長昇運動生活網網站被植入惡意連結

2007 年 08 月 03 日 – 16:53:00

長昇運動生活網網站被植入惡意連結,此惡意程式為 TSPY_MARAN 或 TR/PSW.OnLineGames 變種,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒 (此惡意程式應該會偷帳號與密碼)。

惡意連結是放置在首頁 (其他頁面可能要仔細檢查一下囉) 中的:

執行之後,有下面的行為:

[DLL injection]
C:\WINDOWS\java\9F9A49B50B15.dll

[Added file]
C:\Documents and Settings\Administrator\Desktop\1.bat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\11[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\ani1[1].css
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\update1[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\stat[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\update[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\update[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\4[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\1[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\41[1].htm
C:\WINDOWS\java\9F9A49B50B15.dll
C:\WINDOWS\java\9F9A49B50B15.exe

[ Added COM/BHO ]
{BBEA12CD-C2D6-428C-B433-06BA9EC859ED}-C:\WINDOWS\java\9F9A49B50B15.dll

到目前為止 (2007/8/2 @ 15:25),下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考):

9F9A49B50B15.dll:
[ Alpha_Gen ], "Possible_Infostl"
[ Beta_Gen ], "Possible_Infostl"
[ Microsoft ], "PWS:Win32/Gamania.gen!B"
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact, PAK:PE_Patch.MaskPE, Trojan-PSW.Win32.OnLineGames.dr"
[ Panda ], "Suspicious file"
[ Fortinet ], "W32/OnLineGames.DR!tr.pws"
[ HBEDV ], "TR/PSW.OnLineGames.DR.181″
9F9A49B50B15.exe:
[ Symantec ], "W32.Gammima"
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact, Trojan-PSW.Win32.OnLineGames.dr"
[ Fortinet ], "W32/OnLineGames.DR!tr.pws"
[ HBEDV ], "TR/PSW.OnLineGames.DR.180″
update1[1].exe:
[ Symantec ], "W32.Gammima"
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact, Trojan-PSW.Win32.OnLineGames.dr"
[ Fortinet ], "W32/OnLineGames.DR!tr.pws"
[ HBEDV ], "TR/PSW.OnLineGames.DR.180″

請在此留下您的意見

大砲開講 is proudly powered by WordPress Entries (RSS) and Comments (RSS).