臺安醫院首頁又被植入惡意連結,此惡意程式為 Lineage 的變種。請各位暫時不要瀏覽這個網站,以免中毒,等確認他們已經修復後,會在此更新訊息 (此惡意程式會偷帳號與密碼)。
**請幫忙通知他們,謝謝**
惡意連結是放置在首頁中:
惡意程式的一部份為:
執行之後,有下面的行為:
[DLL injection]
C:\WINDOWS\Debug\UserMode\8501D.dll (注入某些執行程序如檔案總管和 IE 等)
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\gh0703.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\gh0703[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\gh[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\614[1].htm
C:\WINDOWS\Debug\UserMode\8501D.dll
C:\WINDOWS\Debug\UserMode\8501D.exe
[Added COM/BHO]
{81549ADC-2F24-4784-8124-F1075D770539}-C:\WINDOWS\debug\userMode\8501D.dll
到目前為止,下面的防毒軟體可以偵測到這些惡意檔案:
8501D.exe:
[ Trend ], "TROJ_Generic"
gh0703.exe:
[ Trend ], "TROJ_Generic"
8501D.dll:
[ Alpha_Gen ], "Possible_Lineage"
[ Symantec ], "Infostealer.Lineage"
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact, Trojan-PSW.Win32.OnLineGames.dr"
[ Nod32 ], "probably a variant of Win32/PSW.Lineage.DN trojan"
[ HBEDV ], "TR/PSW.OnLineGames.DR.38"
[ Grisoft ], "Trojan horse PSW.Generic3.NSN"
gh[1].htm:
[ Alpha_Gen ], "Heur_Infrm-2"
614[1].htm:
[ HBEDV ], "JS/Psyme.D"
[ Ewido ], "Downloader.Agent.m"-----
惡意連結是放置在首頁中:
惡意程式的一部份為:
執行之後,有下面的行為:
[DLL injection]
C:\WINDOWS\Debug\UserMode\8501D.dll (注入某些執行程序如檔案總管和 IE 等)
[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temp\gh0703.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\gh0703[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\gh[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\614[1].htm
C:\WINDOWS\Debug\UserMode\8501D.dll
C:\WINDOWS\Debug\UserMode\8501D.exe
[Added COM/BHO]
{81549ADC-2F24-4784-8124-F1075D770539}-C:\WINDOWS\debug\userMode\8501D.dll
到目前為止,下面的防毒軟體可以偵測到這些惡意檔案:
8501D.exe:
[ Trend ], "TROJ_Generic"
gh0703.exe:
[ Trend ], "TROJ_Generic"
8501D.dll:
[ Alpha_Gen ], "Possible_Lineage"
[ Symantec ], "Infostealer.Lineage"
[ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact, Trojan-PSW.Win32.OnLineGames.dr"
[ Nod32 ], "probably a variant of Win32/PSW.Lineage.DN trojan"
[ HBEDV ], "TR/PSW.OnLineGames.DR.38"
[ Grisoft ], "Trojan horse PSW.Generic3.NSN"
gh[1].htm:
[ Alpha_Gen ], "Heur_Infrm-2"
614[1].htm:
[ HBEDV ], "JS/Psyme.D"
[ Ewido ], "Downloader.Agent.m"-----文章標籤
全站熱搜
