“Worm.Mytob.cn”的意思、由来-中文百科全书

病毒别名：

处理时间：2005-09-02

威胁级别：★★

中文名称：

病毒类型：蠕虫

影响系统：Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行为:

这是一个通过irc和电子邮件传播的蠕虫病毒.

该病毒运行后,黑客可以通过irc控制用户机器,执行破坏操作,如下载病毒文件,重新启动用户机器等.还能利用自带的smtp引擎,把病毒作为附件发送到指定邮箱.还能屏蔽大量安全网站.

1,修改注册表项:

HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess

＂Start＂　= ＂04, 00, 00, 00＂

来关闭Windows XP 的防火墙功能

2,自动连接到下列irc服务器:

irc.unixirc.net

接受黑客控制,执行破坏操作,如下载病毒文件,并拷贝到系统目录等.

3,修改host文件,屏蔽下列安全网站:

'127.0.0.1' 'www.symantec.com'

'127.0.0.1' 'securityresponse.symantec.com'

'127.0.0.1' 'symantec.com'

'127.0.0.1' 'www.sophos.com'

'127.0.0.1' 'www.mcafee.com'

'127.0.0.1' 'www.viruslist.com'

'127.0.0.1' 'www.f-secure.com'

'127.0.0.1' 'www.avp.com'

'127.0.0.1' 'www.networkassociates.com'

'127.0.0.1' 'www.my-etrust.com'

'127.0.0.1' 'dispatch.mcafee.com'

'127.0.0.1' 'www.nai.com'

'127.0.0.1' 'liveupdate.symantec.com'

等

4,在以下列后缀名结尾的文件中寻找邮件地址:

htmb

shtl

jspl

xmls

cgil

phpq

aspd

tbbg

dbxn

adbh

html

wab

5,邮件内容会出现下列当中的一种:

Dear user

You have successfully updated the password of your count.

If you did not authorize this change or if you need assistance with your account, please contact %s customer service at:

Please also visit our irc server irc.unixirc.net 6667 #ccpower

Thank you for using %s!

The %s Support Team

+++ Attachment: No Virus (Clean)

Dear user

It has come to our attention that your %s User Profile ( x ) records are out of date. For further details see the attached document.

Please also visit our irc server irc.unixirc.net 6667 #ccpower

Thank you for using %s!

The %s Support Team

+++ Attachment: No Virus (Clean)

Dear %s Member,

We have temporarily suspended your email account %s.

This might be due to either of the following reasons:

1. A recent change in your personal information (i.e. change of address).

2. Submiting invalid information during the initial sign up process.

3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.

Thank you for using %s!

The %s Support Team

+++ Attachment: No Virus (Clean)

6,病毒会被作为附件,利用自带的smtp引擎发送出去

7,避免发送到含有下列字符的邮箱:

ibm.com

google

linux

berkeley

foo

ruslis

nodomai

mydomai

example

hotmail

panda

sopho

someone

your

bugs

rating

service

privacy

help

等等.

词条	Worm.Mytob.cn
释义	病毒别名：处理时间：2005-09-02 威胁级别：★★ 中文名称：病毒类型：蠕虫影响系统：Win 9x/ME,Win 2000/NT,Win XP,Win 2003 病毒行为: 这是一个通过irc和电子邮件传播的蠕虫病毒. 该病毒运行后,黑客可以通过irc控制用户机器,执行破坏操作,如下载病毒文件,重新启动用户机器等.还能利用自带的smtp引擎,把病毒作为附件发送到指定邮箱.还能屏蔽大量安全网站. 1,修改注册表项: HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\SharedAccess ＂Start＂　= ＂04, 00, 00, 00＂来关闭Windows XP 的防火墙功能 2,自动连接到下列irc服务器: irc.unixirc.net 接受黑客控制,执行破坏操作,如下载病毒文件,并拷贝到系统目录等. 3,修改host文件,屏蔽下列安全网站: '127.0.0.1' 'www.symantec.com' '127.0.0.1' 'securityresponse.symantec.com' '127.0.0.1' 'symantec.com' '127.0.0.1' 'www.sophos.com' '127.0.0.1' 'www.mcafee.com' '127.0.0.1' 'www.viruslist.com' '127.0.0.1' 'www.f-secure.com' '127.0.0.1' 'www.avp.com' '127.0.0.1' 'www.networkassociates.com' '127.0.0.1' 'www.my-etrust.com' '127.0.0.1' 'dispatch.mcafee.com' '127.0.0.1' 'www.nai.com' '127.0.0.1' 'liveupdate.symantec.com' 等 4,在以下列后缀名结尾的文件中寻找邮件地址: htmb shtl jspl xmls cgil phpq aspd tbbg dbxn adbh pl html wab 5,邮件内容会出现下列当中的一种: Dear user You have successfully updated the password of your count. If you did not authorize this change or if you need assistance with your account, please contact %s customer service at: Please also visit our irc server irc.unixirc.net 6667 #ccpower Thank you for using %s! The %s Support Team +++ Attachment: No Virus (Clean) Dear user It has come to our attention that your %s User Profile ( x ) records are out of date. For further details see the attached document. Please also visit our irc server irc.unixirc.net 6667 #ccpower Thank you for using %s! The %s Support Team +++ Attachment: No Virus (Clean) Dear %s Member, We have temporarily suspended your email account %s. This might be due to either of the following reasons: 1. A recent change in your personal information (i.e. change of address). 2. Submiting invalid information during the initial sign up process. 3. An innability to accurately verify your selected option of subscription due to an internal error within our processors. Thank you for using %s! The %s Support Team +++ Attachment: No Virus (Clean) 6,病毒会被作为附件,利用自带的smtp引擎发送出去 7,避免发送到含有下列字符的邮箱: ibm.com google linux berkeley foo ruslis nodomai mydomai example hotmail panda sopho someone your bugs rating service privacy help 等等.
随便看	filepost file_put_contents FileRenamer2 V1.05 File Replication Service Files FileSee FileSeek() File Seeker V3.07 FileSee通用文件浏览器 fileserve FileServer(文件服务器) file service FileShare.exe FileSonic File Splitter Deluxe V3.4 FileSplitter V2.34.424 File Split V2.33 Build 420 File Split V2.34 Build 420 FilesTrack filestream FilesTube FileSystemObject FileTargets V1.4.1 FileTiger V1.32 FileTimeToSystemTime