大砲開講

惡意連結是放置在首頁 (其他頁面可能要仔細檢查一下囉) 中的：

執行之後，有下面的行為：

[DLL injection]
C:\WINDOWS\java\4C8687D225CD.dll

[Added file]
C:\Documents and Settings\Administrator\Desktop\1.bat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\stinit[1].js
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\1[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\mian[1].exe
C:\WINDOWS\java\4C8687D225CD.dll
C:\WINDOWS\java\4C8687D225CD.exe

[Added COM/BHO]
{349E37A1-4C07-409F-83E5-36213268854B}-C:\WINDOWS\java\4C8687D225CD.dll

到目前為止 (2007/7/31 @ 23:51)，下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考)：

1[1].htm:
[ Microsoft ], "Exploit:HTML/Expascii.gen"
[ McAfee ], "ObfuscatedHtml"
[ Fortinet ], "HTML/ASCII.gen!exploit"
4C8687D225CD.dll:
[ Alpha_Gen ], "Possible_Infostl"
[ Beta_Gen ], "Possible_Infostl"
[ Microsoft ], "PWS:Win32/Gamania.gen!B"
[ McAfee ], "PWS-QQPass"
4C8687D225CD.exe:
[ Alpha_Gen ], "Possible_Infostl"
[ Beta_Gen ], "Possible_Infostl"
[ Microsoft ], "PWS:Win32/Wowsteal.gen!A"
[ Kaspersky ], "Trojan-PSW.Win32.Magania.jq"
[ McAfee ], "New Malware.x !!"
[ Fortinet ], "suspicious"
[ Norman ], "[Heuristic Sandbox detection]:Virus W32/Malware"
mian[1].exe:
[ Alpha_Gen ], "Possible_Infostl"
[ Beta_Gen ], "Possible_Infostl"
[ Microsoft ], "PWS:Win32/Wowsteal.gen!A"
[ Kaspersky ], "Trojan-PSW.Win32.Magania.jq"
[ McAfee ], "New Malware.x !!"
[ Fortinet ], "suspicious"
[ Norman ], "[Heuristic Sandbox detection]:Virus W32/Malware"