萬盛學電腦網 >> 健康知識 >> MSN小尾巴(worm.MSNFunny)蠕蟲病毒分析報告
MSN小尾巴(worm.MSNFunny)蠕蟲病毒分析報告
病毒名稱: Worm.MSNFunny中文名稱: MSN小尾巴威脅級別: 三級病毒類型: 蠕蟲 受影響系統: Win9x/WinNT/Win2K/WinXP/Win2003發現時間:2004年10月10日
破壞方式:
A、將自身復制到系統目錄下,在Windows 98系統下,並會替換系統文件Rundll32.exe,導致系統不能正常關機;B、在WinNT/Win2000/WinXP/Win2003系統下,會修改Host文件,使用戶在訪問正常網站時連接到***78p.com,影響了用戶對網站的正常訪問;C、病毒會利用MSN、QQ傳播,將病毒自身以funny.exe文件名發送給好友,誘使感染用戶的好友運行該文件。
發作特點:
A、在Windows 98/me系統下,會替換系統文件Rundll32.exe,導致系統不能正常關機;
B、WinNT/Win2000/WinXP/Win2003下會修改Host文件,5自學網,使用戶在訪問近千個主流網站時轉連到***78p.com,可能導致對該網站的DoS攻擊;C、病毒利用MSN,QQ傳播,將病毒自身以funny.exe文件名發送給好友,並發送如下消息之一:
一家新開的酒吧,晚上聚聚,這裡有介紹 ***78p.com,記得給我電話朋友,多注意休息啊,可以到這裡放松放松哦,***78p.com我們也來俗一把如何,看MM去,***78p.com,夠味!呵呵!日本人在南京大屠殺的鐵證!堅決抵制日貨 ***78p.com對中國威脅最大的十個國家!列表 ***78p.com我見過最漂亮的視頻MM (不看可別後悔), ***78p.com《中國農民調查》頁頁血淚,驚動中央 轉自網易, ***78p.com
技術特點:
1、將自身復制到: %SystemRoot%\rundll32.exe(98下會替換系統文件,導致系統不能正常關機)%System%\explorer.exe%System%\IEXPLORE.EXE%System%\userinit32.exeC:\funny.exe2、生成 %System%\BSFIRST2.LOG 日志文件
3、Win9x/ME下 病毒會修改system.ini文件[boot]Shell=explorer.exe為以下內容[boot]Shell=%System%\explorer.exe
4、病毒每隔60秒,就會注冊表主鍵HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run添加如下鍵值: "MMSystem"="%SystemRoot%\rundll32.exe "%System%\mmsystem.dll"", RunDll32"防止用戶更改該鍵。
5、WinNT/Win2000/WinXP/Win2003系統下,會將注冊表主鍵HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon的鍵值"Userinit"="%System%\userinit.exe,"修改為:"%System%\userinit32.exe,"使得系統加載的不是正常的userinit.exe,而是病毒文件。
6、病毒會運行多個進程,並監視自身進程是否被關閉,如果關閉,則再啟動自身。
7、病毒會利用MSN,QQ傳播,將病毒自身以funny.exe文件名發送給好友,誘使感染用戶的好友運行該文件。並發送如下消息之一:
一家新開的酒吧,晚上聚聚,這裡有介紹 ***78p.com,記得給我電話朋友,多注意休息啊,可以到這裡放松放松哦,***78p.com我們也來俗一把如何,5自學網,看MM去,***78p.com,夠味!呵呵!日本人在南京大屠殺的鐵證!堅決抵制日貨 ***78p.com對中國威脅最大的十個國家!列表 ***78p.com我見過最漂亮的視頻MM (不看可別後悔), ***78p.com《中國農民調查》頁頁血淚,驚動中央 轉自網易, ***78p.com
8、在C盤根目錄下建立一個名為Killme.cmd 或Stopme.cmd文件,則病毒會停止運行。
9、WinNT/Win2000/WinXP/Win2003下會修改Host文件%System%\drivers\etc\hosts為127.0.0.1 localhost222.89.98.219 cmfu.com222.89.98.219 9i0.com222.89.98.219 9flash.com222.89.98.219 nowok.net222.89.98.219 wisa.com.cn222.89.98.219 www.wisa.cn222.89.98.219 wisa.cn222.89.98.219 zhao99.com222.89.98.219 wo123.com222.89.98.219 wo99.com222.89.98.219 www.page.com.cn222.89.98.219 page.com.cn222.89.98.219 432.cn222.89.98.219 wysw.com222.89.98.219 14.com.cn222.89.98.219 cnww.net222.89.98.219 mv99.com222.89.98.219 www.mtvav.com222.89.98.219 98983.com222.89.98.219 114.com.cn222.89.98.219 www.skywz.com222.89.98.219 skywz.com222.89.98.219 hao6.com222.89.98.219 678a.com222.89.98.219 222.89.98.219 7510.com222.89.98.219 zzkan.com222.89.98.219 ca183.com222.89.98.219 3tom.com222.89.98.219 yhjm.com222.89.98.219 www.xx xx www.fm1000.net222.89.98.219 fm1000.net222.89.98.219 ok135.com222.89.98.219 link999.com222.89.98.219 001wz.com222.89.98.219 7t7t.com222.89.98.219 7k7k.com222.89.98.219 webcool.net222.89.98.219 51sobu.com222.89.98.219 cy.51sobu.com222.89.98.219 fj3721.com222.89.98.219 msncn.com222.89.98.219 6235.com222.89.98.219 8goo.com222.89.98.219 baimin.com222.89.98.219 bwwz.com222.89.98.219 howow.net222.89.98.219 tongchi.com222.89.98.219 65658.com222.89.98.219 7o7o.com222.89.98.219 5126.net222.89.98.219 www.wangzhiku.com222.89.98.219 wangzhiku.com222.89.98.219 soyeah.com222.89.98.219 sowang.cn222.89.98.219 77177.com222.89.98.219 look8.net222.89.98.219 v222.com222.89.98.219 www.wblink.com222.89.98.219 wblink.com222.89.98.219 daguilin.com222.89.98.219 soulang.com222.89.98.219 369e.com222.89.98.219 kuwz.com222.89.98.219 07007.com222.89.98.219 6cn.com222.89.98.219 wyly.cn.gs222.89.98.219 xhoo.net222.89.98.219 