| 词条 | 蠕虫病毒Win32.Luder.L |
| 释义 | 其它名称:Downloader-BAI.gen (McAFee), Mal/HckPk-A (Sophos), Win32/Luder.L!corrupt, Trojan.Peacomm (Symantec), Trojan-Proxy.Win32.Lager.dp (Kaspersky) 病毒属性:蠕虫病毒 危害性:中等危害 流行程度:高 具体介绍: § 病毒特性: Win32/Luder.L是一种通过邮件传播的蠕虫,并寄存在PE 文件中进行传播。另外,它还会生成一个特洛伊,用来下载并运行其它的恶意程序。它是大小为48,259字节,以UPX加壳的加密的Win32可运行程序。 § 感染方式: 运行时,Win32/Luder.L复制"alsys.exe"到%System%目录 ,并设置文件属性为隐藏。随后,修改以下注册表键值,以确保在每次系统启动时运行这个副本: HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Agent = "%System%\\alsys.exe" HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Run\\Agent = "%System%\\alsys.exe" 蠕虫还生成"klllekkdkkd"互斥体,以确保每次只有一个副本运行。 注:'%System%'是一个可变的路径。病毒通过查询操作系统来决定当前系统文件夹的位置。Windows 2000 and NT默认的系统安装路径是C:\\Winnt\\System32; 95,98 和 ME 的是C:\\Windows\\System; XP 的是C:\\Windows\\System32。 § 传播方式: 通过邮件传播 Luder.L从 'Z:\\' 到 'C:\\' 驱动器上搜索小于122,880字节并包含"exe", "scr" 和 "rar"扩展名的文件,查找邮件地址。 蠕虫执行DNS MX (mail exchanger)查询,为每个域找到适合的邮件服务器来发送病毒。它使用本地配置的默认的DNS服务器来执行这些查询。 Luder.L尝试发送邮件到它收集的每个邮件地址。蠕虫发送的邮件带有以下特点: 发件地址: 蠕虫使用任意名称(从蠕虫自带的一个列表中选择),或生成一个任意字符的字符串并结合"yahoo.com",例如 huwqi@yahoo.com。 主题可能是: 5 Reasons I Love You A Bouquet of Love A Day in Bed Coupon A Hug & Roses A Kiss for You A Kiss So Gentle A Little (sex) Card A Monkey Rose for You A Red Hot Kiss A Relaxing Coupon A Romantic Place A Song to You A Special Flower for You A Special Kiss A Sweet Love A Token of My Love A Weekend Getaway Against All Odds All For You All That Matters Angel of Love Awaiting Your Love Baby, I'll Be There Back Together Between Us Bewitching Moonlight Brand New Love Breakfast in Bed Coupon Bubble Bath Coupon Can't Wait to See You! Crazy way to say I Luv U Cuddle Me Please Cuddle Up Cyber Love Dancing With You Dinner Coupon Doing It for You Dream Date Coupon Dream Girl Emptiness Inside Me Eternity of Your Love Evening Romance Every Inch of Your Body Everyone Needs Someone Falling In Love with You Feeling Horny? Fields Of Love For Better of For Worse For You For You....My Love Forever and Ever Forever in Love From this day forward Full Heart Hand in Hand Hand in Hand He Blessed Our Lives Heart is Breaking Heart of Mine Hey Cutie Hold Me (distant love) Hold On How Much I Love You Hugging My Pillow I Always Knew I am Complete I Am Lost In You I Believe I Can't Function I Dream of you I Give to You I Love Thee I Love Thee I Love You Mower I Love You So I Love You Soo Much I Love You with All I Am I Still Love You I Think of You I Win with You I wish I Woof You I Would Do Anything I Would Give you Anything If I Could If I Knew I'll Be Your Man In Love In My Heart Inside My Heart Internet Love It's Your Move Just You Just You & Me Kiss Coupon Kisses, Hugs & Roses Last Night was Hot! Let's Get Frisky Live With Me Longing for You Love at First Sight Love Birds Love for Granted Love is in the Air Love Remains Love You Deeply Made for Each Other Magic of Flowers Massage Coupon Memories Miracle of Love Miracle of Love Moonlit Waterfall Most Beautiful Girl My Eye on You My Heart belongs to you My Heart is Thinking My Invitation My Love My Perfect Love Now and Forever Now I Know Old Together Only You