|
2004年2月19日,北京 全球領(lǐng)先的互聯(lián)網(wǎng)安全技術(shù)與解決方案供應(yīng)商賽門(mén)鐵克公司(納斯達(dá)克:SYMC)今日率先發(fā)現(xiàn)了W32.Netsky.B和W32.Beagle.B@mm病毒�。目前�,W32.Netsky.B病毒正在大面積爆發(fā)����,據(jù)統(tǒng)計(jì)該病毒在全球的提交案例已達(dá)728例���,企業(yè)用戶(hù)的提交量已達(dá)109例,而且提交量仍在不斷增加�����。賽門(mén)鐵克安全響應(yīng)中心已經(jīng)將W32.Netsky.B的威脅級(jí)提升到4級(jí)(其中5級(jí)為最嚴(yán)重),并將W32.Beagle.B@mm病毒的威脅級(jí)別提升為3級(jí)�����,同時(shí)提供了清除它們的解決方案��。
主要信息:
W32.Netsky.B是一個(gè)可以通過(guò)群發(fā)電子郵件迅速傳播的蠕蟲(chóng)病毒����。它通過(guò)掃描硬盤(pán)和映射驅(qū)動(dòng)器搜索擴(kuò)展名.msg�、 .oft、 .sht ����、.dbx 、.tbb ����、 .asp、.uin��、 .rtf ��、.vbs 、.txt php��、.eml �����、 .html���、 .htm ��、.pl����、 .adb���、.doc �、.wab的文件來(lái)獲得郵件地址���,并試圖使用自己的 SMTP 引擎將自身發(fā)送至它在掃描硬盤(pán)驅(qū)動(dòng)器和映射驅(qū)動(dòng)器時(shí)所發(fā)現(xiàn)的郵件地址中�。該蠕蟲(chóng)還將搜索從C盤(pán)到Z盤(pán)驅(qū)動(dòng)器中文件名帶有“共享”或包含“共享”信息的文件夾��,只要該盤(pán)不是光驅(qū)它就會(huì)將自己復(fù)制到這些文件夾中��,并會(huì)以下列文件形式存在:
doom2.doc.pif
sex sex sex sex.doc.exe
rfc compilation.doc.exe
dictionary.doc.exe
win longhorn.doc.exe
e.book.doc.exe
programming basics.doc.exe
how to hack.doc.exe
max payne 2.crack.exe
e-book.archive.doc.exe
virii.scr
nero.7.exe
eminem - lick my pussy.mp3.pif
cool screensaver.scr
serial.txt.exe
office_crack.exe
hardcore porn.jpg.exe
angels.pif
porno.scr
matrix.scr
photoshop 9 crack.exe
strippoker.exe
dolly_buster.jpg.pif
winxp_crack.exe
W32.Netsky.B的病毒特征如下:
別名:W32/Netsky.b@MM [McAfee], W32/Netsky.B.worm [Panda], WORM_NETSKY.B [Trend Micro], Moodown.B [F-Secure], I-Worm.Moodown.b [Kaspersky]
病毒類(lèi)型:蠕蟲(chóng)
感染長(zhǎng)度:22,016字節(jié)
受感染系統(tǒng):Windows 2000, Windows 95, Windows 98, Windows Me, Windows XP
不會(huì)受感染系統(tǒng):Linux, Macintosh, UNIX, Windows 3.x
通過(guò)W32.Netsky.B發(fā)送的電子郵件具有下列特征:
標(biāo)題: (為以下其中之一)
hi
hello
read it immediately
something for you
warning
information
stolen
fake
unknown
消息: (為以下其中之一)
anything ok?
what does it mean?
ok
i'm waiting
read the details.
here is the document.
read it immediately!
my hero
here
is that true?
is that your name?
is that your account?
i wait for a reply!
is that from you?
you are a bad writer
I have your password!
something about you!
kill the writer of this document!
i hope it is not true!
your name is wrong
i found this document about you
yes, really?
that is bad
here it is
see you
greetings
stuff about you?
something is going wrong!
information about you
about me
from the chatter
here, the serials
here, the introduction
here, the cheats
that's funny
do you?
reply
take it easy
why?
thats wrong
misc
you earn money
you feel the same
you try to steal
you are bad
something is going wrong
something is fool
附件名稱(chēng): (為以下其中之一)
document
msg
doc
talk
message
creditcard
details
attachment
me
stuff
posting
textfile
concert
information
note
bill
swimmingpool
product
topseller
ps
shower
aboutyou
nomoney
found
story
mails
website
friend
jokes
location
final
release
dinner
ranking
object
mail2
part2
disco
party
misc
附件擴(kuò)展 1: (可能將包括其中之一)
.txt
.rtf
.doc
.htm
附件擴(kuò)展2: (為以下其中之一)
.exe
.scr
.com
.pif
賽門(mén)鐵克的專(zhuān)家還建議您從正規(guī)的網(wǎng)站上獲取病毒定義碼和解決方案。用戶(hù)可以通過(guò)LiveUpdate和智能更新技術(shù)自動(dòng)下載病毒定義碼�,從而抵御病毒對(duì)網(wǎng)絡(luò)的入侵。
有關(guān)W32.Netsky.B蠕蟲(chóng)的清除工具和其他詳細(xì)資料�,請(qǐng)?jiān)L問(wèn)
有關(guān)W32.Beagle.B@mm蠕蟲(chóng)的清除工具和其他詳細(xì)資料,請(qǐng)?jiān)L問(wèn)
出處:賽迪網(wǎng)
責(zé)任編輯:Yahoo
◎進(jìn)入論壇計(jì)算機(jī)技術(shù)版塊參加討論
|
