close
台灣 Nikon 網站被植入惡意連結,又是 Lineage 的另一個變種。請各位暫時不要瀏覽這個網站,以免中毒,等確認他們已經修復後,會在此更新訊息 (此惡意程式會偷帳號與密碼)。(感謝 Jimau)
**請幫忙通知他們,謝謝**
惡意連結是放置在首頁中:
惡意程式的一部份為:
執行之後,有下面的行為:
[DLL injection]
C:\WINDOWS\Debug\UserMode\9E5556.dll (注入某些執行程序如檔案總管等)
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\gh070227.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\gz0701x.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\a[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\gh[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\614[1].htm
C:\WINDOWS\Debug\UserMode\9E5556.dll
C:\WINDOWS\Debug\UserMode\9E5556.exe
[Added COM/BHO]
{942ECDFF-5227-4C58-8B96-CA2666213DBB}-C:\WINDOWS\debug\userMode\9E5556.dll
到目前為止,下面的防毒軟體可以偵測到這些惡意檔案:
614[1].htm:
[ HBEDV ], "JS/Psyme.D"
[ Ewido ], "Downloader.Agent.m"
a[1].htm:
[ HBEDV ], "JS/Psyme.D"
[ Ewido ], "Downloader.Agent.m"
gh070227.exe:
[ Symantec ], "Infostealer.Gampass"
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ HBEDV ], "HEUR/Malware"
gh[1].htm:
[ Alpha_Gen ], "Heur_Infrm-2"
9E5556.dll:
[ Alpha_Gen ], "Possible_Infostl"
[ Beta_Gen ], "Possible_Lineage"
[ Symantec ], "Infostealer.Lineage"
[ Microsoft ], "[->(NSPack)]:PWS:Win32/Wowsteal.gen!A"
[ Kaspersky ], "PAK:NSPack"
[ Sophos ], "Mal/Packer"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Lineage.A70CEAFA"
[ Grisoft ], "Trojan horse PSW.Generic3.JLK"
9E5556.exe:
[ Symantec ], "Infostealer.Gampass"
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ HBEDV ], "HEUR/Malware"-----
**請幫忙通知他們,謝謝**
惡意連結是放置在首頁中:
惡意程式的一部份為:
執行之後,有下面的行為:
[DLL injection]
C:\WINDOWS\Debug\UserMode\9E5556.dll (注入某些執行程序如檔案總管等)
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\gh070227.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\gz0701x.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\a[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\gh[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\614[1].htm
C:\WINDOWS\Debug\UserMode\9E5556.dll
C:\WINDOWS\Debug\UserMode\9E5556.exe
[Added COM/BHO]
{942ECDFF-5227-4C58-8B96-CA2666213DBB}-C:\WINDOWS\debug\userMode\9E5556.dll
到目前為止,下面的防毒軟體可以偵測到這些惡意檔案:
614[1].htm:
[ HBEDV ], "JS/Psyme.D"
[ Ewido ], "Downloader.Agent.m"
a[1].htm:
[ HBEDV ], "JS/Psyme.D"
[ Ewido ], "Downloader.Agent.m"
gh070227.exe:
[ Symantec ], "Infostealer.Gampass"
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ HBEDV ], "HEUR/Malware"
gh[1].htm:
[ Alpha_Gen ], "Heur_Infrm-2"
9E5556.dll:
[ Alpha_Gen ], "Possible_Infostl"
[ Beta_Gen ], "Possible_Lineage"
[ Symantec ], "Infostealer.Lineage"
[ Microsoft ], "[->(NSPack)]:PWS:Win32/Wowsteal.gen!A"
[ Kaspersky ], "PAK:NSPack"
[ Sophos ], "Mal/Packer"
[ Fortinet ], "suspicious"
[ HBEDV ], "TR/Lineage.A70CEAFA"
[ Grisoft ], "Trojan horse PSW.Generic3.JLK"
9E5556.exe:
[ Symantec ], "Infostealer.Gampass"
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact"
[ HBEDV ], "HEUR/Malware"-----
全站熱搜
留言列表
