新年降至,MSN蠕虫僵尸网络活跃
从24号圣诞夜开始,病毒僵尸网络开始变得异常活跃。
根据CISRT的监测,除了风暴蠕虫僵尸网络外,MSN蠕虫僵尸网络也正处于活跃状态。
近两天,MSN蠕虫僵尸网络已开始将伪装主题指向新年元旦。目前,CISRT监测到,两个.zip文件:Happy2008.zip、New-Year2008-imgaes.zip,正通过MSN传播。CISRT提醒广大MSN用户提高警惕!
两支变种的简介:
1. New-Year2008-imgaes.zip (内含New-year2008-image15.scr)
大小: 59,895 字节
检测名: Backdoor.Win32.IRCBot.axj (Kaspersky)
行为简介:
(1) 释放以下文件:
%WINDOWS%\msmsgrsu.exe(只读, 系统,隐藏属性)
%WINDOWS%\New-Year2008-imgaes.zip
(2) 添加注册表键值:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"MsnLiveMessenger" = "msmsgrsu.exe"
(3) 发送以下信息:
Check theese out, Christmas + New year!
Hey, have u seen these Christmas images?
you gotta see this, me in my noughty santa suit!! :P
New year + Christmas pictures! :D
Happy new year xD! :D see
Heeey :) <3 Check out theese New year photos!
2. Happy2008.zip (内含Happy2008-Card.com)
大小: 26,014 字节
检测名: Backdoor.Win32.IRCBot.axl (Kaspersky)
行为简介:
(1) 释放以下文件:
%WINDOWS%\svchost.exe(只读, 系统,隐藏属性)
%WINDOWS%\Happy2008.zip
(2) 添加注册表键值:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
"Windows svchost" = "svchost.exe"
(3) 发送以下信息:
Check theese out, Christmas + New year!
Hey, have u seen these Christmas images?
you gotta see this, me in my noughty santa suit!! :P
New year + Christmas pictures! :D
Happy new year xD! :D see
Heeey :) <3 Check out theese New year photos!
解决办法:/zuixinbingdu/2007/1229/2116.html
您的位置: