Virus Name: Trojan / Agent.pgz
Chinese name: the robot dog
Virus type: Trojan
Hazard rating: ★ ★ ★
Impact platform: Win 9X/ME/NT/2000/XP/2003
Operating characteristics of the virus:
"Robot dog" virus, mainly in Internet cafes and other software and hard to use System Restore to restore the card environment attack. Virus running, in% WinDir% \ System32 \ drivers directory named pcihdd.sys release a driver, the file will take over the freezing point or the hard disk protection card on the hard disk read and write operations, so a reduction of the virus to break system of protection to the freezing point, hard disk protection card effectiveness. Then, the virus will make use of MS06-014 and MS07-017 vulnerabilities, and vulnerabilities such as multiple applications, from http://xx.exiao ***. com /, http://www.h ***. biz /, http://www.xqh ***. com / download various online games such as malicious Web Trojan, steal, including the legendary, World of Warcraft, journey, miracle variety of online games such as account number and password, and a serious threat to the game players digital property. Because reduction of software and hard disk protection card used mostly in Internet cafes, Internet cafes as the virus attacks, therefore the hardest hit.
2010年8月16日星期一
ANI virus
Virus Name: Exploit.ANIfile
Virus Chinese name: ANI virus
Virus Type: Worm
Risk level: ★ ★
Affected platforms: Windows 2000/XP/2003/Vista
Description: The Exploit.ANIfile.b example, "ANI poison" variant b is a system using Microsoft Windows ANI file handling vulnerability (MS07-017) for the spread of network worms. "ANI poison" variant b running, self-copied to the system directory. Modify the registry, boot from the start to achieve. Infection in normal executable file and the local web files, and download a lot of Trojans. Infection in the local disk and network shared directory multiple types of Web documents (including *. HTML, *. ASPX, *. HTM, *. PHP, *. JSP, *. ASP), implanted using ANI file handling vulnerability malicious code. To the logic of self-replication under the root directory, and create a autorun.inf autoplay configuration file. Double-click the drive letter to activate the virus, causing re-infection. Modify the hosts file, shielding more than Web sites that are mostly used to spread other viruses previously the site. In addition, "ANI poison" variant of b can also use the built-in SMTP engine to spread via e-mail.
Virus Chinese name: ANI virus
Virus Type: Worm
Risk level: ★ ★
Affected platforms: Windows 2000/XP/2003/Vista
Description: The Exploit.ANIfile.b example, "ANI poison" variant b is a system using Microsoft Windows ANI file handling vulnerability (MS07-017) for the spread of network worms. "ANI poison" variant b running, self-copied to the system directory. Modify the registry, boot from the start to achieve. Infection in normal executable file and the local web files, and download a lot of Trojans. Infection in the local disk and network shared directory multiple types of Web documents (including *. HTML, *. ASPX, *. HTM, *. PHP, *. JSP, *. ASP), implanted using ANI file handling vulnerability malicious code. To the logic of self-replication under the root directory, and create a autorun.inf autoplay configuration file. Double-click the drive letter to activate the virus, causing re-infection. Modify the hosts file, shielding more than Web sites that are mostly used to spread other viruses previously the site. In addition, "ANI poison" variant of b can also use the built-in SMTP engine to spread via e-mail.
Online games Thieves
Virus Name: Trojan / PSW.GamePass.jws
Chinese name: "online game Thief" variant jws
Virus Length: 13,739 bytes
Virus type: Trojan
Hazard rating: ★ ★
Impact platform: Win 9X/ME/NT/2000/XP/2003
Trojan / PSW.GamePass.jws "online games Thieves" jws variant of "online games Thieves," one of the latest variant of the Trojan family, using Visual C + + written, and after packers processing. "Online games Thieves" variant jws running, will copy itself to the Windows directory, self-registered as "Windows_Down" system service and achieve start of the Kai. The virus will steal, including "Legend of the World," "World of Warcraft," "Perfect World" and "journey", "Swordsman" and other variety of online game players accounts and passwords, and other viruses will be downloaded to run locally. Once the computer players poisoning can lead to game accounts, equipment and other loss, damage caused to the players.
