2004年2月19日,北京 全球领先的互联网安全技术与解决方案供应商赛门铁克公司(纳斯达克:SYMC)今日率先发现了W32.Netsky.B和W32.Beagle.B@mm病毒。目前,W32.Netsky.B病毒正在大面积爆发,据统计该病毒在全球的提交案例已达728例,企业用户的提交量已达109例,而且提交量仍在不断增加。赛门铁克安全响应中心已经将W32.Netsky.B的威胁级提升到4级(其中5级为最严重),并将W32.Beagle.B@mm病毒的威胁级别提升为3级,同时提供了清除它们的解决方案。
主要信息:
W32.Netsky.B是一个可以通过群发电子邮件迅速传播的蠕虫病毒。它通过扫描硬盘和映射驱动器搜索扩展名.msg、 .oft、 .sht 、.dbx 、.tbb 、 .asp、.uin、 .rtf 、.vbs 、.txt php、.eml 、 .html、 .htm 、.pl、 .adb、.doc 、.wab的文件来获得邮件地址,并试图使用自己的 SMTP 引擎将自身发送至它在扫描硬盘驱动器和映射驱动器时所发现的邮件地址中。该蠕虫还将搜索从C盘到Z盘驱动器中文件名带有“共享”或包含“共享”信息的文件夹,只要该盘不是光驱它就会将自己复制到这些文件夹中,并会以下列文件形式存在:
doom2.doc.pif
sex sex sex sex.doc.exe
rfc compilation.doc.exe
dictionary.doc.exe
win longhorn.doc.exe
e.book.doc.exe
programming basics.doc.exe
how to hack.doc.exe
max payne 2.crack.exe
e-book.archive.doc.exe
virii.scr
nero.7.exe
eminem - lick my pussy.mp3.pif
cool screensaver.scr
serial.txt.exe
office_crack.exe
hardcore porn.jpg.exe
angels.pif
porno.scr
matrix.scr
photoshop 9 crack.exe
strippoker.exe
dolly_buster.jpg.pif
winxp_crack.exe
W32.Netsky.B的病毒特征如下:
别名:W32/Netsky.b@MM [McAfee], W32/Netsky.B.worm [Panda], WORM_NETSKY.B [Trend Micro], Moodown.B [F-Secure], I-Worm.Moodown.b [Kaspersky]
病毒类型:蠕虫
感染长度:22,016字节
受感染系统:Windows 2000, Windows 95, Windows 98, Windows Me, Windows XP
不会受感染系统:Linux, Macintosh, UNIX, Windows 3.x
通过W32.Netsky.B发送的电子邮件具有下列特征:
标题: (为以下其中之一)
hi
hello
read it immediately
something for you
warning
information
stolen
fake
unknown
消息: (为以下其中之一)
anything ok?
what does it mean?
ok
i'm waiting
read the details.
here is the document.
read it immediately!
my hero
here
is that true?
is that your name?
is that your account?
i wait for a reply!
is that from you?
you are a bad writer
I have your password!
something about you!
kill the writer of this document!
i hope it is not true!
your name is wrong
i found this document about you
yes, really?
that is bad
here it is
see you
greetings
stuff about you?
something is going wrong!
information about you
about me
from the chatter
here, the serials
here, the introduction
here, the cheats
that's funny
do you?
reply
take it easy
why?
thats wrong
misc
you earn money
you feel the same
you try to steal
you are bad
something is going wrong
something is fool
附件名称: (为以下其中之一)
document
msg
doc
talk
message
creditcard
details
attachment
me
stuff
posting
textfile
concert
information
note
bill
swimmingpool
product
topseller
ps
shower
aboutyou
nomoney
found
story
mails
website
friend
jokes
location
final
release
dinner
ranking
object
mail2
part2
disco
party
misc
附件扩展 1: (可能将包括其中之一)
.txt
.rtf
.doc
.htm
附件扩展2: (为以下其中之一)
.exe
.scr
.com
.pif
赛门铁克的专家还建议您从正规的网站上获取病毒定义码和解决方案。用户可以通过LiveUpdate和智能更新技术自动下载病毒定义码,从而抵御病毒对网络的入侵。
有关W32.Netsky.B蠕虫的清除工具和其他详细资料,请访问
有关W32.Beagle.B@mm蠕虫的清除工具和其他详细资料,请访问
