聖誕節MSN病毒

2007 年 12 月 26 日 – 13:14:00

昨天收到從一個朋友的MSN傳送過來的一個樣本,名為「christmas-2007.zip」,壓縮檔中包含一個名為 「img2007-12.JPEG.scr」的檔案,分析後,它具有惡意行為,請各位小心囉。

執行之後,有下面的行為:

[Added process]
C:\WINDOWS\servidevice.exe

[Added file]
C:\WINDOWS\Chirstmas-2007.zip
C:\WINDOWS\servidevice.exe

[Added registry]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value=ryan1918
Data=servidevice.exe

到目前為止 (2007/12/25 @ 13:58),下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考):

Chirstmas-2007.zip/img2007-12.JPEG.scr:
[ Nod32 ], "Win32/IRCBot.ABP trojan"
[ Fortinet ], "suspicious"
[ Rising ], "Backdoor.Win32.PBot.b"
[ Ikarus ], "Trojan-Downloader.Win32.Banload.ams"
[ Authentium ], "W32/Document-disguised-based!Maximus"
[ WebWasher ], "BlockReason.46 (suspicious)"
servidevice.exe:
[ Nod32 ], "Win32/IRCBot.ABP trojan"
[ Fortinet ], "suspicious"
[ Rising ], "Backdoor.Win32.PBot.b"
[ Ikarus ], "Trojan-Downloader.Win32.Banload.ams"
[ Authentium ], "W32/Document-disguised-based!Maximus"
[ WebWasher ], "BlockReason.46 (suspicious)"

請在此留下您的意見

大砲開講 is proudly powered by WordPress Entries (RSS) and Comments (RSS).