““五毒虫”变种AE(Worm.Supnot.ae)”的意思、由来-中文百科全书

词条

“五毒虫”变种AE(Worm.Supnot.ae)

释义

§ 名称

“五毒虫”变种AE(Worm.Supnot.ae)

§ 相关资料

病毒信息：

病毒名称: Worm.Supnot.ae

中文名称: 五毒虫

威胁级别: 3B

病毒类型: 邮件蠕虫、漏洞蠕虫、黑客、后门

病毒类型: 木马

受影响系统:Win9x, Windows 2000, Windows XP, Windows 2003

破坏方式：

A、病毒利用邮件、DCOM RPC漏洞、局域网进行疯狂传播，导致网络瘫痪等现象

B、开后门，等待黑客连接，造成泄密等损失

发作现象：

A、局域网传播时可能的副本的文件名：

"MSN Password Hacker and Stealer.exe"

"SIMS FullDownloader.zip.exe"

"Winrar + crack.exe"

"Star Wars II Movie Full Downloader.exe"

"MoviezChannelsInstaler.exe"

"Age of empires 2 crack.exe"

"CloneCD + crack.exe"

"Sex_For_You_Life.JPG.pif"

"AN-YOU-SUCK-IT.txt.pif"

"100 free essays school.pif"

"Mafia Trainer!!!.exe"

"Panda Titanium Crack.zip.exe"

"How To Hack Websites.exe"

"The world of lovers.txt.exe"

"autoexec.bat"

"Are you looking for Love.doc.exe"

B、病毒运行后会搜索本地文件目录，通过收件箱中的邮件地址向外发送带毒邮件传播自身，以及根据收件箱里的邮件内容自动回复邮件，每封邮件的附件中均携带病毒副本。

邮件特征如下：

病毒回附邮件时主题和原始邮件有关，可能邮件正文有：

If you can keep your head when all about you

Are losing theirs and blaming it on you;

If you can trust yourself when all men doubt you,

But make allowance for their doubting too;

If you can wait and not be tired by waiting,

Or, being lied about,don't deal in lies,

Or, being hated, don't give way to hating,

And yet don't look too good, nor talk too wise;

... ... more look to the attachment.

病毒回附邮件时可能的附件名：

"I am For u.doc.exe"

"Britney spears nude.exe.txt.exe"

"joke.pif"

"DSL Modem Uncapper.rar.exe"

"Industry Giant II.exe"

"StarWars2 - CloneAttack.rm.scr"

"dreamweaver MX (crack).exe"

"Shakira.zip.exe"

"SETUP.EXE"

"Macromedia Flash.scr"

"How to Crack all gamez.exe"

"Me_nude.AVI.pif"

"s3msong.MP3.pif"

"Deutsch BloodPatch!.exe"

"Sex in Office.rm.scr"

"the hardcore game-.pif"

发送邮件时可能的主题、正文和附件名称

主题：

"Hi"

"Hi Dear"

"Attached one Gift for u.."

"Help"

"Great"

"for you"

"Last Update"

"Let's Laugh"

"Reply to this!"

正文：

"For further assistance, please contact!"

"Copy of your message, including all the headers is attached."

"This is the last cumulative update."

"Tiger Woods had two eagles Friday during his victory over Stephen Leaney. (AP Photo/Denis Poroy)"

"Send reply if you want to be official beta tester."

"This message was created automatically by mail delivery software (Exim)."

"It',27h,'s the long-awaited film version of the Broadway hit. Set in the roaring 20',27h,'s, this is the story of Chicago chorus girl Roxie Hart (Zellweger), who shoots her unfaithful lover (West)."

"Adult content!!! Use with parental advisory."

"Patrick Ewing will give Knick fans something to cheer about Friday night."

附件名称：

"images.pif"

"README.TXT.pif"

"Interesting.exe"

"Source.exe"

"YOU_are_FAT!.TXT.pif"

"enjoy.exe"

"Doom3 Preview!!!.exe"

"driver.exe"

"About_Me.txt.pif"

D、病毒会开一个进程用于监视病毒主程序，如果病毒主程序被中止，会立即重新装载主程序。

E、病毒会中止一些知名杀毒软件的病毒防火墙和杀毒程序，如：金山毒霸、瑞星、诺顿、天网、Kill等。并且改进的方式更加恶毒，只要程序的进程名中包含"KV"、"KAV"、"Duba"、"NAV"、"kill"、"RavMon.exe"、"Rfw.exe"、"Gate"、"McAfee"、

"Symantec"、"SkyNet"、"rising"就会被病毒中止。

技术特点：

A、在系统目录及系统安装目录下添加以下文件：

%System%\\TkBellExe.exe

%System%\\Update_OB.exe

%System%\\hxdef.exe

%System%\\RAVMOND.exe

%System%\\IEXPLORE.EXE

%System%\\kernel66.dll

%System%\\ODBC16.dll

%System%\\msjdbc.dll

%System%\\MSSIGN30.dll

%System%\etMeeting.exe

%System%\\Spollsv.exe

%System%\\LMMIB20.DLL

%SystemRoot%\\Media\\mmc.exe

%SystemRoot%\\svchost.exe

B、在病毒第一次运行的目录下生成一些RAR和ZIP压缩的文件:

如:bak.exe等

C、在C盘下生成以下文件：

c:\etLog.txt

D、添加以下注册表键值：

HKEY_CURRENT_USER\\Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows

Run ="RAVMOND.exe"

HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\runServices

SystemTra ="%SystemRoot%\\SysTra.EXE"