Chinese name: "online game Thief" variant jws
Virus Length: 13,739 bytes
Virus type: Trojan
Hazard rating: ★ ★
Impact platform: Win 9X/ME/NT/2000/XP/2003
Trojan / PSW.GamePass.jws "online games Thieves" jws variant of "online games Thieves," one of the latest variant of the Trojan family, using Visual C + + written, and after packers processing. "Online games Thieves" variant jws running, will copy itself to the Windows directory, self-registered as "Windows_Down" system service and achieve start of the Kai. The virus will steal, including "Legend of the World," "World of Warcraft," "Perfect World" and "journey", "Swordsman" and other variety of online game players accounts and passwords, and other viruses will be downloaded to run locally. Once the computer players poisoning can lead to game accounts, equipment and other loss, damage caused to the players.
ARP virus
Virus name: "ARP"-like virus
Virus Chinese name: "ARP"-like virus
Virus type: Trojan
Risk level: ★ ★ ★
Impact platform: Win 9X/ME/NT/2000/XP/2003
Description: ARP Spoofing-like virus (hereinafter referred to as ARP virus) is a special type of virus, the virus are generally Trojan (Trojan) viruses, does not have the characteristics of active communication, not self-replicate. However, due to the time of their attack to the whole network to send forged ARP packets, interference with the operation of the whole network, so it's damage is much worse than some worms. By forged IP address and MAC address ARP deception to achieve, can produce large amounts of ARP network traffic so that network congestion or the realization of "man in the middle" for ARP redirection and sniffing attacks. With forged source MAC address to send ARP response packet, the ARP cache mechanism of attack. When a LAN host Trojans to run ARP deception, it will deceive all hosts and routers within the LAN so that all Internet traffic must go through the virus host. Other users had access through a router now directly transferred to the host computer by the virus, when the user switches off the first line. Switch to the virus, the host computer, if the user has landed a legendary server, then the virus host will often break the illusion of false, then the user must log back legendary servers, so the virus can Daohao the host.
Virus Chinese name: "ARP"-like virus
Virus type: Trojan
Risk level: ★ ★ ★
Impact platform: Win 9X/ME/NT/2000/XP/2003
Description: ARP Spoofing-like virus (hereinafter referred to as ARP virus) is a special type of virus, the virus are generally Trojan (Trojan) viruses, does not have the characteristics of active communication, not self-replicate. However, due to the time of their attack to the whole network to send forged ARP packets, interference with the operation of the whole network, so it's damage is much worse than some worms. By forged IP address and MAC address ARP deception to achieve, can produce large amounts of ARP network traffic so that network congestion or the realization of "man in the middle" for ARP redirection and sniffing attacks. With forged source MAC address to send ARP response packet, the ARP cache mechanism of attack. When a LAN host Trojans to run ARP deception, it will deceive all hosts and routers within the LAN so that all Internet traffic must go through the virus host. Other users had access through a router now directly transferred to the host computer by the virus, when the user switches off the first line. Switch to the virus, the host computer, if the user has landed a legendary server, then the virus host will often break the illusion of false, then the user must log back legendary servers, so the virus can Daohao the host.
U disk parasites
Virus Name: Virus.Autorun.gr
Chinese name: "U disk parasites" variant gr
Virus Length: 22,096 bytes
Virus Type: Worm
Risk level: ★ ★
Impact platform: Win 9X/ME/NT/2000/XP/2003
Virus.Autorun "U disk parasite" is a use of U disk and other mobile devices to spread the worm. "U disk parasites" is such an automatic play for the autorun.inf file worm. autorun.inf files are generally present in the U disk, MP3, mobile hard disk and hard disk root directory of each partition, when the user double-clicks and other equipment when the U disk, the file will automatically play using Windows system functions run the autorun.inf file priority , and the file will be executed immediately by the virus program to load, thus undermining the user's computer, so that the user's computer losses.
Chinese name: "U disk parasites" variant gr
Virus Length: 22,096 bytes
Virus Type: Worm
Risk level: ★ ★
Impact platform: Win 9X/ME/NT/2000/XP/2003
Virus.Autorun "U disk parasite" is a use of U disk and other mobile devices to spread the worm. "U disk parasites" is such an automatic play for the autorun.inf file worm. autorun.inf files are generally present in the U disk, MP3, mobile hard disk and hard disk root directory of each partition, when the user double-clicks and other equipment when the U disk, the file will automatically play using Windows system functions run the autorun.inf file priority , and the file will be executed immediately by the virus program to load, thus undermining the user's computer, so that the user's computer losses.
订阅:
博文 (Atom)