大砲開講

更新資訊：惡意連結已經移除 高雄市政府教育局國教輔導團網頁被植入惡意連結，此惡意程式為灰鴿子。這是一個教育資訊網站，最近有瀏覽這個網頁的網友，應該要盡速檢查自己的電腦 (此惡意連結有可能不會執行)。請各位暫時不要瀏覽這個網站，以免中毒，等確認他們已經修復後，會在此更新訊息 (此惡意程式應該會偷帳號與密碼)。(感謝 Yayow) **請幫忙通知他們，謝謝** 惡意連結是放置在首頁 (index.htm) 中的： 惡意程式碼的一部份為： 執行之後，有下面的行為： [DLL injection] C:\WINDOWS\system32.DLL (注入某些執行程序如 IE 等) C:\WINDOWS\SYSTEM32KEY.DLL (注入某些執行程序如檔案總管和 IE 等) [Added service] NAME: System Application DISPLAY: System Application FILE: C:\WINDOWS\system32.exe [Added file] C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\mm2[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\2[1].exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\mm[1].htm C:\WINDOWS\system32.DLL C:\WINDOWS\system32.exe C:\WINDOWS\SYSTEM32KEY.DLL C:\WINDOWS\SYSTEM32KEY.log 到目前為止，下面的防毒軟體可以偵測到這些惡意檔案： system32.exe: [ Trend ], "BKDR_HUPIGON.DDF" 2[1].exe: [ Trend ], "BKDR_HUPIGON.DDF" mm2[1].htm: [ HBEDV ], "JS/Dldr.Agent.20356" [ Ewido ], "Downloader.Agent.m" mm[1].htm: [ Kaspersky ], "Trojan-Downloader.VBS.Small.dq" [ Ewido ], "Downloader.Agent.m" system32.DLL: [ Alpha_Gen ], "BKDR_HUP1GON.GEN" [ Kaspersky ], "PAK:PE_Patch.MaskPE, Type_Win32" [ Sophos ], "[FILE:0000]:Mal/GrayBird" [ Alwil ], "Win32:Hupigon-JF [Trj]" [ Nod32 ], "a variant of Win32/Hupigon trojan" [ Fortinet ], "suspicious" [ HBEDV ], "BDS/Hupigon.Gen" SYSTEM32KEY.DLL: [ Alpha_Gen ], "BKDR_HUP1GON.GEN" [ Kaspersky ], "PAK:PE_Patch.MaskPE, Type_Win32" [ Sophos ], "Mal/GrayBird" [ Alwil ], "Win32:Hupigon-JF [Trj]" [ Nod32 ], "probably a variant of Win32/Hupigon trojan" [ Fortinet ], "suspicious" [ HBEDV ], "BDS/Hupigon.Gen"