基本介紹
- 外文名:Worm.Mytob.d
- 病毒類型:蠕蟲
- 影響系統:Win9x / WinNT
- 病毒別名:Net-Worm.Win32.Mytob.d[AVP]
病毒信息,傳播過程,
病毒信息
威脅級別:★★
病毒行為:
這是一個通過電子郵件和網路共享台潤辨傳播墊懂只的蠕蟲病毒。該病毒會在某些特定的檔案中收集郵件再影蜜地址,並將病毒傳送給舟只這些郵件接收者。病恥巴笑鴉毒嘗試用自帶的密碼字典登入其他用戶的已分享資料夾,如果成功登入就將病毒拷到這些目錄中,誘騙這些用戶去打開棗拒翻。此外,該病毒還會禁止用戶訪問反病毒廠商的網站。
傳播過程
1)病毒運行時釋放2個副本:
%System%\taskgmr.exe
%System%\winnett.exe
2)將“SVCHOST="taskgmr.exe"”添加到下列註冊表中以便實現病毒愉永嚷龍的開機自啟動:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Control\Lsa
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3)通過修改hosts檔案,禁止用戶訪問安全軟體廠商的下列網站:
www.symantec.com
securityresponse.symantec.com
symantec.com
www.sophos.com
sophos.com
www.mcafee.com
mcafee.com
liveupdate.symantecliveupdate.com
www.viruslist.com
viruslist.com
viruslist.com
f-secure.com
www.f-secure.com
kaspersky.com
www.avp.com
www.kaspersky.com
avp.com
www.networkassociates.com
networkassociates.com
www.ca.com
ca.com
mast.mcafee.com
my-etrust.com
www.my-etrust.com
download.mcafee.com
dispatch.mcafee.com
secure.nai.com
nai.com
www.nai.com
update.symantec.com
updates.symantec.com
us.mcafee.com
liveupdate.symantec.com
customer.symantec.com
rads.mcafee.com
trendmicro.com
www.microsoft.com
www.trendmicro.com
4)在下列擴展名的檔案中收集郵件地址:
.wab
.adb
.tbb
.dbx
.asp
.php
.sht
.htm
5)取下面的某一行做為郵件的正文:
Here are your banks documents.
The original message was included as an attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The message contains Unicode characters and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.
secure.nai.com
nai.com
www.nai.com
update.symantec.com
updates.symantec.com
us.mcafee.com
liveupdate.symantec.com
customer.symantec.com
rads.mcafee.com
trendmicro.com
www.microsoft.com
www.trendmicro.com
4)在下列擴展名的檔案中收集郵件地址:
.wab
.adb
.tbb
.dbx
.asp
.php
.sht
.htm
5)取下面的某一行做為郵件的正文:
Here are your banks documents.
The original message was included as an attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The message contains Unicode characters and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.