Our Love Our Love Everyday Our Love is Free Our Love is Strong Our love is torn by miles Our Love Nest Our Love Will Last Our Two Hearts Our Wedding Day P.M.S Passionate Kiss Peek-A-Boo Pockets of Love Puppy Love Red Rose Romantic Picnic Coupon Rose for my Love Safe and Sound Safe With You Search for One Sending Kiss Sending You My Love Sending You My Love Showers Of Love So in Love So in Love So Unique Solitary Beauty Someone at Last Soul Mates Soul Partners Steamy Dream Steamy Sex Coupon Summer Love Take My Hand Teddy Bear & Roses Tender Whispers Thanks...Love That Special Love The Candle's Light The Dance of Love The Kiss The Letter The Long Haul The Love Bugs The Miracle of Love The Mood for Love The Mood for Love The Sweet Taste of Love The Time for Love Thinking about you Thinking of You This Day Forward This Feeling Til the End of Time Till Morning's Light Till Morninig's Light Times Are Hard, I Luv U To New Spouse Together Again Together You and I Touched by Love True Love Trunk Full Of Love Twice Blest Twilight Paradise Two of a Kind Unique Love Unmatchable Beauty Until the Day Vacation Love Waiting for You Want to Meet? Want You to Know We Are Different We Have Walked We're a Perfect Fit When I look at you When I'm With You When I'm With You When You Fall in Love Why I Love You Wild Nights--Wild Nights Will You? Window of Beauty Wine and Roses Wish I Could Tell You Wish Upon a Star With All My Love With All of My Heart With This Ring Without Your Love Won't you dance with me Words I Write Worthy of You Wrapped in Your Arms Wrapped Up You + Me You and I You and I Forever You Are My Guiding Star You are out of this world You Asked Me Why You Brighten My Day You Lucky Duck! You Rock Me! You Were Worth the Wait Your Love Has Opened Your Silly Smile You're My Hero You're so Far Away You're Soo kissable You're the One 附件名称: flash postcard.exe Flash Postcard.exe Greeting Card.exe greeting card.exe Greeting Postcard.exe greeting postcard.exe Postcard.exe postcard.exe 通过文件感染-PE文件 Luder.L每次发现一个带有"exe" 或 "scr" 扩展名的文件,都使用<random name>.t文件名复制病毒到文件所在目录,并设置为隐藏文件。 注:<random name>由8个小写字母组成。例如:"vrstmkgk.t"。 Luder.L检查文件的PE头,来查看是否有足够的空间运行,并在中间插入一个代码。另外,它不会感染已经被感染的DLL或可执行文件。如果被运行,它首先运行相关的<random name>.t。Luder.L在被感染文件的PE头的timestamp中写入666作为一个标记,避免再次感染同一文件。 注:生成的<random name>.t文件即使不满足感染的所有条件,也不会被Luder.L修改。 危害: 生成并运行其它恶意程序 Luder.L在被感染机器上生成Win32/Pecoan.G特洛伊。 终止进程 每隔4秒,如果注册表编辑器(regedit.exe)和名称中包含以下字符串的其它进程(显示在Windows Title Bar中)正在运行,Luder.L就会尝试终止注册表编辑器和这些进程: anti avg avp blackice firewall f-pro hijack lockdown mcafee msconfig nav nod32 rav reged spybot taskmgr troja viru vsmon zonea 修改系统设置 Luder.L修改以下注册表键值,使得"Windows Firewall/Internet Connection Sharing (ICS)"(还称为"Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)")服务失效: HKLM\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess\\Start = 4 清除: KILL安全胄甲Vet 30.3.3344版本可检测/清除此病毒。 § 相关条目 特洛伊病毒Win32.SillyDl.IQ Win32.Kipis.A蠕虫病毒 蠕虫病毒Win32.Luder.U 特洛伊病毒Win32.Chepvil.C 蠕虫病毒Win32.Luder.O 蠕虫病毒Win32.Robzips.M 蠕虫病毒Win32.Duiskbot.AF |
| 随便看 |
百科全书收录594082条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。