本栏目由趋势科技提供
当心WORM_GRUEL系列,冒充软件公司发送补丁程序及新病毒防毒程序
趋势科技近期发布了数个WORM_GUREL系列的病毒通告
WORM_GRUEL.D
该破坏性蠕虫为WORM_GRUEL.A的变种。通过电子邮件以及点对点的文件共享软件:KaZaA传播。
该蠕虫发送的电子邮件详细内容如下:
主题: Microsoft Windows Critical Update
正文: Critical Update: The Microsoft Windows updates found on this patch include fixes to following Windows operating systems: Any update that is critical to the operation of your computer is considered a Critical Update, and is automatically selected for installation during the scan for available updates. This patch is provided to help resolve known issues, and to protect your computer from known security vulnerabilities and all kinds of viruses. Whether a patch applies to your operating system, software programs, or hardware, it is listed in the Critical Updates category, like this patch attached. For Support please contact us at support@microsoft.com
附件: Rundll32.exe
或者作为文件"Windows XP Keygen 2.5.exe"从Kazaa下载。
该蠕虫的发作情形有:删除文件,显示消息框以及修改注册表使得在特定类型文件(.EXE, .COM, PIF, .BAT, .HT or .HTA)打开时蠕虫被执行。.
对该病毒的防护可以从以下连接下载最新版本的病毒码:
http://www.trendmicro.com.cn/corporate/downloads/downloads.htm
病毒详细信息,可以查询:
http://www.trendmicro.com.cn/vinfo/virusencyclo/default5.asp?VName=WORM_GRUEL.D
WORM_GRUEL.E
该破坏性蠕虫为WORM_GRUEL.A的变种。通过电子邮件以及点对点的文件共享软件:KaZaA传播。
该蠕虫发送的电子邮件详细内容如下:
主题: Symantec: New serious virus found
正文:
Norton Security Response: has detected a new virus in the Internet. For this reason we made this tool attachement, to protect your computer from this serious virus. Due to the number of submissions received from customers, Symantec Security Response has upgraded this threat to a Category 5 (Maximum ).附件: Rundll32.exe 或 Mail Key 1.3 Trial.exe
或者作为文件"Matrix Reloaded 2 avi.exe"从Kazaa下载
该蠕虫的发作情形有:删除文件,显示消息框以及修改注册表使得在特定类型文件(.EXE, .COM, PIF, .BAT, .HT or .HTA)打开时蠕虫被执行。.
对该病毒的防护可以从以下连接下载最新版本的病毒码:
http://www.trendmicro.com.cn/corporate/downloads/downloads.htm
病毒详细信息,可以查询:
http://www.trendmicro.com.cn/vinfo/virusencyclo/default5.asp?VName=WORM_GRUEL.E
WORM_GRUEL.H
与其它变种类似,该变种同样带有破坏性行为,会删除以下一些重要文件:
C:\AUTOEXEC.bat
C:\config.sys
C:\WINNT\system32\ntoskrnl.exe
C:\WINNT\system32\command.com
C:\WINNT\regedit.exe
C:\windows\system32\ntoskrnl.exe
C:\windows\system32\command.com
C:\windows\regedit.exe
C:\WINNT\system32\*.exe
C:\WINNT\system32*.com
C:\WINNT\system32\*.dll
C:\WINNT\system32\*.ocx
C:\windows\system32\*.dll
C:\windows\system32\*.ocx
C:\windows\system32\*.exe
C:\windows\system32\*.com
C:\WINNT\Program Files\Norton AntiVirus\NAVW32.exe
C:\windows\Program Files\Norton AntiVirus\NAVW32.exe
以下文件夹也会被删除:
C:\WINNT\system
C:\windows\system
C:\WINNT\system32
C:\windows\system32
C:\inetpub\wwwroot
传播行为通过发送邮件到Microsoft Outlook地址簿中所有联络人达到。电子邮件的详细内容如下:
主题 : Symantec: New serious virus found
正文 : Norton Security Response: has detected a new virus in the Internet. For this reason we made this tool attachement, to protect your computer from this serious virus. Due to the number of submissions received from customers, Symantec Security Response has upgraded this threat to a Category 5 (Maximum )
附件: Rundll32.exe
同样也可经由Kazaa这一点对点文件共享软件传播。
修改Internet Explorer标题栏,打开CD-ROM驱动器,并且禁用Windows功能,例如搜索和运行功能。
对该病毒的防护可以从以下连接下载最新版本的病毒码:
http://www.trendmicro.com.cn/corporate/downloads/downloads.htm
病毒详细信息,可以查询:
http://www.trendmicro.com.cn/vinfo/virusencyclo/default5.asp?VName=WORM_GRUEL.H
网友评论