close
中國E網網頁被置入惡意程式碼,請各位小心囉。
惡意連結是放置在 menu.js 的檔案中:
解碼之後為 hxxp://www.cf9388.com/enlish/map.htm
惡意程式碼為:
執行之後,有下面行為:
[Added process]
C:\Documents and Settings\Administrator\Local Settings\Temp\SVCHOST.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\SVCH0ST.exe
[DLL injection]
C:\Documents and Settings\Administrator\Local Settings\Temp\SVCHOST.EXE (注入某些執行程序如 svchost.exe 等)
[Added service]
NAME: microsoft basicnet service
DISPLAY: microsoft network service
FILE: C:\WINDOWS\msnet.exe
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\g0ld.com
C:\Documents and Settings\Administrator\Local Settings\Temp\SVCH0ST.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SVCHOST.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\a[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\network[2].exe
C:\SVCHOST.exe
C:\WINDOWS\msnet.exe
[Added registry]
HKCU\Software\Microsoft\Windows\CurrentVersion\Run||Value=system||Data=c:\SVCHOST.exe
HKU\S-1-5-21-515967899-583907252-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run||Value=system||Data=c:\SVCHOST.exe
請注意下面的防毒軟體可以偵測到這些惡意檔案:
msnet.exe:
[ Trend ], "BKDR_HUPIGON.UH"
SVCH0ST.exe:
[ Kaspersky ], "PAK:FSG"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably unknown NewHeur_PE virus [7]"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk Suspicious_F.gen"
[ Rising ], "[>>FSG2.0]:Trojan.DL.Agent.cjq"-----
惡意連結是放置在 menu.js 的檔案中:
解碼之後為 hxxp://www.cf9388.com/enlish/map.htm
惡意程式碼為:
執行之後,有下面行為:
[Added process]
C:\Documents and Settings\Administrator\Local Settings\Temp\SVCHOST.EXE
C:\Documents and Settings\Administrator\Local Settings\Temp\SVCH0ST.exe
[DLL injection]
C:\Documents and Settings\Administrator\Local Settings\Temp\SVCHOST.EXE (注入某些執行程序如 svchost.exe 等)
[Added service]
NAME: microsoft basicnet service
DISPLAY: microsoft network service
FILE: C:\WINDOWS\msnet.exe
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\g0ld.com
C:\Documents and Settings\Administrator\Local Settings\Temp\SVCH0ST.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\SVCHOST.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\a[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\network[2].exe
C:\SVCHOST.exe
C:\WINDOWS\msnet.exe
[Added registry]
HKCU\Software\Microsoft\Windows\CurrentVersion\Run||Value=system||Data=c:\SVCHOST.exe
HKU\S-1-5-21-515967899-583907252-839522115-500\Software\Microsoft\Windows\CurrentVersion\Run||Value=system||Data=c:\SVCHOST.exe
請注意下面的防毒軟體可以偵測到這些惡意檔案:
msnet.exe:
[ Trend ], "BKDR_HUPIGON.UH"
SVCH0ST.exe:
[ Kaspersky ], "PAK:FSG"
[ Sophos ], "Mal/Packer"
[ Nod32 ], "probably unknown NewHeur_PE virus [7]"
[ Fortinet ], "suspicious"
[ HBEDV ], "HEUR/Malware"
[ Norman ], "Security Risk Suspicious_F.gen"
[ Rising ], "[>>FSG2.0]:Trojan.DL.Agent.cjq"-----
全站熱搜
留言列表
