作者: shunze 發表時間: 2006-01-09, 10:41: 《分享》透過E-mail傳播的病毒w32.mytob.ee@mm 最近順子公司出現了一隻透過email散佈的病毒。 這個email的內容如下： 引用 Dear user shunze, You have successfully updated the password of your E-novadesign account. If you did not authorize this change or if you need assistance with your account, please contact E-novadesign customer service at: administrator@e-novadesign.com Thank you for using E-novadesign! The E-novadesign Support Team 附加檔是account-password.zip，計25個位元組 信件是純文字檔，有問題的是附加檔夾藏了病毒w32.mytob.ee@mm(賽門鐵克定義)。 信件內容警示使用者剛剛已變更過密碼， 若使用者並未授權這項改變，請聯絡系統管理員帳號。 其實就算回覆系統管理員也沒有問題， 只是若開啟附加檔account-password.zip， 在沒有防毒軟體的情況下，您就會中毒了。 中毒後，病毒會在你的系統中找尋wab,html,adb,tbb,dbx,asp,php,xml,cgi,jsp,sht,htm這些檔案， 將可用的email，透過以下鍵值中可用的smtp伺服器進行病毒的傳播。 HKCU\Software\Microsoft\Internet Account Manager\Accounts 所以我會收到這封信，意思就是說公司之中有人中毒啦！ 其實這個病毒在2005/6/11就已發現， 只要有裝防毒軟體，應該都能有效阻擋才對。 幾家防毒大廠對於該病毒的命名如下： W32.Mytob.EE@mm (Symantec), W32/Mytob.gb@MM (McAfee), Win32/Mytob.JL!Worm, WORM_MYTOB.LD (Trend), W32/Mytob.MO@mm (F-Secure), W32/Mytob-EU (Sophos), Email-Worm.Win32.Fanbot.f (Kaspersky) 病毒郵件內容有幾下幾種型式 Dear user , You have successfully updated the password of your account. If you did not authorize this change or if you need assistance with your account, please contact customer service at: Thank you for using ! The Support Team ------------------------------------------------------------------------------------ Dear Member, We have temporarily suspended your email account This might be due to either of the following reasons: 1. A recent change in your personal information (i.e. change of address). 2. Submiting invalid information during the initial sign up process. 3. An innability to accurately verify your selected option of subscription due to an internal error within our processors. See the details to reactivate your Sincerely,The Support Team ------------------------------------------------------------------------------------ Dear Member, Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service. If you choose to ignore our request, you leave us no choice but to cancel your membership. Virtually yours, The Support Team ----------------------------------------------------------------------------------- Dear user It has come to our attention that your User Profile ( x ) records are out of date. For further details see the attached document. Thank you for using ! The Support Team 該病毒的移除工具，下載網址如下(賽門鐵克版)： http://securityresponse.symantec.com/avcenter/FixMytob.exe 希望大家都用不到...

Powered by: Burning Board 1.1.1 2001 by WoltLab
Taiwan Translation by Achi