词条 | Worm.Mytob.au |
释义 | 病毒别名:Net-Worm.Win32.Mytob.au[AVP] 处理时间: 威胁级别:★★ 中文名称: 病毒类型:蠕虫 影响系统:Win9x / WinNT 病毒行为: 这是一个通过电子邮件传播的蠕虫病毒。该病毒会使用自带的SMTP引擎疯狂向外发送带毒邮件,诱骗邮件接收者打开附件。禁止用户访问某些著名的反病毒网站,从网上下载病毒到本地机器运行,还会在感染机器上留下后门以便攻击者可以通过IRC来控制被感染机器。 1)释放病毒副本LIENVANDEKELDER.EXE到系统目录下 2)添加注册表启动项: HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\RunServices "http://www.lienvandekelder.be"="LienVandeKelder.exe" HKEY_LOCAL_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\Run "http://www.lienvandekelder.be"="LienVandeKelder.exe" 3)使用自己的SMTP引擎向外发送邮件: 取下面的某一行做为邮件主题: *IMPORTANT* Please Validate Your Email Account *IMPORTANT* Your Account Has Been Locked Email Account Suspension Notice: **Last Warning** Notice:***Your email account will be suspended*** Security measures Your email account access is restricted Your Email Account is Suspended For Security Reasons 取下面的某一段做为邮件正文: Account Information Are Attached! Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal. please look at attached document. Please see the attachement. To safeguard your email account from possible termination, please see the attached file. To unblock your email account acces, please see the attachement. We have suspended some of your email services, to resolve the problem you should read the attached document. 取下面的某一行做为附件名称: document_full email-doc email-info email-text IMPORTANT info-text information your_details 附件可能使用的扩展名: EXE PIF SCR ZIP 4)通过修改host文件来禁止用户访问下列反病毒网站: avp.com ca.com customer.symantec.com dispatch.mcafee.com download.mcafee.com f-secure.com kaspersky-labs.com kaspersky.com liveupdate.symantec.com liveupdate.symantecliveupdate.com mast.mcafee.com mcafee.com my-etrust.com nai.com networkassociates.com rads.mcafee.com secure.nai.com securityresponse.symantec.com sophos.com symantec.com trendmicro.com update.symantec.com updates.symantec.com us.mcafee.com viruslist.com www.avp.com www.ca.com www.f-secure.com www.grisoft.com www.kaspersky.com www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com 5)从网上下载病毒到染毒机器上运行。 |
随便看 |
百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。