**高度危險網站:常常被植入惡意連結,列入網站黑名單,不建議瀏覽此網站** 臺安醫院生殖醫學中心網站又被植入惡意連結,此惡意程式為 Lineage 的變種,最近有瀏覽這個網頁的網友,應該要盡速檢查自己的電腦。請各位暫時不要瀏覽這個網站,以免中毒,等確認他們已經修復後,會在此更新訊息 (此惡意程式會偷帳號與密碼)。(Credit: Jack) **請幫忙通知他們,謝謝** 惡意連結是放置在首頁中的: 惡意程式碼的一部份為: 執行之後,有下面的行為: [DLL injection] C:\WINDOWS\Debug\UserMode\08835B.dll (注入某些執行程序如檔案總管、IE等) [Added file] C:\Documents and Settings\Administrator\Local Settings\Temp\gz002.exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\gh[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\gz[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\testtest[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\gh[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\kabakao[1].exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\dap[1].js C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\gz001[1].exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\gh02[1].exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\gh1[1].htm C:\WINDOWS\Debug\UserMode\08835B.dll C:\WINDOWS\Debug\UserMode\08835B.exe [Added COM/BHO] {AD11A17C-83C2-4121-89C8-D0660555685C}-C:\WINDOWS\debug\userMode\08835B.dll 到目前為止,下面的防毒軟體可以偵測到這些惡意檔案: kabakao[1].exe: [ Trend ], "TROJ_AGENT.PPO" 08835B.dll: [ Trend ], "Possible_Lineage" 08835B.exe: [ Alpha_Gen ], "Possible_Infostl" [ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact" [ Nod32 ], "a variant of Win32/PSW.Lineage.ACN trojan" [ HBEDV ], "DR/Delphi.Gen" gh02[1].exe: [ Alpha_Gen ], "Possible_Infostl" [ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact" [ Nod32 ], "a variant of Win32/PSW.Lineage.ACN trojan" [ HBEDV ], "DR/Delphi.Gen" gh[1].htm: [ HBEDV ], "VBS/Dldr.Agent.6171" [ Grisoft ], "Virus identified VBS/Psyme.N" gz001[1].exe: [ Kaspersky ], "PAK:PE-Armor, unknown format." [ McAfee ], "New Win32.g2 !!" [ Fortinet ], "suspicious" [ HBEDV ], "TR/Crypt.XPACK.Gen" gz002.exe: [ Alpha_Gen ], "Possible_Infostl" [ Kaspersky ], "PAK:PE_Patch.PECompact, PAK:PecBundle, PAK:PECompact" [ Nod32 ], "a variant of Win32/PSW.Lineage.ACN trojan" [ HBEDV ], "DR/Delphi.Gen" gz[1].htm: [ HBEDV ], "VBS/Dldr.Agent.6171" [ Grisoft ], "Virus identified VBS/Psyme.N"
文章標籤
全站熱搜
創作者介紹
創作者 rogerspeaking 的頭像
rogerspeaking

大砲開講

rogerspeaking 發表在 痞客邦 留言(0) 人氣(96)