基本介紹
- 中文名:Worm.Mytob.au
- 威脅級別:★★
- 病毒類型:蠕蟲
- 影響系統:Win9x / WinNT
- 病毒別名:Net-Worm.Win32. Mytob. au[AVP]
概要,病毒行為,
概要
處理時間:
中文名稱:
病毒行為
:
該病毒會使用自帶的SMTP引擎瘋狂向外傳送帶毒郵件,誘騙郵件接收者打開附屬檔案。禁止用戶訪問某些著名的反病毒網站,從網上下載病毒到本地機器運行,還會在感染機器上留下後門以便攻擊者可以通過IRC來控制被感染機器。
(1)釋放病毒副本LIENVANDEKELDER.EXE到系統目錄下
(2)添加註冊表啟動項:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
(3)使用自己的SMTP引擎向外傳送郵件:
取下面的某一行做為郵件主題:
*IMPORTANT* Please Validate Your Email Account
*IMPORTANT* Your Account Has Been Locked
Email Account Suspension
Notice: **Last Warning**
Notice:***Your email account will be suspended***
Security measures
Your email account access is restricted
Your Email Account is Suspended For Security Reasons
取下面的某一段做為郵件正文:
Account Information Are Attached!
Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.
please look at attached document.
Please see the attachement.
To safeguard your email account from possible termination, please see the attached file.
To unblock your email account acces, please see the attachement.
We have suspended some of your email services, to resolve the problem you should read the attached document.
取下面的某一行做為附屬檔案名稱:
document_full
email-doc
email-info
email-text
IMPORTANT
info-text
information
your_details
附屬檔案可能使用的擴展名:
EXE
PIF
SCR
ZIP
(5)從網上下載病毒到染毒機器上運行。
