荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: gordonlot (不用重修了), 信区: Virus
标 题: 善“变”的蠕虫:W32.Led@mm
发信站: 荔园晨风BBS站 (Thu Jan 24 18:22:01 2002), 转信
病毒名称:W32.Led@mm
别名: W32/Fagled@MM, Win32.Fagled
大小: 110,592 字节
W32.Led是一个乱发邮件的蠕虫,主要通过OUTLOOK、mIRC及MSN。蠕虫搜索被
感染的机器查找邮件地址,同时还查找.vbs文件,之后创建一个列表,并运行找到
的这些文件。
当蠕虫W32.Led被运行后,将执行下面的工作:
>>首先大量发送带毒邮件,邮件的主题和内容是变化的。
1)
Subject: LOL!
Message: <none>
2)
Subject: Yo momma
Message:
hey wassup?, check out this awwwesommmeee Yo momma joke generator,
really funny, check it out!!
(接下来是从下列句子中选择其一):
Yo'momma so fat it say on her driver's license Picture continued on
back!
Yo'momma so fat she can use Mt. Everest for a dildo!
Yo'momma so fat the highway patrol made her wear Caution! Wide Turn. !
Yo'momma so fat she has her own area code!
Yo'momma so fat she's got more Chins than a Hong Kong phone book!
Yo'momma so fat she shaves her legs with a lawn mower!
Yo'momma so fat when a cop saw her he told her Hey you two break it
up!
Yo'momma so fat when she sweats everyone around her wears raincoats!
Yo'momma so fat she wears two watches because she's in two time zones!
3)
Subject: urgent!! you sent me a virus
Message:
Hi, I just received a email from you containing the W32/resudaB virus.
It looks like your computer is infected with this dangerious virus, so i
attached a cleaner to this e-mail to clean your computer from the
virus...
4)
Subject: Why sex feels so good?
Message: ;)
5)
Subject: haha
Message: <none>
6)
Subject: check out my ePhoto Album
Message: <none>
7)
Subject: this is how you remind me, WHAT I REALLY AM, I'm NOT LIKE YOU,
SO SORRY!
Message: <none>
8)
Subject: urgent!! you sent me a virus!
Message:
Hi, I just received a email from you containing the highly destructive
<virus name> virus.
(其中嵌入的病毒名是下列名称之一::
W32/ToagDipust
W32/LlehmorfTaog.C
W32/LOAeSui.A
W32/String
W32/BadTrans]
W32/LED
W32/Matrix
W32/AOL
W32/CockRoach
W32/Dunno.k
It looks like your computer is infected with this dangerious virus, so i
attached a cleaner to this e-mail to clean your computer from the
virus...
9)
Subject: You have been caught on account <user account name>
Message: You have been caught by the FBI for your account abuse, your
local police office will contact you soon.
之后,蠕虫创建了第二封邮件,包含下面的一些内容:
Subject: (_|_)
Message: Christianzzz rule
该邮件被发送到地址master##@hotmail.com处(其中## 是个随机数)。
邮件的附件也是不确定的,但典型的是Led.exe。
>>蠕虫搜索Default.html或Index.html,如果找到,则将自己的Default.html或
Index.html覆盖原来的,同时拷贝文件到那个文件夹中。
>>另外,蠕虫还通过MSN和IRC进行传播,邀请其他用户访问一个包含此蠕虫的网站
。
>>添加注册键
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
值:W32/LED C:\Windows\Led.exe
>>向文件C:\xirtaM.txt中记录每次的活动日志。
>>执行所有找到的VBS文件。
--
※ 来源:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 192.168.48.221]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店