www.qoomo.com222.89.98.219 www.top777.com222.89.98.219 top777.com222.89.98.219 suoyou.com222.89.98.219 dlren.com222.89.98.219 www.hao100.com222.89.98.219 hao100.com222.89.98.219 11wz.com222.89.98.219 bszcx.com222.89.98.219 12so.com222.89.98.219 wguo.com222.89.98.219 ku8.com222.89.98.219 5i55.com222.89.98.219 dlwz.net222.89.98.219 etidc.net222.89.98.219 eaol.net222.89.98.219 wz.dabaoku.com222.89.98.219 dabaoku.com222.89.98.219 info.west263.com222.89.98.219 west263.com222.89.98.219 www.urlall.com222.89.98.219 urlall.com222.89.98.219 wacn.cn222.89.98.219 uhot.net222.89.98.219 ly tj8.aofa.cn222.89.98.219 www.194.cn222.89.98.219 www.postonline.com.cn222.89.98.219 www.9617.com222.89.98.219 www.huiche.com222.89.98.219 www.wang100.com222.89.98.219 www.wuhanlink.com 222.89.98.219 www.1360.cn222.89.98.219 url.114.com.cn222.89.98.219 www.zpartner.com222.89.98.219 www.gege.com.cn222.89.98.219 www.91wz.com222.89.98.219 web.365ye.com222.89.98.219 www.6621.com222.89.98.219 www.5862.com222.89.98.219 www.123k.com222.89.98.219 www.zbwz.com222.89.98.219 94wo.com222.89.98.219 www.myweb.cn222.89.98.219 www.x63.com222.89.98.219 www.812345.com222.89.98.219 www.hao321.cn222.89.98.219 es.xmew.com222.89.98.219 cxhuu.nease.net222.89.98.219 www.hao868.com222.89.98.219 www.hao55.com222.89.98.219 www.qqkkaa.com222.89.98.219 www.51rm.com222.89.98.219 www.83883.com222.89.98.219 www.v23.com222.89.98.219 www.zhao58.com222.89.98.219 www.293.net222.89.98.219 www.l66.net222.89.98.219 link.coolala.net222.89.98.219 www.3355.net222.89.98.219 www.zdzh.com222.89.98.219 www.sowang.com222.89.98.219 www.hkball.net222.89.98.219 www.qqxxx.net222.89.98.219 www.haohu.net222.89.98.219 www.lelew.com222.89.98.219 www.k958.com222.89.98.219 www.google114.com222.89.98.219 www.kkklll.com222.89.98.219 www.008.it222.89.98.219 wz.shcoo.com222.89.98.219 www.qqboy.net222.89.98.219 www.zhao163.net222.89.98.219 9098.com222.89.98.219 wz.sundx.com222.89.98.219 soe.amoyren.com222.89.98.219 www.9sou.com222.89.98.219 www.dabaisha.com222.89.98.219 8u8.com222.89.98.219 www.5230.cn222.89.98.219 www.bbpig.com222.89.98.219 www.hao126.com222.89.98.219 www.dodo100.com222.89.98.219 www.1163.cn222.89.98.219 wz.m118.com222.89.98.219 netzj.cnbv.net222.89.98.219 guide.tzinfo.net222.89.98.219 www.yingcheng.net222.89.98.219 www.hao128.com222.89.98.219 www.hulian.com222.89.98.219 xmt.agreatserver.com222.89.98.219 www.172.cn222.89.98.219 www.cz66.com222.89.98.219 go.sunff.com222.89.98.219 www.023web.com222.89.98.219 www.jibest.com222.89.98.219 www.wopiao.com222.89.98.219 twys.x168.net222.89.98.219 url.fengqiu.cn222.89.98.219 wangzhi.dkwx.com222.89.98.219 www.cnpick.com222.89.98.219 www.mhyf.com222.89.98.219 222.89.98.219 www.wz160.com222.89.98.219 www.80dh.com222.89.98.219 www.9222.net222.89.98.219 www.haozi.net222.89.98.219 www.jv168.com222.89.98.219 www.3000ok.com222.89.98.219 www.028 www.bjav.com222.89.98.219 www.abkk.com222.89.98.219 web.jpwy.net222.89.98.219 www.5583.com222.89.98.219 www.renma.net222.89.98.219 www.ku123.com222.89.98.219 www.iq123.com222.89.98.219 www.cd200.com222.89.98.219 www.qq83.com222.89.98.219 www.ganyu-window.com222.89.98.219 www.my818.net222.89.98.219 www.130130.com222.89.98.219 www.140.cn222.89.98.219 www.kk369.com222.89.98.219 www.kelove.com222.89.98.219 www.k383.com222.89.98.219 www.goo123.com222.89.98.219 www.actoz.net222.89.98.219 www.365url.com222.89.98.219 www.3230.com222.89.98.219 www.wqsj.com222.89.98.219 www.qqq9.com222.89.98.219 www.51com.net222.89.98.219 www.baidu.org222.89.98.219 www.913w.com222.89.98.219 www.9720
