荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: xhjx (回家的感觉真好), 信区: Virus
标 题: W32/Maldal.i@MM
发信站: 荔园晨风BBS站 (Fri Feb 22 16:27:04 2002), 站内信件
病毒名称:W32/Maldal.i@MM
发现日期:2002-02-20
最早出现地区:未知
病毒长度:23552字节
病毒类型:Win32病毒
别名:W32.Maldal.I@mm (NAV), W32/Maldal-I (Sophos), W32/Maldal.I
(Panda), Win32.Maldal.I (CA)
病毒特征:该邮件蠕虫病毒会从设有缓冲的网页及Outlook地址簿中收集邮件
地址、删除快捷键以及导致系统性能不稳定。它的邮件主题众多,基本上是从以下
主题中随机选择:
Subject: Fwd:
Subject: Fwd: [DrFun-egroup] Let‘s Laugh
Subject: Fwd: [Finance-group] Do you wanna be a rich man?
Subject: Fwd: [FunMaiL-group]Bush under bin laden‘s cock !!!
Subject: Fwd: [FuNnY-egroup]Hehehehehe damn
Subject: Fwd: [Gays-egroup]Oh Shittttt
Subject: Fwd: [Jews-egroup] Sharoon Owns The World
Subject: Fwd: [JewsFood-egroup] Dogs Meat !!!
Subject: Fwd: [lovedreams-egroup] love speaks from the heart ...
Subject: Fwd: [LsbianLovers-group] Lick my asshole
Subject: Fwd: [Muzicana-Group] Download what you want
Subject: Fwd: [Pc.CLup-Group] Learn how to deal with DOS
Subject: Fwd: [PianoMoZart-egroup] Wow Romantic
Subject: Fwd: [PussyLand-egroup] How sweet...
Subject: Fwd: [PussyPiss-egroup] Piss On my face :O
Subject: Fwd: [RomanticLife-group] Learn How To Love ...
Subject: Fwd: [Scr-News-egroup] Have u ever seen BLOOD
Subject: Fwd: [sex-is] HoT MoVies
Subject: Fwd: [SexyGurls-egroup] Raping a little girl
Subject: Fwd: [SpanishGirlsGroup] Hola ...
Subject: Fwd: [Teen-egroup] Three Ways For Love
Subject: Fwd: [TeroNews-Group] Too Late ... Bin Laden has been
killed
Subject: Fwd: [Yabdoo-egroup]For HaCkers Lovers
Subject: Fwd: Are you looking for FUN !!!?
Subject: Fwd: Let‘s Dance & forget pains
Subject: Fwd: The rights of women !!!
Subject: Fwd: WoOoOoOow
Subject: Fwd:[Anal-sex-team] OOOH Faster
Subject: Fwd:[RapingTeen-eGroup] Oh My God !!!
Subject: Fwd:Against the power of women
Subject: Fwd:Change your life with Dr.Jobreee
Subject: Fwd:Fwd:If you care about your wife
Subject: Fwd:Have u ever seen your face?! (Funny)
Subject: Fwd:Is there any true love
Subject: Fwd:Loneliness ...
Subject: Fwd:Remember our survivors
Subject: Fwd:Say ‘I Love You‘ in 300 languages
Subject: Fwd:Send it to every body you love ;)
Subject: Fwd:The demand of sex ... where does it lead us to ?
Subject: Fwd:Tonight is... The Night Of Sex
Subject: Fwd:Wow , We are the same
Subject: Re:Fwd:Romantic Day
Subject: Take a picture for your self (Don‘t be mad its only a
joke)
Subject: Zakia Zakaria & Najati :P
正文为空;
附件也可能有三种情况,
附件: (被感染系统的机器名).pif
或: (其它的随机名称).pif
或: (无)
附件执行后,电脑即会感染病毒,它首先弹出如下窗口:
与此同时,病毒将自身拷贝至整个系统的各个目录下:
1. 在Windows及Windows系统目录下生成ZaCker.pif
2. 在Windows目录下生成HIDE.pif
3. 在每个目录下生成与目录同名后缀为.pif的文件,如c:\My
Documents\My Documents.pif
另外,为在系统启动时,病毒自动运行,它也会创建注册表运行键:
· HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run\NAV DefAlert=C:\WINDOWS\SYSTEM\ZaCker.pif
· For each foldername.pif file that was created a corresponding
registry entry is also created: ie.
o HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run\My Documents=C:\My Documents\My Documents.pif
而且,此病毒还有内部时钟,它会周期性地将自身发送给在Outlook地址簿或
硬盘上的.htm及Html文档中找到的邮件地址,同时会显示一幅图片覆盖桌面:
此外,它还会删除病毒运行目录下的所有快捷键。
中毒迹象:
中毒后会在系统上出现许多后缀为.pif的文件,以及上述图片,并且系统性能
不稳定,许多应用程序被装载至内存中。
传染方式:
运行带毒邮件的附件后向所有邮件地址传播。
--
_ __ [ ID ]: xhjx 江湖险恶,但是你又不得不在江湖走动;
| l/ / [职称]:帮主 孤身一人,总会遭到欺负,于是偶创立本
| / [理想]:guanshui 帮,吸纳各路英雄好汉,凡帮内兄弟,应
l__/ [奖金]:only kiss ok?ok! 互相照应,凡报告,旁听等快事,应通知
Virus [住址]:Virus Board 本帮其他兄弟,以本签名档为本帮标志.
================>>>>>>>>>>>>>>>>偶在Virus帮<<<<<<<<<<<<<<<<=================
※ 来源:·荔园晨风BBS站 bbs.szu.edu.cn·[FROM: 203.93.19.1]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店