亞太寬頻命理占卜大觀園網站被植入惡意連結
2007 年 07 月 23 日 – 08:15:00亞太寬頻命理占卜大觀園網站被植入惡意連結,此惡意程式為 Onlineage 變種,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒 (此惡意程式應該會偷帳號與密碼)。(感謝網友通知)
惡意連結是放置在首頁 (其他頁面可能要仔細檢查一下囉) 中的:
執行之後,有下面的行為 (產生應用程式錯誤的訊息):
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\qing.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\click[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\update1[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\update[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\11[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\1[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\41[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\ani[1].css
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\mystat[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\update[1].htm
到目前為止 (2007/7/23 @ 08:34),下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考):
1.htm:
[ Symantec ], "Downloader"
[ Microsoft ], "[->(SCRIPT0000)]:TrojanDownloader:VBS/Agent.EF"
[ Kaspersky ], "Trojan-Downloader.VBS.Small.eh"
[ McAfee ], "[0000001d.vbs]:Exploit-MS06-014 !!"
[ Nod32 ], "VBS/TrojanDownloader.Small.BO trojan"
[ Fortinet ], "VBS/Psyme.DP!tr.dldr"
[ HBEDV ], "VBS/Dldr.Psyme.FY"
[ Rising ], "Trojan.DL.VBS.Agent.cii"
[ Ewido ], "Downloader.Small.cu"
