Worm.Mytob.x

基本介紹

  • 中文名:Worm.Mytob.x
  • 病毒類型蠕蟲
  • 威脅級別:蠕蟲2星
  • 影響系統:Win9x / WinNT
  • 病毒行為:這是一個mytob的變種蠕蟲
Worm.Mytob.x,病毒行為,代碼,

Worm.Mytob.x

處理兵拘灶腳趨白時間:
威脅級別:★★
中文名稱:
病毒類型:蠕蟲
影響系統:Win9x / WinNT

病毒行為

這是一個mytob的變種蠕蟲,會搜尋本地郵件地址舉棵設捆,並傳送垃圾郵件,造成網路堵塞,並把自身做為附屬檔案傳送出去。一旦運行本病毒,本機會連線到irc聊天伺服器上,接受對方控制,執行後門程式,竊取用戶信息。病毒會禁止一些計算機安全公司網站,以防止用再酷糠戶升級;酷剃並避免向這些公司傳送郵件,以防止對方得到病毒樣本。

代碼

1,把自身拷貝到以鞏己漏希下目錄:
C:\funny_pic.scr
C:\see_this!!.scr
C:\my_photo2005.scr
%system%\win32.exe
2,釋放自身到以下目錄:
C:\hellmsn.exe
並運行
3,修改註冊表,在以下鍵中設定鍵“WIN32=win32.exe”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
4,建立互斥量:H-E-L-L-B-O-T
保證單個進程的運行
5,修改host檔案,阻微汽灶止訪問一些網站
127.0.0.1 www.trendmicro.com
127.0.0.1 www.trendmicro.com
127.0.0.1 trendmicro.com'
127.0.0.1 rads.mcafee.com'
127.0.0.1 customer.symantec.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 www.nai.com
127.0.0.1 nai.com
127.0.0.1 secure.nai.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 my-etrust.com
127.0.0.1 mast.mcafee.com
127.0.0.1 ca.com
127.0.0.1 www.ca.com
127.0.0.1 networkassociates.com
127.0.0.1 www.networkassociates.com
127.0.0.1 avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 kaspersky.com
127.0.0.1 www.f-secure.com
127.0.0.1 f-secure.com
127.0.0.1 viruslist.com
127.0.0.1 www.viruslist.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mcafee.com
127.0.0.1 www.mcafee.com
127.0.0.1 updates.symantec.com
127.0.0.1 sophos.com
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 www.symantec.com
127.0.0.1 symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 www.symantec.com
6,建立執行緒搜尋本機上的郵件地址,在具有以下擴展名的檔案中查找:
wab
pl
tbb
dbx
asp
php
sht
htm
7,阻止傳送到含有以下名稱的電子郵件:
info
samples
postmaster
webmaster
noone
nobody
nothing
anyone
your
someone
you
me
bugs
rating
site
contact
soft
no
somebody
privacy
service
help
not
submit
feste
ca
gold_certs
page
8,阻止傳送到含有以下域名的電子郵件:
foo
mil
gov
ruslis
nodomai
mydomai
example
inpris
borlan
sopho
panda
icrosof
syma
avp
edu
9,郵件內容會出現以下當中的一種:
'Guvf vf n zhygv-cneg zrffntr va ZVZR sbezng.'
'Mail transaction failed. Partial message is available.'
'The message contains Unicode characters and has been sent as a binary attachment.'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'The original message was included as an attachment.'
'Here are your banks documents.'
誘惑擁護打開帶毒附屬檔案
10,連線到irc聊天伺服器,等待遠程控制命令。黑客可以控制本計算機,還可以命令本機下載並運行後門程式
127.0.0.1 ca.com
127.0.0.1 www.ca.com
127.0.0.1 networkassociates.com
127.0.0.1 www.networkassociates.com
127.0.0.1 avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 kaspersky.com
127.0.0.1 www.f-secure.com
127.0.0.1 f-secure.com
127.0.0.1 viruslist.com
127.0.0.1 www.viruslist.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mcafee.com
127.0.0.1 www.mcafee.com
127.0.0.1 updates.symantec.com
127.0.0.1 sophos.com
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 www.symantec.com
127.0.0.1 symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 www.symantec.com
6,建立執行緒搜尋本機上的郵件地址,在具有以下擴展名的檔案中查找:
wab
pl
tbb
dbx
asp
php
sht
htm
7,阻止傳送到含有以下名稱的電子郵件:
info
samples
postmaster
webmaster
noone
nobody
nothing
anyone
your
someone
you
me
bugs
rating
site
contact
soft
no
somebody
privacy
service
help
not
submit
feste
ca
gold_certs
page
8,阻止傳送到含有以下域名的電子郵件:
foo
mil
gov
ruslis
nodomai
mydomai
example
inpris
borlan
sopho
panda
icrosof
syma
avp
edu
9,郵件內容會出現以下當中的一種:
'Guvf vf n zhygv-cneg zrffntr va ZVZR sbezng.'
'Mail transaction failed. Partial message is available.'
'The message contains Unicode characters and has been sent as a binary attachment.'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'The original message was included as an attachment.'
'Here are your banks documents.'
誘惑擁護打開帶毒附屬檔案
10,連線到irc聊天伺服器,等待遠程控制命令。黑客可以控制本計算機,還可以命令本機下載並運行後門程式

相關詞條

熱門詞條

聯絡我們