Worm.Beagle.gi
病毒名称(中文):
病毒别名:
威胁级别:
★☆☆☆☆
病毒类型:
蠕虫病毒
病毒长度:
46150
影响系统:
Win9xWinMeWinNTWin2000WinXPWin2003
病毒行为:
这是一种通过邮件传播的蠕虫病毒,该病毒通过搜索被感染机器上的邮件地址把自己的拷贝发送出去,并且会尝试下载新病毒变种。
1.生成互斥量:
"sdfsdfsdf_mtx"
2.添加注册表项,标记该机器已经被感染:
HKCU\Software\Fir4456
3.尝试链接217.5.97.137,判定机器是否连网。
4.尝试从以下的地址下载文件到%Windwos%\elist.xpt:
http://www.titanm***rs.com/images/1/email.php
5.尝试从以下的网址下载文件:
http://www.titanmotors.com/images/1/email.php
http://veranmaisala.com/1/email.php
http://sv-schoellkrippen.de/1/email.php
http://www.radioboost.com/1/email.php
http://wklight.nazwa.pl/1/email.php
http://yolordi.nl/1/email.php
http://yongsan24.co.kr/1/email.php
http://zither.oranc.co.kr/1/email.php
http://zs1wadowice.kei.pl/przyklady/1/email.php
http://accesible.cl/1/email.php
http://www.e-ibt.com/1/email.php
http://hotelesalba.com/1/email.php
http://alter-art.com/1/email.php
http://amdlady.com/1/email.php
http://inca.dnetsolution.net/1/email.php
http://www.auraura.com/1/email.php
http://avataresgratis.com/1/email.php
http://barbie-moravia.wz.cz/1/email.php
http://rejek.pl/1/email.php
http://ben-or.ebodesign.com/1/email.php
http://best4testcom.37.com1.ru/1/email.php
http://beyoglu.com.tr/1/email.php
http://brandshock.com/1/email.php
http://www.buydigital.co.kr/1/email.php
http://cadec.org/1/email.php
http://camaramafra.sc.gov.br/1/email.php
http://camposequipamentos.com.br/1/email.php
http://cbradio.sos.pl/1/email.php
http://www.chaingun.net/1/email.php
http://chilbi-karussell.ch/1/email.php
http://cienpsp.com/1/email.php
http://www3.cjrsradio.com/1/email.php
http://club.nuh.pl/1/email.php
http://c-d-c.com.au/1/email.php
http://www.klanpl.com/1/email.php
http://coparefrescos.stantonstreetgroup.com/1/email.php
http://creainspire.com/1/email.php
http://ct-style.com/1/email.php
http://czerwon.be/1/email.php
http://flightsim-czech.com/1/email.php
http://desenjoi.com.br/1/email.php
http://www.inprofile.gr/1/email.php
http://www.diem.cl/1/email.php
http://arkeolan.com/1/email.php
http://www.discotecapuzzle.com/1/email.php
6.在被感染机器上搜索以下后缀的文件,来获取邮件地址:
.wab
.txt
.msg
.htm
.shtm
.stm
.xml
.dbx
.mbx
.mdx
.eml
.nch
.mmf
.ods
.cfg
.asp
.php
.pl
.wsh
.adb
.tbb
.sht
.xls
.oft
.uin
.cgi
.mht
.dhtm
.jsp
7.不向含有以下字符的邮件地址发送邮件:
@hotmail
@msn
@microsoft
rating@
f-secur
news
update
anyone@
bugs@
contract@
feste
gold-certs@
help@
info@
nobody@
noone@
kasp
admin
icrosoft
support
ntivi
unix
bsd
linux
listserv
certific
sopho
@foo
@iana
free-av
@messagelab
winzip
winrar
samples
abuse
panda
cafee
spam
pgp
@avp.
noreply
local
root@
postmaster@