| 词条 | Worm.Clepa |
| 释义 | 病毒概述病毒别名: 处理时间:2005-08-01 威胁级别:★★ 中文名称: 病毒类型:蠕虫 影响系统:Win 9x/ME,Win 2000/NT,Win XP,Win 2003 病毒性质这是一个通过电子邮件传播的蠕虫病毒. 自动搜索用户机器上的电子邮件地址,自建SMTP引擎,把自身伪装成windows的更新程序,作为邮件附件发送出去.还能删除用户的系统文件,导致系统不稳定.能造成DoS攻击. 病毒行为1,释放312个文件到下面目录: 'c:\\programmi\\gnucleus\\downloads\\incoming\\PC Booster.exe' 'c:\\programmi\\gnucleus\\downloads\\PC Booster.exe' 'c:\\programmi\\KMD\\my shared folder\\PC Booster.exe' 'c:\\programmi\\BearShare\\Shared\\PC Booster.exe' 'c:\\programmi\\KaZaa Lite\\My Shared Folder\\PC Booster.exe' 'c:\\programmi\\KaZaa\\My Shared Folder\\PC Booster.exe' 'c:\\programmi\\Morpheus\\my shared folder\\PC Booster.exe' 'c:\\programmi\\Morpheus\\my shared folder\\PC Booster.exe' 'c:\\programmi\\eDonkey2000\\incoming\\PC Booster.exe' 'c:\\programmi\\direct connect\\received files\\PC Booster.exe' 'c:\\programmi\\grokster\\my grokster\\PC Booster.exe' 'c:\\programmi\\limeWire\\shared\\PC Booster.exe' 'c:\\programmi\\icq\\shared files\\Windows Remote Password Stealer.exe' 'c:\\programmi\\gnucleus\\downloads\\incoming\\mIRC Nuker 2003.exe' 'c:\\programmi\\direct connect\\received files\\mIRC Nuker 2003.exe' 'c:\\programmi\\KaZaa\\My Shared Folder\\Matrix Code Emulator.exe' 'c:\\programmi\\limeWire\\shared\\Matrix Code Emulator.exe' 'c:\\programmi\\BearShare\\Shared\ero Burning ROM Keygen.exe' 'c:\\programmi\\limeWire\\shared\ero Burning ROM Keygen.exe' 'c:\\programmi\\KaZaa\\My Shared Folder\\Matrix make Sex.scr' 'c:\\programmi\\BearShare\\Shared\\Hotmail Password Stealer.exe' 'c:\\program files\\grokster\\my grokster\\Windows Remote Password Stealer.exe' 'c:\\program files\\limeWire\\shared\\Windows Remote Password Stealer.exe' 'c:\\program files\\icq\\shared files\\Windows Remote Password Stealer.exe' 'c:\\program files\\gnucleus\\downloads\\incoming\\mIRC Nuker 2003.exe' 'c:\\program files\\KaZaa\\My Shared Folder\\mIRC Nuker 2003.exe' 等等 2,释放下列文件到系统目录: '%system32%\\svchost.ocx' '%system32%\\services.acm' '%system32%\\sol.dat' '%system32%\\winmine.dat' '%system32%\\freecell.vxd' '%system32%\\chimera.zip' '%system32%\\spoolmgr.exe' '%system32%update.exe' 3,增加注册表项 'HKLM\\Software\\Microsoft\\Windows\\CurrentVersion\\Run' 'Spooler Manager'= 'update.exe' 'HKLM\\Software\\microsoft\\Internet Account Manager\\Accounts\\00000000' 'HKLM\\Software\\microsoft\\Internet Account Manager\\Accounts\\00000001' 'HKLM\\Software\\microsoft\\Internet Account Manager\\Accounts\\00000002' 'HKLM\\Software\\microsoft\\Internet Account Manager\\Accounts\\00000003' 'HKLM\\Software\\microsoft\\Internet Account Manager\\Accounts\\00000004' 'HKLM\\Software\\microsoft\\Internet Account Manager\\Accounts\\00000005' 'HKLM\\Software\\microsoft\\Internet Account Manager\\Accounts\\00000006' 'HKLM\\Software\\microsoft\\Internet Account Manager\\Accounts\\00000007' 'HKLM\\Software\\microsoft\\Internet Account Manager\\Accounts\\00000008' "SMTP Server"='update.exe' "HKLM\\Software\\\\Microsoft\\\\Windows" "Explorer" = 'update.exe' 4,每隔0.5秒 就向www.google.com发送请求,可能造成DoS 5,开放5822端口,接受远程命令后会删除文件: '%root%\\config.sys' '%root%\\command.com' '%root%\\io.sys' '%root%\\boot.ini' '%windows%\\regedit.exe' '%windows%\\win.ini' '%windows%\\system.ini' '%windows%\\win.com' '%system%\\win.com' '%system%winsock.dll' 然后,病毒运行后弹出对话框 标题:'W32.Chimera' 内容:'!Bad Luck!' 'Today it',27h,'s a bad day for your computer:' 'Importants files had been deleted from your drive' 6,建立 SMTP 引擎,发送电子邮件. 7,搜索用户outlook中的电子邮件,把病毒作为附件,发送到以@yahoo.com和@hotmail.com结尾的电子邮箱中. 8,邮件以下面的形式出现: MAIL FROM: security@microsoft.com RCPT TO: *@yahoo.com或者*@hotmail.com Subject: Internet Security Update Content: Why We Are Issuing This Update: A security issue has been identified that could allow an attacker to compromise a computer running Microsoft Windowsand gain control over it. You can protect your computer by installing the attached update. Severity Level: Critical 附件名称:update.exe 9,用户打开附件后,病毒运行,弹出下列对话框 标题:'Windows Security Update' 内容:'System updated. Thank you for your interest in Windows Update' 或者 标题:"Explorer" 内容:"This is not a valid Win32 application" |
| 随便看 |
|
百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。