Newest and vermian virus " SP2 killer " analytic report
"SP2 killer " virus used people to be opposite the curiosity of patch of Microsoft Windows XP SP2, the psychological weakness that is aimed at people cheats user download to move. Through local area network and email two kinds of means travel, camouflage becomes the program defeating solution of SP2 patch. When systematic time is equal to 23 days to be more than, right beforehand two websites of set undertake DOS is atttacked.
One, virus is evaluated
Virus Chinese name: SP2 killer
Virus English name: Worm.Pikis.b
Virus type: Vermian virus
Virus risk grade: ☆ of ★ ★ ★
Virus spreads a way: Local area network / mail
Virus depends on a system: Windows 9X/NT/2000/XP
2, the destruction of virus
1. The C in toxic computer dish with D dish collect email address, outward insanity sends virus mail, drain systematic resource badly.
2. Current system time is more than when be equal to 23 days, right beforehand two websites of set undertake DOS is atttacked.
3, technical analysis
1. Vermian virus, after moving, duplicate oneself to fall to %SYSTEM% catalog, file name is " CRACK_BAT.EXE " , " SYSTEMS.EXE " , " IQ.DAT " , " FTTP.EXE " .
2. Modification system file " System.ini " , of amid [oneself are joined in the Shell of Boot] section " Systems.exe " , implementation switchs on the mobile phone to be started oneself.
3. When virus first time moves, can you show casing of a message " Install Crack For WindowsXP Sp2 99.006.34? " , nod when the user " Yes " after pushbutton, can hint " Not Found Package WindowsXP Sp2! " , virus borrows this to cheat an user to pretend his.
4. Be more than when systematic date when be equal to 23, virus will be right " Http://www.ufacom.ru " and " Http://www.sco.com " launch Dos attack.
5. Virus is met resource of enumerate local area network, the attempt receives target system repeatedly and duplicate past, method is C$porno.exe, in order to achieve transmission goal.
6. Virus can search C: : Address of Mail of 腅 of collect instrument, send virus mail to transmit his in great quantities outwards, drain network resource badly. The caption of virus mail is: "Hello " , " Forum " , " Crack " , text is " Install Package. Enjoy! " , " Access Denied! ! ! Please Enter Password:JJJK56RtE And Install Pack " , accessory name is " GetAdmin.exe " , " Setup.exe " , " Crack.exe " etc.
4, virus solution
1. Undertake upgrading
Lucky star company will undertake that day urgent upgrade, the software version date after upgrading is 16.41.40, the lucky star of this version kills poisonous software to be able to be checked thoroughly kill " SP2 killer " virus, the user that lucky star kills edition of poisonous software standard and network edition can land download of lucky star website to upgrade directly the bag undertakes upgrading, the intelligence that perhaps uses lucky star to kill poisonous software upgrades function.
Previous12 Next