| 词条 | Worm.Semapi.a |
| 释义 | 病毒名片病毒别名:Email-Worm.Win32.Semapi.a[AVP] 处理时间: 威胁级别:★ 中文名称: 病毒类型:蠕虫 影响系统:Win9x / WinNT 病毒行为这是一个通过电子邮件传播的蠕虫病毒。 行为简述该病毒运行的时候会弹出一个出错消息“无法定位semapi.dll,重新安装即可解决该问题”来迷惑用户,其实病毒会将自己拷贝到系统目录和A-Z的固定磁盘、移动磁盘和远程共享磁盘的根目录中,在某些特定类型的文件中收集邮件地址,并使用伪造的发信人向这些地址发送带有病毒的邮件,诱骗用户打开附件,从而导致感染该病毒。 行为过程1)建立一个互斥体“Dr. Doom”,防止病毒的多个实例同时运行。 2)将自己拷贝到: %System%\\AUTOEXE.exe %System%\\SKERNEL32.com %SystemRoot%\\Winbios.exe %SystemRoot%\\DRDOOM.EXE 3)添加注册表启动项: HKEY_LOCAL_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run "AUTOEXE" = "%System%\\AUTOEXE.exe" "KERNEL 32" = "%System%\\SKERNEL32.com" "Win32 Bios" = "%SystemRoot%\\Winbios.exe" 4)病毒运行的时候弹出如下一个消息窗口: 5)尝试将自己拷贝到A-Z的固定磁盘、移动磁盘和远程共享磁盘的根目录中。 6)将下列内容添加到“win.ini”中以便在Windows 95/98/Me系统中实现自启动: [WINDOWS] RUN=%SystemRoot%\\DRDOOM.EXE 7)从下列类型的文件中收集邮件地址 .htm* .asp .msg .oft .shtm* .dbx .tbb .adb .doc .wab .rtf .vb* .pl* .ph* .tx* .eml .js* .wsh .xm* .ttf 8)向收集来的邮件地址发送带毒邮件 Ali Allison Allyson Albert Bob Bobby Catalin Doug Debby Tom Tommy Michael Larissa Linsey Lorena George Jim Jimmy James Tim Timmy Seth Veronica Andre Andrea Allen Amanda Edward Josh Jay Cari Carly Sonny Andres Trevor Amy Robert Roberto Rob Jason Anthony Tony Jeorge Brittany Britney Melissa Mel Manual Den Denis Shawn Sean Loren Faviola Devin Devon John Jon Jonny Ron Ronny Rhonda Sam Samm Sammantha Mindy Mike Carlos Juan Mark Hugo Mat 后面接上下列某个域名 @aol.com @yahoo.com @mail.com @hotmail.com @fbi.gov @cia.gov @usa.com @comcast.net @teacher.net @doctor.com @help.org @teens.org @asia.com @europe.com @philippines.ph @japan.jp @england.uk @gmail.com @school.edu @unknown.org 构成伪造的发送邮件地址 可能的邮件主题: Your data Re: My docs Re: MyLetter Re: Screen Saver Re: Test Account Info 32bit Info chkdizk32 preview 64bit color gif fix Re: Look... Re: Im Sexxy :-p Re: Whatever... 00000000000 .Bat update Re: My File .jpeg update Re: My sexxy Pic.. Re: Sexxy Im Sexxy.. Dr Worm test :-) 可能的邮件正文: Your data is attached. My documents is in the attachments. Plz read my letter in the attachments. The screen saver you requested is attached. ISP Test file 'lsszr32.pif' is attached. Your account info is attached. More info attached. Chkdizk32 trial (32day). 64bit color update is attached. .gif pictures attached. Plz look at the file attached. Told u im sexy... take a look at my pic in the attachments. Whatever.... just look at the msg. attached. 260972396723672396340676067396727632907963 .bat update (MS-0010938) Update included in the attachments. My file that you wanted is attached. .jpeg update attached. My sexxy pic is attached... ;-) (call me) Im sexxy... my phone # is attached. :-) Look at my pic in the attachments. Download Dr. Worm more info is attached.testing.... 可能的附件名: dat.exe mydoc.exe myletter.exe scrsaver.scr lsszr32.pif acount.exe info32.exe chkdizk32.exe 64bitcolr.pif Lkigif32.bat plzlook.exe sxygurl.pif whtev3k32.exe 00000.cmd win32bat.exe myfile.exe jpeg64bit.pif sxxypic.pif looksxyy.exe omgtehsexxy.exe drworm.bat drdsk2k.cmd |
| 随便看 |
百科全书收录4421916条中文百科知识,基本涵盖了大多数领域的百科知识,是一部内容开放、自由的电子版百科全书。