close
國立清華大學新聞網網站被植入惡意連結,此惡意程式為灰鴿子變種,最近有瀏覽這些網頁的網友,應該要盡速檢查自己的電腦。請各位暫時不要瀏覽這個網站,以免中毒,等確認他們已經修復後,會在此更新訊息 (此惡意程式應該會偷帳號與密碼)。另外,此網站也遭駭,請參考 zone-h。
**請幫忙通知他們,謝謝**
惡意連結是放置在首頁中的:
惡意程式碼的一部分為:
執行之後,有下面的行為:
[Added hidden process]
C:\Program Files\Internet Explorer\iexplore.exe (鎖住 C:\WINDOWS\RavStub.exe)
[DLL injection]
C:\Documents and Settings\Administrator\Desktop\svchost.exe (注入 svchost.exe 的執行程序)
[Added service]
NAME: QQ
DISPLAY: QQ
FILE: C:\WINDOWS\RavStub.exe
[Added file]
C:\Documents and Settings\Administrator\Desktop\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6DEV01Y7\a[1].htm
C:\WINDOWS\RavStub.exe
到目前為止 (2007/4/10 @ 11:17),下面的防毒軟體可以偵測到這些惡意檔案:
RavStub.exe:
[ Symantec ], "Backdoor.Hupigeon"
[ Microsoft ], "TrojanDropper:Win32/Hupigon.gen!A"
[ Kaspersky ], "PAK:NSPack, PAK:ASPack"
[ McAfee ], "BackDoor-AWQ.b"
[ Sophos ], "Mal/GrayBird"
[ Fortinet ], "suspicious"
[ HBEDV ], "BDS/Hupigon.Gen"
[ Ewido ], "Backdoor.Pigeon.128"
[ Ahnlab ], "infected by Win-Trojan/Hupigon.359759"
svchost.exe:
[ Symantec ], "Backdoor.Hupigeon"
[ Microsoft ], "TrojanDropper:Win32/Hupigon.gen!A"
[ Kaspersky ], "PAK:NSPack, PAK:ASPack"
[ McAfee ], "BackDoor-AWQ.b"
[ Sophos ], "Mal/GrayBird"
[ Fortinet ], "suspicious"
[ HBEDV ], "BDS/Hupigon.Gen"
[ Ewido ], "Backdoor.Pigeon.128"
[ Ahnlab ], "infected by Win-Trojan/Hupigon.359759"
a[1].htm:
[ Sophos ], "Mal/Psyme-A"
[ Fortinet ], "VBS/Psyme.AFF6!exploit"
[ HBEDV ], "HTML/Dldr.Agen.3032"
[ Grisoft ], "Virus identified VBS/Psyme.N"-----
**請幫忙通知他們,謝謝**
惡意連結是放置在首頁中的:
惡意程式碼的一部分為:
執行之後,有下面的行為:
[Added hidden process]
C:\Program Files\Internet Explorer\iexplore.exe (鎖住 C:\WINDOWS\RavStub.exe)
[DLL injection]
C:\Documents and Settings\Administrator\Desktop\svchost.exe (注入 svchost.exe 的執行程序)
[Added service]
NAME: QQ
DISPLAY: QQ
FILE: C:\WINDOWS\RavStub.exe
[Added file]
C:\Documents and Settings\Administrator\Desktop\svchost.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6DEV01Y7\a[1].htm
C:\WINDOWS\RavStub.exe
到目前為止 (2007/4/10 @ 11:17),下面的防毒軟體可以偵測到這些惡意檔案:
RavStub.exe:
[ Symantec ], "Backdoor.Hupigeon"
[ Microsoft ], "TrojanDropper:Win32/Hupigon.gen!A"
[ Kaspersky ], "PAK:NSPack, PAK:ASPack"
[ McAfee ], "BackDoor-AWQ.b"
[ Sophos ], "Mal/GrayBird"
[ Fortinet ], "suspicious"
[ HBEDV ], "BDS/Hupigon.Gen"
[ Ewido ], "Backdoor.Pigeon.128"
[ Ahnlab ], "infected by Win-Trojan/Hupigon.359759"
svchost.exe:
[ Symantec ], "Backdoor.Hupigeon"
[ Microsoft ], "TrojanDropper:Win32/Hupigon.gen!A"
[ Kaspersky ], "PAK:NSPack, PAK:ASPack"
[ McAfee ], "BackDoor-AWQ.b"
[ Sophos ], "Mal/GrayBird"
[ Fortinet ], "suspicious"
[ HBEDV ], "BDS/Hupigon.Gen"
[ Ewido ], "Backdoor.Pigeon.128"
[ Ahnlab ], "infected by Win-Trojan/Hupigon.359759"
a[1].htm:
[ Sophos ], "Mal/Psyme-A"
[ Fortinet ], "VBS/Psyme.AFF6!exploit"
[ HBEDV ], "HTML/Dldr.Agen.3032"
[ Grisoft ], "Virus identified VBS/Psyme.N"-----
全站熱搜
留言列表
