|
Mydoom 駭蟲變種多
使用者要小心副檔名如下的信件附加檔案
*.zip,*.bat,*.pif,*.com,*.scr,*.cmd,*.exe
Mydoom 駭蟲自年後以來,已有相當多變種,都有在網路上蔓延的情況,此駭蟲信件沒有漏洞,除非使用者自行開啟附加檔案才會感染,因此提醒使用者在近期對於英文主旨、英文內文以及附加檔案之副檔名為*.zip,*.bat,*.pif,*.com,*.scr,*.cmd,*.exe的信件,都要提防,不要直接開啟附件檔案。
Mydoom 變種駭蟲信件:
主旨:
空白
automatic notification
automatic responder
Accident
Announcement
Attention
Approved
bug
Current Status
Confirmation
Confirmation Required
Details
Expired account
fake
For you
For your information
forget
hi, it's me
hello
hi
Information
Important
Love is
news
Notification
stolen
Schedule
Something for you
please read
please reply
Read it immediately!
Read this
Readme
Read this message
read now!
Registration confirmation
Returned Mail
recent news
Thank you
Thank You very very much
unknown
Undeliverable message Your credit card
You have 1 day left
Your account has expired
You use illegal File Sharing...
Your IP was logged
Your account is about to be expired
Your order was registered
Your request was registered
Your order is being processed
Your request is being processed
Wanted
Warning
內文:
Check the attached document.
Details are in the attached document. You need Microsoft Office to open it.
Everything ok?
Greetings
Here it is
Here is the document.
I'm waiting
Information about you
I have your password :)
Is that yours?
Is that from you?
I wait for your reply.
Kill the writer of this document!
Okay
OK
Please, reply
Please see the attached file for details
Something about you
See you
See the attached file for details
Reply
Read the details.
Take it
The document was sent in compressed format.
We have received this document from your e-mail.
You are bad
You are a bad writer
附加檔案:可能為雙副檔名或zip檔案
第一個副檔名:
.doc
.htm
.rtf
.xls
.jpg
.gif
.png
.txt
第二個副檔名:
.exe
.scr
.com
.pif
.bat
.cmd
Mydoom 變種駭蟲行為:
1.大量發送駭蟲信件。
2.執行駭蟲後會產生一個錯誤訊息。
3.將自己複製到系統目錄(95/98/ME系統為system目錄,NT/2000/XP系統為system32目錄)下為<隨機檔名>.exe
4.在系統目錄(95/98/ME系統為system目錄,NT/2000/XP系統為system32目錄)下產生<隨機檔名>.dll檔案。
5.嘗試關閉一些防毒軟體程序。
6.在Windows目錄(95/98/ME系統為Windows目錄,NT/2000/XP系統為Winnt目錄)下產生<隨機檔名>.zip檔案。
7.修改登錄檔,使開機即啟動駭蟲。
8.在每個月的17-22號之間,會嘗試攻擊微軟網站。
9.會嘗試刪除電腦中的副檔名為 .bmp,.avi, .jpg, .sav, .xls, .doc, .mdb的檔案。
|
