,威脅級別★★。

基本介紹

  • 中文名惡鷹變種xk
  • 外文名:Worm.Beagle.xk
  • 威脅級別:★★
  • 處理時間:2005-08-26
  • 病毒類型蠕蟲
簡介,病毒行為,建立互斥變數,生成檔案,

簡介

病毒名:Worm.Beagle.xk

病毒行為

該病毒通過郵件進行傳播,並且利用pnp exploit (MS05-039)漏洞。病毒會禁止大量的安全軟體網站,並從網上下載檔案,並且會在受感染的機器的檔案中搜尋電子郵件地址,並向搜尋到的地址傳送郵件。通過傳送各種軟體的序列號來誘惑用戶打開運行病毒程式。該病毒會向外傳送大量的帶毒郵件,嚴重影響到用戶的安全。
通過建立Breatle-X-Beagle的互斥變數來確認系統中是否有其他惡鷹變種

建立互斥變數

MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D
_-oO]xX|-S-k-y-N-e-t-|Xx[Oo-_

生成檔案

%system%\winhost.exe
添加起始項,使病毒開機運行
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
winhost.exe
刪除註冊表中的一下鍵的
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
以下鍵值:
winhost.exe
WINDOWS SYSTEM
csm Win Updates
WinDrg32
Wintbp.exe
Wintbpx.exe
wintnpx.exe
erthgdr
erthgdr2
修改Host檔案,禁止大量安全網站
搜尋用戶的有效信箱地址,向外面傳送檔案
郵件的傳送者通過一下組合:
域名為一下隨機一個:
@msn
@microsoft
@messagelab
@iana
@foo
@avp
傳送著為一下隨機一個:
root@
rating@
postmaster@
pgp
panda
ntivi
norton
noreply
noone@
nobody@
news
local
listserv
linux
kasp
info@
microsoft
help@
google
gold-certs@
free-av
feste
f-secur
contract@
certific
cafee
bugs@
bsd
anyone@
admin
abuse
郵件內容為一下隨機一段:
Here is the file.
Message is in attach
See the attached file for details.
Pay attention at the attach.
Check attached file.
Check attached file for details.
Attached file tells everything.
Attach tells everything.
Please, read the document.
Your document is attached.
Please, have a look at the attached file.
See attach.
More info is in attach
Try this.
Your file is attached.
Read the attach.
Encrypted document
郵件的標題為:
Re: Hi Site changes Forum notify
Re: Protected message Protected message Fax Message Update Changes.. Notification
Re: Message Notify
Re: Incoming Msg
Re: Incoming Message Incoming message
Re: Document
Re: Text message
Re: Thanks :)
Re: Thank you!
Re: Yahoo!
Re: Re: Hello
Re: Msg reply
附屬檔案為病毒本身,命名為一下隨機一個:
\XXX hardcore images.exe
\Windows Sourcecode update.doc .exe
\Windown Longhorn Beta Leak.exe
\WinAmp 6 New!.exe
\Serials.txt .exe
\Porno, sex, oral, anal cool, awesome!!.exe
\Porno pics arhive, xxx.exe
\Porno Screensaver.scr
\New patch.exe
\New document.doc .exe
\Microsoft Windows XP, WinXP Crack, working Keygen.exe
\Microsoft Office XP working Crack, Keygen.exe
\Microsoft Office 2003 Crack, Working!.exe
\Kaspersky Antivirus 5.0.exe
\Ahead Nero 7.exe
病毒中帶有以下的信息
如果你想抓住zotob的作者入獄,我可以給你提供相關的信息.
If you want zotob author for a crime i can tell you his email, information about his country and etc so you can arrest him easily。

相關詞條

熱門詞條

聯絡我們