当前位置:在线查询网 > 在线百科全书查询 > Worm.Mytob.cn

Worm.Mytob.cn_在线百科全书查询


请输入要查询的词条内容:

Worm.Mytob.cn

病毒别名:

处理时间:2005-09-02

威胁级别:★★

中文名称:

病毒类型:蠕虫

影响系统:Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行为:

这是一个通过irc和电子邮件传播的蠕虫病毒.

该病毒运行后,黑客可以通过irc控制用户机器,执行破坏操作,如下载病毒文件,重新启动用户机器等.还能利用自带的smtp引擎,把病毒作为附件发送到指定邮箱.还能屏蔽大量安全网站.

1,修改注册表项:

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess

"Start" = "04, 00, 00, 00"

来关闭Windows XP 的防火墙功能

2,自动连接到下列irc服务器:

irc.unixirc.net

接受黑客控制,执行破坏操作,如下载病毒文件,并拷贝到系统目录等.

3,修改host文件,屏蔽下列安全网站:

''127.0.0.1'' ''www.symantec.com''

''127.0.0.1'' ''securityresponse.symantec.com''

''127.0.0.1'' ''symantec.com''

''127.0.0.1'' ''www.sophos.com''

''127.0.0.1'' ''www.mcafee.com''

''127.0.0.1'' ''www.viruslist.com''

''127.0.0.1'' ''www.f-secure.com''

''127.0.0.1'' ''www.avp.com''

''127.0.0.1'' ''www.networkassociates.com''

''127.0.0.1'' ''www.my-etrust.com''

''127.0.0.1'' ''dispatch.mcafee.com''

''127.0.0.1'' ''www.nai.com''

''127.0.0.1'' ''liveupdate.symantec.com''

4,在以下列后缀名结尾的文件中寻找邮件地址:

htmb

shtl

jspl

xmls

cgil

phpq

aspd

tbbg

dbxn

adbh

pl

html

wab

5,邮件内容会出现下列当中的一种:

Dear user

You have successfully updated the password of your count.

If you did not authorize this change or if you need assistance with your account, please contact %s customer service at:

Please also visit our irc server irc.unixirc.net 6667 #ccpower

Thank you for using %s!

The %s Support Team

+++ Attachment: No Virus (Clean)

Dear user

It has come to our attention that your %s User Profile ( x ) records are out of date. For further details see the attached document.

Please also visit our irc server irc.unixirc.net 6667 #ccpower

Thank you for using %s!

The %s Support Team

+++ Attachment: No Virus (Clean)

Dear %s Member,

We have temporarily suspended your email account %s.

This might be due to either of the following reasons:

1. A recent change in your personal information (i.e. change of address).

2. Submiting invalid information during the initial sign up process.

3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.

Thank you for using %s!

The %s Support Team

+++ Attachment: No Virus (Clean)

6,病毒会被作为附件,利用自带的smtp引擎发送出去

7,避免发送到含有下列字符的邮箱:

ibm.com

google

linux

berkeley

foo

ruslis

nodomai

mydomai

example

hotmail

panda

sopho

someone

your

bugs

rating

service

privacy

help

等等.

相关分词: Worm Mytob cn