New!


	Ö÷Ò³ >> ¼¼ÊõÖ§³Ö

²¡¶¾Ãû³Æ£ºÈä³æ²¡¶¾Win32.Robzips.A
ÆäËüÃû³Æ£ºW32/Backdoor.HZL (F-Secure), Win32/Robknot.P!Worm, Win32/Robzips, Win32.Robzips.A, Win32/Robzips.A!ZIP, Email-Worm.Win32.Brontok.n (Kaspersky)
²¡¶¾ÊôÐÔ£ºÈä³æ²¡¶¾	Î£º¦ÐÔ£º¸ßÎ£º¦	Á÷ÐÐ³Ì¶È£º¸ß
¾ßÌå½éÉÜ£º
²¡¶¾ÌØÐÔ£º Win32.Robzips.AÊÇÒ»ÖÖÍ¨¹ýÓÊ¼þ´«²¥µÄÈä³æ¡£ËüÊÇ´óÐ¡Îª45,120×Ö½Ú£¬ÒÔUPX¸ñÊ½¼Ó¿ÇµÄWin32¿ÉÔËÐÐ³ÌÐò¡£²¡¶¾Í¨¹ý·¢ËÍ´øÓÐ´óÐ¡Îª3,894×Ö½ÚµÄZIP¸½¼þµÄÓÊ¼þ½øÐÐ´«²¥¡£ZIP¸½¼þÖÐ°üº¬Ò»¸öÏÂÔØÆ÷ºÍÒ»¸öÅú´¦ÀíÎÄ¼þ¡£ ¸ÐÈ¾·½Ê½£º ÔËÐÐÊ±£¬Win32.Robzips.AÔÚ%System%Ä¿Â¼ÖÐÉú³ÉÒ»¸öÈÎÒâÃû³ÆµÄÎÄ¼þ¼Ð£¬²¢Ê¹ÓÃÒÔÏÂÎÄ¼þÃû¸´ÖÆ²¡¶¾µ½Õâ¸öÎÄ¼þ¼Ð£º smss.exe csrss.exe lsass.exe services.exe winlogon.exe ËæºóÔËÐÐÕâÐ©ÎÄ¼þ¡£ ×¢£º'%System%'ÊÇÒ»¸ö¿É±äµÄÂ·¾¶¡£²¡¶¾Í¨¹ý²éÑ¯²Ù×÷ÏµÍ³À´¾ö¶¨SystemÎÄ¼þ¼ÐµÄÎ»ÖÃ¡£Windows 2000 and NTÄ¬ÈÏµÄÏµÍ³°²×°Â·¾¶ÊÇC:\Winnt\System32; 95,98 ºÍ ME µÄÊÇC:\Windows\System; XP µÄÊÇC:\Windows\System32¡£ Ëü»¹»áÊ¹ÓÃÈÎÒâÎÄ¼þÃû¸´ÖÆµ½Õâ¸öÎÄ¼þ¼ÐºÍ%Windows%Ä¿Â¼ÖÐ£¬»¹ÓÐÒÔÏÂÎ»ÖÃ£º %Windows%\_default<random value>.pif Robzips»¹»á¸´ÖÆµ½%Application Data%\jalak-93<random value>-bali.com£¬²¢Ìí¼ÓÕâ¸öÎÄ¼þµ½Ô¤¶¨ÈÎÎñÁÐ±íÖÐ£¬ÎªÁËÃ¿Ìì11:03 am ºÍ 5:08 pmÊ±¼äÔËÐÐ²¡¶¾¡£ ×¢£º%Application Data% ÊÇÒ»¸ö¿É±äÄ¿Â¼£¬Ò»°ãÔÚÒÔÏÂÎ»ÖÃ"C:\Documents and Settings\<user name>\Local Settings\Application Data"¡£ ²¡¶¾Éú³ÉÒ»¸öÎÄ±¾ÎÄ¼þ"C:\Baca Bro !!!.txt"£¬Õâ¸öÎÄ¼þ°üº¬ÒÔÏÂÄÚÈÝ£º ÓÃ»§´ò¿ªÕâ¸öÎÄ¼þä¯ÀÀÊ±£¬Robzips»á¹Ø±ÕËü£¬²¢ÏÔÊ¾ÏÔÊ¾ÒÔÏÂÐÅÏ¢£º ´«²¥·½Ê½ Í¨¹ýÓÊ¼þ´«²¥ Robzips·¢ËÍÓÊ¼þµÄÓÊ¼þµØÖ·´Ó±¾µØÎÄ¼þÖÐ»ñÈ¡£¬ËüËÑË÷ÒÔÏÂÀ©Õ¹ÃûµÄÎÄ¼þ£º txt htm html csv eml wab asp php cfm doc xls ppt »ñÈ¡µÄÓÊ¼þµØÖ·±£´æÔÚ"%System%\<random folder name>\Spread.Mail.Bro" and "%System%\<random folder name>\Spread.Sent.Bro"¡£ Robzips.A²»·¢ËÍ°üº¬ÒÔÏÂ×Ö·û´®µÄÓÊ¼þµØÖ·£º -- -. -@ -_ .- .. .@ ._ .ASP .CA.COM .cfm .doc .eml .EXE .gif .HTM .JS .pdf .PHP .ppt .txt .VBS .xls @- @. @123 @_ @ABC @MAC @mm _- _. _@ __ abuse acer ADMIN ADOBE AHNLAB ALADDIN ALERT ALWIL anony ANTIGEN APACHE ARCHIEVE ASDF ASSOCIATE AVAST AVG AVIRA BILLING@ BLACK BLAH BLEEP borland BROWSE BUG BUILDER BUNTU CANON CASTLE chip CILLIN CISCO CLICK CNET code coding compaq COMPUSE COMPUTE CONTOH CRACK DARK DATABASE DEMO detik DEVELOP DOMAIN DOWNLOAD ELECTRO ELEKTRO ESAFE ESAVE ESCAN EXAMPLE FEEDBACK FOO@ FREE FUCK FUJI FUJITSU GATEWAY GRISOFT GROUP guru HACK HAURI HELP HIDDEN HP. IBM. IEEE INFO@ INFORMA INTEL. IPTEK IRFANVIEW jpg KDE KOMPUTER LAB LINUX LOOKSMART LOTUS LUCENT MACRO MASTER MATH MICRO MICROSOFT MOZILLA MSDN MYSQL NASA NETSCAPE NETWORK NEWS NOD32 NOKIA NONE NORMAN NORTON NOVELL NVIDIA OPERA OVERTURE PANDA pcmag pcmedia pcplus POSTGRE PROGRAM PROLAND PROMO PROTECT PROXY RECIPIENT REDHA REGIST RELAY RESPONSE ROBOT SALES script SECUN SECURE SECURITY SEKUR SENIOR SERVER SERVICE SIEMENS SIERRA SLACK SMTP SOFT SOME SOURCE SPAM SPERSKY SPYW STUDIO SUN. SUPPORT SUSE SYBARI SYMANTEC SYNDICAT TELECOM TEST torvald TRACK TREND trovald TRUST UPDATE USERNAME VAKSIN VIRUS W3. w32 WINRAR WINZIP WWW XANDROS XEROX XXX yahoo YOUR ZDNET ZEND ZOMBIE