Worm.Beagle.fr

王朝other·作者佚名  2008-08-14
宽屏版  字体: |||超大  

病毒名称(中文):

病毒别名:

威胁级别:

★☆☆☆☆

病毒类型:

蠕虫病毒

病毒长度:

887432

影响系统:

Win9xWinMeWinNTWin2000WinXPWin2003

病毒行为:

这是一种通过邮件传播的蠕虫病毒,该病毒搜索被感染机器上的邮件地址把自己的拷贝发送出去,并且会尝试在局域网共享内传播,对于网络带来很大的附带。

1.生成文件:

%System%\win32lib.exe

2.添加注册表起始项,使病毒开机运行:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

win_shell

win32lib.exe

3.新建注册表项:

SOFTWARE\Windows_Shell

4.搜索被感染机器上的一下文件,查找邮件地址:

wab

txt

msg

htm

shtm

stm

xml

dbx

mbx

mdx

eml

nch

mmf

ods

cfg

asp

php

pl

wsh

adb

tbb

sht

xls

oft

uin

cgi

mht

dhtm

jsp

5.不向含有以下字符的邮件地址发送邮件:

@hotmail

@msn

@microsoft

rating@

f-secur

news

update

anyone@

bugs@

contract@

feste

gold-certs@

help@

info@

nobody@

noone@

kasp

admin

icrosoft

support

ntivi

unix

bsd

linux

listserv

certific

sopho

@foo

@iana

free-av

@messagelab

winzip

google

winrar

samples

abuse

panda

cafee

spam

pgp

@avp.

noreply

local

root@

postmaster@

6.发送邮件:

邮件主题:

Payyourdebtsbeforewecometoyou

Calltoyourlawerimmidiately

Lawsuitagainstyou

Wewaityourresponse.

邮件内容:

"LAWSUITAGAINSTYOU(ATTACHMENTHASMOREINFORMATION)1550PeachtreeStreetAtlanta,GA30309

To[REMOVED]gmentthatIcangetagainstEquifaxforviolationoftheFairCreditReportingActandDefamation."

"LAWSUITAGAINSTYOU(CLICKTOATTACHEDDOCUMENTFORMOREINFORMATION)ToWhomItMayConcern:

On[REMOVED]incaseyourefusetoacceptthecertifiedmail,returnreceiptrequestedversionofthisletter."

"LAWSUITAGAINSTYOU(CLICKTOATTACHEDDOCUMENTFORMOREINFORMATION)

Tucker"sFix-It-QuickGara[REMOVED]gthedayat555-2857orintheeveningsuntil10p.m.at555-8967.

Sincerely,

MarshaRizzoli"

邮件的附件名是以下随即一个:

lawsuit.exe

explanation.exe

documents.exe

并且在邮件的末尾加上字符迷惑邮件接收者:

++++Attachment:NoVirusfound

++++NortonAntiVirus-www.symantec.com

 
 
 
免责声明:本文为网络用户发布,其观点仅代表作者个人观点,与本站无关,本站仅提供信息存储服务。文中陈述内容未经本站证实,其真实性、完整性、及时性本站不作任何保证或承诺,请读者仅作参考,并请自行核实相关内容。
© 2005- 王朝网络 版权所有