基本介紹
- 中文名:神器祭壇
- 外文名:Worm.Warezov.fe
- 處理時間::2006-08-29
- 威脅級別::★
- 病毒類型::蠕蟲
病毒別名:
影響系統:Win 9x/ME,Win 2000/NT,Win XP,Win 2003
病毒行為:
1.生成檔案:
%WINNT%\svchost32.exe
%Temp%\document.elm .bat
%Temp%\file.dat .cmd
%Temp%\message.dat .exe
%Temp%\message.msg .scr
%Temp%\readme.dat .cmd
%Temp%\readme.txt .scr
%Temp%\test.msg .pif
%Temp%\text.dat .cmd
%Temp%\text.msg .exe
2.添加註冊表項:
HKLC\System\ControlSet\Control\Session Manager
"PendingFileRenameOperations" = "svchost32.exe"
3.傳送郵件,通過郵件附屬檔案把自己傳播出去:
附屬檔案名為以下任意一個:
body
data
doc
docs
document
file
message
readme
test
text
第一個後綴名為以下任意一個,以迷惑用戶:
.dat
.elm
.log
.msg
.txt
實際的後綴名為以下任意一個:
.bat
.cmd
.exe
.pif
.scr
郵件主題為以下任意一個:
Error
Good Day
Mail Delivery System
Mail Transaction Failed
Server Report
Status
hello
picture
test
郵件內容為以下任意一個:
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sentas a binary attachment.
The message cannot be represented in 7-bit ASCII encodingand has been sent as a binary attachment
4.搜尋被感染的機器上的以下檔案,來獲取郵件地址:
adb
asp
cfg
cgi
dbx
dhtm
eml
htm
html
jsp
mbx
mdx
mht
mmf
msg
nch
ods
oft
php
pl
sht
shtm
stm
tbb
txt
uin
wab
wsh
xls
xml
