女人國女性購物社群入口網站又被植入惡意連結

2007 年 11 月 26 日 – 12:55:00

女人國女性購物社群入口網站又被植入惡意連結,此惡意程式為 Trojan-PSW.Win32.OnLineGames

.dr

,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦,請各位暫時不要瀏覽這個網站,以免中毒。

惡意連結/程式碼是放置在首頁 (其他頁面可能要仔細檢查一下囉) 中的 (放置在她們自己的網站中):

執行之後,有下面的行為:

[Added service]
NAME: Winsysser
DISPLAY: WindowsServer
FILE: C:\WINDOWS\system32\ddos.exe

[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\~V5SFDYCLNTKs.ExE
C:\Documents and Settings\Administrator\Local Settings\Temp\~V5SFDYCLNTKs.VbS
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\bot[1].exe
C:\WINDOWS\system32\ddos.exe

到目前為止 (2007/11/23 @ 17:28),下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考):

bo0k.htm:
[ Alpha_Gen ], "Possible_EncScr"
[ Beta_Gen ], "Possible_EncScr"
[ McAfee ], "[0000001a.vbs]:VBS/Psyme"
[ McAfee_Beta ], "[0000001a.vbs]:VBS/Psyme"
[ HBEDV ], "HEUR/Exploit.HTML"
[ WebWasher ], "BlockReason.46 (suspicious)"
bot[1].exe:
[ IntelliTrap ], "PAK_Generic.006″
[ Alpha_Gen ], "Possible_HUPIGON"
[ Microsoft ], "[->(Upack)]:VirTool:Win32/DelfInject.gen!L"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.dr"
[ McAfee ], "BackDoor-ALC"
[ McAfee_Beta ], "BackDoor-ALC"
[ Sophos ], "Mal/Behav-058″
[ Panda ], "Bck/Antilam.AN"
[ Panda_Beta ], "Bck/Antilam.AN"
[ Nod32 ], "Win32/Delf.NEA trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Crypt.CFI.Gen"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-Spy.Win32.Banker.ahy"
[ Ewido ], "Backdoor.Delf.aow"
[ eAladdin ], "Suspicious File [100]"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.14″
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.Crypt.CFI.Gen"
[ bitdefender ], "Backdoor.Delf.HAR"
ddos.exe:
[ IntelliTrap ], "PAK_Generic.006″
[ Alpha_Gen ], "Possible_HUPIGON"
[ Microsoft ], "[->(Upack)]:VirTool:Win32/DelfInject.gen!L"
[ Kaspersky ], "PAK:UPack, Trojan-PSW.Win32.OnLineGames.dr"
[ McAfee ], "BackDoor-ALC"
[ McAfee_Beta ], "BackDoor-ALC"
[ Sophos ], "Mal/Behav-058″
[ Panda ], "Bck/Antilam.AN"
[ Panda_Beta ], "Bck/Antilam.AN"
[ Nod32 ], "Win32/Delf.NEA trojan"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Crypt.CFI.Gen"
[ Norman ], "Security Risk W32/Suspicious_U.gen"
[ Ikarus ], "Trojan-Spy.Win32.Banker.ahy"
[ Ewido ], "Backdoor.Delf.aow"
[ eAladdin ], "Suspicious File [100]"
[ vba32 ], "MalwareScope.Trojan-PSW.Game.14″
[ Sunbelt ], "VIPRE.Suspicious"
[ WebWasher ], "Trojan.Crypt.CFI.Gen"
[ bitdefender ], "Backdoor.Delf.HAR"

請在此留下您的意見

大砲開講 is proudly powered by WordPress Entries (RSS) and Comments (RSS).