概述
病毒別名:Backdoor.ForBot.a【AVP】處理時間:2004-06-11
威脅級別:★★★
中文名稱:混合蠕蟲
病毒類型:蠕蟲
影響系統:Win9x/WinMe/WinNT/Win2000/WinXP/Win2003
病毒行為:
IRCBot
編寫工具:Microsoft Visual C++ 6.0
傳染條件:
利用IRC 等工具,將自己偽裝為共享資源,引誘用戶下載使用,及利用漏洞傳播
發作條件:
簡介
系統修改:A、在系統安裝目錄下生成如下檔案,並將病毒前一個運行檔案刪除:
%System%smsc.exe
smsc並運行這個新生成的檔案
B、
1、在註冊表主鍵:
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentversionRunServices
HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentversionRun
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentversionRunServices
HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentversionRun
下添加如下鍵值:
"Win32 USB 2 Driver" = "smsc.exe"
C、創建一個名為"Win32 USB 2 Driver"服務
發作現象:
A、對下列網站進行DOS攻擊
www.schlund.net
www.utwente.nl
verio.fr
www.1und1.de
www.switch.ch
www.belwue.de
de.yahoo.com
www.xo.net
www.stanford.edu
www.verio.com
www.nocster.com
www.rit.edu
www.cogentco.com
www.burst.net
nitro.ucsc.edu
www.level3.com
www.above.net
www.lib.nthu.edu.tw
www.st.lib.keio.ac.jp
www.d1asia.com
www.nifty.com
yahoo.co.jp
B、DOS攻擊包括
HTTP FLOOD
UPD FLOOD
PINF FLOOD
SYN FLOOD
C、通過IRC進行傳播,控制感染機器
D、利用多種微軟漏洞進行傳播。
E、獲取遊戲CD-Key
Battlefield 1942
Black and White
Command and Conquer
Counter-Strike
FIFA 2002
FIFA 2003
Global Operations
Gunman Chronicles
Half-Life
Hidden and Dangerous 2
IGI2 Covert Strike
Industry Giant 2
James Bond 007 Nightfire
Medal of Honor Allied Assault
Medal of Honor Allied Assault Breakthrough
Medal of Honor Allied Assault spearhead
Nascar Racing 2002
Nascar Racing 2003
NHL 2002
NHL 2003
Need For Speed Hot Pursuit 2
Need For Speed Underground
Neverwinter Nights
Ravenshield
Shogun Total War Warlord Edition
Soldiers Of Anarchy
Soldier Of Fortune 2
The Gladiators
Unreal Tournament 2003
F、會對關閉多種防毒軟體的進程
ACKWIN32.EXE
ADVXDWIN.EXE
AGENTSVR.EXE
ALERTSVC.EXE
ALOGSERV.EXE
AMON9X.EXE
ANTI-TROJAN.EXE
ANTIVIRUS.EXE
ANTS.EXE
APIMONITOR.EXE
APLICA32.EXE
APVXDWIN.EXE
ATCON.EXE
ATGUARD.EXE
ATRO55EN.EXE
ATUPDATER.EXE
ATWATCH.EXE
AUPDATE.EXE
AUTODOWN.EXE
AUTOUPDATE.EXE
AVCONSOL.EXE
AVE32.EXE
AVGCC32.EXE
AVGCTRL.EXE
AVGNT.EXE
AVGSERV.EXE
AVGSERV9.EXE
AVGUARD.EXE
AVGW.EXE
AVNT.EXE
AVP.EXE
AVP32.EXE
AVPCC.EXE
AVPDOS32.EXE
AVPM.EXE
AVPTC32.EXE
AVPUPD.EXE
AVWIN95.EXE
AVWINNT.EXE
AVWUPD32.EXE
AVWUPSRV.EXE
AVXMONITOR9X.EXE
AVXMONITORNT.EXE
AVXQUAR.EXE
AckWin32.EXE
AutoTrace.EXE
AvSynMgr.AVSYNMGR.EXE
AvgServ.EXE
Avgctrl.EXE
AvkServ.EXE
Avsched32.EXE
BD_PROFESSIONAL.EXE
BIDEF.EXE
BIDSERVER.EXE
BIPCP.EXE
BIPCPEVALSETUP.EXE
BISP.EXE
BLACKD.EXE
BLACKICE.EXE
BOOTWARN.EXE
BORG2.EXE
BS120.EXE
BlackICE.EXE
CDP.EXE
CFGWIZ.EXE
CFIADMIN.EXE
CFIAUDIT.EXE
CFINET.EXE
CFINET32.EXE
CLAW95CF.EXE
CLEAN.EXE
CLEANER.EXE
CLEANER3.EXE
CLEANPC.EXE
CMGRDIAN.EXE
CMON0EXE
CONNECTIONMONITOR.EXE
CPD.EXE
CPF9X206.EXE
CPFNT206.EXE
CTRL.EXE
CV.EXE
CWNB181.EXE
CWNTDWMO.EXE
Claw95.EXE
Claw95cf.EXE
DEFWATCH.EXE
DEPUTY.EXE
DOORS.EXE
DPF.EXE
DPFSETUP.EXE
DRWATSON.EXE
DRWEB32.EXE
DVP95.EXE
DVP95_0.EXE
ECENGINE.EXE
EFPEADM.EXE
ENT.EXE
ESAFE.EXE
ESCANH95.EXE
ESCANHNT.EXE
ESCANV95.EXE
ESPWATCH.EXE
ETRUSTCIPE.EXE
EVPN.EXE
EXANTIVIRUS-CNET.EXE
EXE.AVXW.EXE
EXPERT.EXE
F-AGNT95.EXE
F-PROT.EXE
F-PROT95.EXE
F-STOPW.EXE
FAST.EXE
FINDVIRU.EXE
FIREWALL.EXE
FLOWPROTECTOR.EXE
FP-WIN.EXE
FP-WIN_TRIAL.EXE
FPROT.EXE
FRW.EXE
FSAV.EXE
FSAV530STBYB.EXE
等等。
特別說明:
