中華民國交通部觀光局網站被植入惡意連結

更新資訊：已修復 (2007/4/2 @ 11:00) 中華民國交通部觀光局網站被植入惡意連結，此惡意程式為 Maran 變種，最近有瀏覽這個網頁的網友，應該要盡速檢查自己的電腦。請各位暫時不要瀏覽這個網站，以免中毒，等確認他們已經修復後，會在此更新訊息 (此惡意程式應該會偷帳號與密碼)。 **請幫忙通知他們，謝謝** 惡意連結是放置在首頁中的：惡意程式碼的一部分為： 執行之後，有下面的行為： [Added process] C:\WINDOWS\avp.exe [Added service] NAME: VGADown DISPLAY: Audio Adapter FILE: C:\WINDOWS\avp.exe NAME: WS2IFSL DISPLAY: Windows Socket 2.0 Non-IFS Service Provider Support Environment FILE: \SystemRoot\System32\drivers\ws2ifsl.sys [Added file] C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\svch2321[1].exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\ajcount[1].htm C:\WINDOWS\avp.exe C:\WINDOWS\system32\hsvwer2.dll [Added LSP] ID: 1012 NAME: MSAFD Tcpip [RAW/IP] (連結至 C:\WINDOWS\system32\hsvwer2.dll) ID: 1013 NAME: MSAFD Tcpip [TCP/IP] (連結至 C:\WINDOWS\system32\hsvwer2.dll) 到目前為止 (2007/4/2 @ 10:35)，下面的防毒軟體可以偵測到這些惡意檔案： hsvwer2.dll: [ Kaspersky ], "Trojan-PSW.Win32.Maran.dj" [ Alwil ], "Win32:Maran-D [Trj]" [ Nod32 ], "a variant of Win32/PSW.Maran trojan" [ HBEDV ], "TR/Drop.Maran.C.3" [ Rising ], "Trojan.PSW.OnlineGames.yh" [ Ewido ], "Trojan.Maran.cx" [ Grisoft ], "Trojan horse PSW.Generic3.TDN" svch2321[1].exe: [ McAfee ], "New Malware.bj !!" [ Nod32 ], "a variant of Win32/PSW.Maran trojan" [ HBEDV ], "HEUR/Crypted" [ Ewido ], "Trojan.Maran.e" avp.exe: [ Kaspersky ], "Trojan-PSW.Win32.Maran.dj" [ Sophos ], "Troj/Maran-Gen" [ Nod32 ], "a variant of Win32/PSW.Maran trojan" [ HBEDV ], "TR/PSW.Maran.A.1" [ Norman ], "Trojan W32/Smalltroj.XXX" [ Rising ], "Trojan.Delf.njo" [ Ewido ], "Trojan.Maran.ag" [ Grisoft ], "Trojan horse PSW.Generic3.TDO" loginform.htm: [ HBEDV ], "VBS/Dldr.Agent.6171" [ Grisoft ], "Virus identified VBS/Psyme.N"