“Worm.Sower”的意思、由来-中文百科全书

词条

Worm.Sower

释义

§ 病毒别名

：处理时间：2006-08-03 威胁级别：★★

中文名称：索尔病毒类型：蠕虫影响系统：Win 9x/ME,Win 2000/NT,Win XP,Win 2003

§ 病毒行为

这是一个可以通过多种方式传播的蠕虫病毒。该病毒的主要危害是结束大量反病毒软件，降低系统的安全等级。

1，生成文件

%system%\\RAVMOND.exe

%system%\\IEXPLORE.EXE

%system%\\kernel66.dll

%system%\\msjdbc11.dll

%system%\\MSSIGN30.DLL

%windows%\\SYSTRA.EXE

2，添加启动项

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows

"run" = "RAVMOND.exe"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"VFW Encoder/Decoder Settings" = "RUNDLL32.EXE MSSIGN30.DLL ondll_reg"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\runServices

"SystemTra" = "%windows%\\SYSTRA.EXE"

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\_reg

"ImagePath" = "Rundll32.exe msjdbc11.dll ondll_server"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"Program In Windows" = "%system%\\IEXPLORE.EXE"

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\Windows Management Protocol v.0 (experimental)

"ImagePath" = "Rundll32.exe msjdbc11.dll ondll_server"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run

"Protected Storage" = "RUNDLL32.EXE MSSIGN30.DLL ondll_reg"

3，结束含有下列字符串的进程

RISING

SKYNET

SYMANTEC

MCAFEE

GATE

RFW.EXE

RAVMON.EXE

KILL

NAV

DUBA

KAV

4，通过可移动磁盘传播

枚举磁盘驱动器，拷贝下列病毒文件到磁盘根目录

随机文件名

PassWord

book

letter

bak

WORK

Important

TEST 666

TEST

exe_start

Anti_virus_v99

随机后缀名

.ZIP

.RAR

.scr

.pif

.com

.exe

command.exe

autorun.inf

autorun.inf内容

【AUTORUN】

Open="%c:\\COMMAND.EXE"

5，通过p2p文件共享软件传播

拷贝下列病毒文件到共享目录

Thank you.doc.exe

3D Flash Animator.rar.bat

SWF Browser2.93.txt.exe

Download.exe

Panda Crack.zip.exe

WinRAR V3.2.0 Beta 2.exe

Swish2.00.pif

AAdobe Photoshop7.0 creak.pif

You_Life.JPG.pif

CloneCD crack.exe

WinZip v9.0 Beta Build 5480 crack.exe

Real-DRAW PRO v3.10.exe

Star Wars Downloader.exe

HyperSnap-DX v5.20.01.exe

Adobe Photoshop6.0.zip.exe

HyperSnap-DX v4.51.01.exe

6，通过弱口令攻击传播

系统弱帐号及弱口令如下：

Guest

Administrator

zxcv

yxcv

xxx

win

test123

test

temp123

temp

sybase

super

sex

secret

pwd

pw123

Password

owner

oracle

mypc123

mypc

mypass123

mypass

love

Internet

home

godblessyou

god

enable

database

computer

alpha

admin123

Admin

abcd

aaa

88888888

2600

2003

2002

123asd

123abc

123456789

1234567

123123

121212

11111111

110

007

00000000

000000

pass

54321

12345

password

passwd

server

sql

!@#$%^&*

!@#$%^&

!@#$%^

!@#$%

asdfgh

asdf

!@#$

1234

111

root

abc123

12345678

abcdefg

abcdef

abc

888888

666666

111111

admin

administrator

guest

654321

123456

321

123

7，邮件传播

邮件内容：

If you can keep your head when all about you

Are losing theirs and blaming it on you;

If you can trust yourself when all men doubt you,

But make allowance for their doubting too;

If you can wait and not be tired by waiting,

Or, being lied about,don't deal in lies,

Or, being hated, don't give way to hating,

And yet don't look too good, nor talk too wise;

... ... more look to the attachment.

附件名：

the hardcore game-.pif

Sex in Office.rm.scr

Deutsch BloodPatch!.exe

s3msong.MP3.pif

Me_nude.AVI.pif

How to Crack all gamez.exe

Macromedia Flash.scr

SETUP.EXE

Shakira.zip.exe

dreamweaver MX (crack).exe

StarWars2 - CloneAttack.rm.scr

Industry Giant II.exe

DSL Modem Uncapper.rar.exe

joke.pif

Britney spears nude.exe.txt.exe

I am For u.doc.exe

§ 其它

文化艺术,生活娱乐,人物百科,社会人文,中外历史...

随便看

百科全书收录594082条中文百科知识，基本涵盖了大多数领域的百科知识，是一部内容开放、自由的电子版百科全书。