WORM_LOVGATE.AG病毒的简要描述如下:
TrendLabs已经在日本收到多个感染这个LOVGATE变种的报告。
该病毒被检测为WORM_LOVGATE.AG,可常驻内存,利用电子邮件和网路共享进行传播。
病毒试图使用用户名和口令列表访问共享文件,然后在共享文件夹中生成病毒拷贝。
病毒会在多个的文件夹(包括映射网络文件夹)中生成拷贝,拷贝使用BAT,COM,PIF,EXE和ZIP作为文件扩展名。
病毒会使用MAPI发送自身拷贝。
病毒从驱动器C-Z中搜索含有特定扩展名的文件,然后从中收集邮件地址。
病毒所发送的邮件有如下细节特征:
主题:
·Hi
·Hello
·Status
正文:
·Mail failed. For further assistance, please contact!
·The message contains Unicode characters and has been sent as a binary attachment.
·It's the long-awaited film version of the Broadway hit. The message sent as a binary attachment.
·If you can keep your head when all about you
Are losing theirs and blaming it on you;
If you can trust yourself when all men doubt you,
But make allowance for their doubting too;
If you can wait and not be tired by waiting,
Or, being lied about,don't deal in lies,
Or, being hated, don't give way to hating,
And yet don't look too good, nor talk too wise;
... ... more look to the attachment.
附件:
·Britney spears nude.exe.txt.exe
·Deutsch BloodPatch!.exe
·dreamweaver MX (crack).exe
·DSL Modem Uncapper.rar.exe
·How to Crack all gamez.exe
·I am For u.doc.exe
·Industry Giant II.exe
·joke.pif
·Macromedia Flash.scr
·Me_nude.AVI.pif
·s3msong.MP3.pif
·SETUP.EXE
·Sex in Office.rm.scr
·Shakira.zip.exe
·StarWars2 - CloneAttack.rm.scr
·the hardcore game-.pif
附件文件会使用双扩展名,以诱使用户点击运行。
病毒会在“发件人”一项和信件中使用虚假的地址。
病毒为使自身正常运行,会终止掉一些防病毒产品的进程及其他一些恶意程序。
病毒会生成多个PE_LOVGATE.AE 和 WORM_LOVGATE.V的拷贝。
该病毒经过Aspack压缩,可运行在Windows 95, 98, ME, NT, 2000和XP系统中。 |
发表于 2004-7-14 05:00:00
楼主