大砲開講

更新資訊：已修復 (2007/4/10 @ 10:03) **高度危險網站：常常被植入惡意連結，列入網站黑名單，不建議瀏覽此網站**台灣 Nikon 網站又被植入惡意連結，此惡意程式為 Lineage 和 灰鴿子變種，最近有瀏覽這個網頁的網友，應該要盡速檢查自己的電腦。請各位暫時不要瀏覽這個網站，以免中毒，等確認他們已經修復後，會在此更新訊息 (此惡意程式會偷帳號與密碼)。另外，其中某些惡意檔案是利用微軟的安全漏洞 (Vulnerability in Windows Animated Cursor Handling)(此為零時差攻擊)。 **請幫忙通知他們，謝謝** 惡意連結是放置在首頁中的： 惡意程式碼的一部分為： 執行之後，有下面的行為： [DLL injection] C:\WINDOWS\Debug\UserMode\08835B.dll (注入某些執行程序如檔案總管、IE等) [Added service] NAME: winsedx.com.cn DISPLAY: winsedx.com.cn FILE: C:\WINDOWS\BBSr.com.cn.exe [Added file] C:\Documents and Settings\Administrator\Local Settings\Temp\gz002.exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\gh02[1].exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\gh1[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\gz[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\index0703[1].exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\testtest[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\1[1].jpg C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\2[1].jpg C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\gh[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\kabakao[1].exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\test[1].js C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\gh[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\gz001[1].exe C:\WINDOWS\BBSr.com.cn.exe C:\WINDOWS\Debug\UserMode\08835B.dll C:\WINDOWS\Debug\UserMode\08835B.exe [Added COM/BHO] {AD11A17C-83C2-4121-89C8-D0660555685C}-C:\WINDOWS\debug\userMode\08835B.dll 到目前為止 (2007/3/30 @ 21:54)，下面的防毒軟體可以偵測到這些惡意檔案： 08835B.dll: [ Trend ], "TSPY_LINEAGE.EXA" 08835B.exe: [ Trend ], "TSPY_LINEAGE.EWX" gh02[1].exe: [ Trend ], "TSPY_LINEAGE.EWX" gz002.exe: [ Trend ], "TROJ_AGENT.PPO" kabakao[1].exe: [ Trend ], "TROJ_AGENT.PPO" 1[1].jpg: [ Microsoft ], "TrojanDownloader:Win32/Anicmoo.gen!D" [ Kaspersky ], "Trojan-Downloader.Win32.Ani.g" [ McAfee ], "Exploit-ANIfile.c" [ Sophos ], "Troj/Animoo-U" [ Rising ], "Hack.Exploit.RIFF.b" 2[1].jpg: [ Microsoft ], "TrojanDownloader:Win32/Anicmoo.gen!D" [ Kaspersky ], "Trojan-Downloader.Win32.Ani.g" [ McAfee ], "Exploit-ANIfile.c" [ Sophos ], "Troj/Animoo-U" [ Rising ], "Hack.Exploit.RIFF.a" BBSr.com.cn.exe: [ Symantec ], "Backdoor.Graybird" [ Microsoft ], "TrojanDropper:Win32/Hupigon.gen!A" [ Kaspersky ], "PAK:PE-Armor, unknown format." [ McAfee ], "BackDoor-AWQ" [ Sophos ], "Mal/GrayBird" [ Alwil ], "Win32:Hupigon-OH [Trj]" [ Fortinet ], "suspicious" [ HBEDV ], "BDS/Hupigon.Gen" gh[1].htm: [ HBEDV ], "VBS/Dldr.Agent.6171" [ Grisoft ], "Virus identified VBS/Psyme.N" gz001[1].exe: [ Kaspersky ], "PAK:PE-Armor, unknown format." [ McAfee ], "New Win32.g2 !!" [ Fortinet ], "suspicious" [ HBEDV ], "TR/Crypt.XPACK.Gen" gz[1].htm: [ HBEDV ], "VBS/Dldr.Agent.6171" [ Grisoft ], "Virus identified VBS/Psyme.N" index0703[1].exe: [ Symantec ], "Backdoor.Graybird" [ Microsoft ], "TrojanDropper:Win32/Hupigon.gen!A" [ Kaspersky ], "PAK:PE-Armor, unknown format." [ McAfee ], "BackDoor-AWQ" [ Sophos ], "Mal/GrayBird" [ Alwil ], "Win32:Hupigon-OH [Trj]" [ Fortinet ], "suspicious" [ HBEDV ], "BDS/Hupigon.Gen"