|
Netsky.28
Netsky再變種
使用者注意*.pif附加檔案
檔案大小約17,920 bytes
基本介紹
| 病毒名稱 |
Netsky.28 |
| 病毒別名 |
WORM_NETSKY.AB |
| 病毒型態 |
Worm , E-Mail |
| 病毒發現日期 |
2004/04/29 |
| 病毒檔大小 |
17,920 bytes |
| 信件附加檔案 |
.pif |
| 影響平台 |
Windows 95/98/ME , Windows 2000/NT/XP/2003 |
風險評估
Netsky.28信件格式:
發信者: < 隨機 >
主旨: < 下列任一個 >
Correction
Hurts
Privacy
Password
Wow
Criminal
Pictures
Text
Money
Stolen
Found
Numbers
Funny
Only love?
More samples
Picture
Letter
Question
Illegal
內文: < 下列任一個 >
Please use the font arial!
How can I help you?
Still?
I've your password. Take it easy!
Why do you show your body?
Hey, are you criminal?
Your pictures are good!
The text you sent to me is not so good!
True love letter?
Do you have no money?
Do you have asked me?
I've found your creditcard. Check the data!
Are your numbers correct?
You have no chance...
Wow! Why are you so shy?
Do you have more samples?
Do you have more photos about you?
Do you have written the letter?
Does it hurt you?
Please do not sent me your illegal stuff again!!!
附加檔案: < 下列任一個 >
corrected_doc.pif
hurts.pif
document1.pif
passwords02.pif
image034.pif
myabuselist.pif
your_picture01.pif
your_text01.pif
your_letter.pif
your_bill.pif
my_stolen_document.pif
visa_data.pif
pin_tel.pif
your_text.pif
loveletter02.pif
all_pictures.pif
your_letter_03.pif
your_picture.pif
abuses.pif
Netsky.28 行為描述:
註:%Windir%代表系統所在目錄,在Win95/98/me系統預設值為 C:\windows
在WinNT/2000/XP/2003系統預設值為 C:\WinNT
透過自己的SMTP大量發送病毒信件。 病毒執行後,將駭蟲本身複製到%Windir% csrss.exe
修改登錄檔,如此開機即會啟動駭蟲。 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
名稱=BagleAV 值=%Windir%\csrss.exe
刪除下列登錄檔中的值,使其無法常駐。 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
名稱=drvsys.exe 值=%Windir%\drvsys.exe
名稱=ssgrate.exe 值=%Windir%\ssgrate.exe
|