Shunze 學園 >電腦資訊學系 >病毒追追追 > 《分享》透過E-mail傳播的病毒w32.mytob.ee@mm 哈囉，還沒有註冊或者登入。請你[註冊|登入]

« 上一篇主題 下一篇主題 » 顯示成列印模式 | 增加到我的最愛

作者	主題
shunze 工友伯伯 註冊日期: 2002 04 來自: 潮汐終止之地 文章: 2380	《分享》透過E-mail傳播的病毒w32.mytob.ee@mm 最近順子公司出現了一隻透過email散佈的病毒。 這個email的內容如下： 引用 Dear user shunze, You have successfully updated the password of your E-novadesign account. If you did not authorize this change or if you need assistance with your account, please contact E-novadesign customer service at: administrator@e-novadesign.com Thank you for using E-novadesign! The E-novadesign Support Team 附加檔是account-password.zip，計25個位元組 信件是純文字檔，有問題的是附加檔夾藏了病毒w32.mytob.ee@mm(賽門鐵克定義)。 信件內容警示使用者剛剛已變更過密碼， 若使用者並未授權這項改變，請聯絡系統管理員帳號。 其實就算回覆系統管理員也沒有問題， 只是若開啟附加檔account-password.zip， 在沒有防毒軟體的情況下，您就會中毒了。 中毒後，病毒會在你的系統中找尋wab,html,adb,tbb,dbx,asp,php,xml,cgi,jsp,sht,htm這些檔案， 將可用的email，透過以下鍵值中可用的smtp伺服器進行病毒的傳播。 HKCU\Software\Microsoft\Internet Account Manager\Accounts 所以我會收到這封信，意思就是說公司之中有人中毒啦！ 其實這個病毒在2005/6/11就已發現， 只要有裝防毒軟體，應該都能有效阻擋才對。 幾家防毒大廠對於該病毒的命名如下： W32.Mytob.EE@mm (Symantec), W32/Mytob.gb@MM (McAfee), Win32/Mytob.JL!Worm, WORM_MYTOB.LD (Trend), W32/Mytob.MO@mm (F-Secure), W32/Mytob-EU (Sophos), Email-Worm.Win32.Fanbot.f (Kaspersky) 病毒郵件內容有幾下幾種型式 Dear user , You have successfully updated the password of your account. If you did not authorize this change or if you need assistance with your account, please contact customer service at: Thank you for using ! The Support Team ------------------------------------------------------------------------------------ Dear Member, We have temporarily suspended your email account This might be due to either of the following reasons: 1. A recent change in your personal information (i.e. change of address). 2. Submiting invalid information during the initial sign up process. 3. An innability to accurately verify your selected option of subscription due to an internal error within our processors. See the details to reactivate your Sincerely,The Support Team ------------------------------------------------------------------------------------ Dear Member, Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service. If you choose to ignore our request, you leave us no choice but to cancel your membership. Virtually yours, The Support Team ----------------------------------------------------------------------------------- Dear user It has come to our attention that your User Profile ( x ) records are out of date. For further details see the attached document. Thank you for using ! The Support Team 該病毒的移除工具，下載網址如下(賽門鐵克版)： http://securityresponse.symantec.com/avcenter/FixMytob.exe 希望大家都用不到... ♥順子老婆的網拍，請多關照∼ If you don't like something, change it. If you can't change it, change your attitude. Don't complain!
2006-01-09, 10:41
« 上一篇主題 下一篇主題 »

跳到: 請選擇: ------------------ 搜尋 首頁 ------------------ 電腦資訊學系-- 吃軟不吃硬-- 硬底子-- 電腦密技-- 病毒追追追-- OpenNMS-- OpenStack-- 資料庫管理-- Exchange 2010資訊設備專區-- Extreme & Enterasys-- Array-- Cyberoam-- Sophos XG應用生活學系-- 生活哲學-- 網路文學-- 輕鬆一下-- 暗黑追緝令-- 美食記事本-- 生活新鮮事-- 醫，二三事啊哩不達-- 新手測試區-- 意見與問題反應-- 牢騷與吐槽-- 其它主題同班同學-- 海市蜃樓-- 佑邦通訊-- Chiardy飛翔記事

Powered by: Burning Board 1.1.1 2001 WoltLab GbR