大砲開講

**高度危險網站：常常被植入惡意連結，列入網站黑名單，不建議瀏覽此網站** HitoCard 喜多喜卡網又被植入惡意連結，此惡意程式為 Lineage 和灰鴿子變種，此網站為購買喜帖網站，應該有很多新人會瀏覽此網站，最近有瀏覽這個網站的網友，應該要盡速檢查自己的電腦，請各位暫時不要瀏覽這個網站，以免中毒，等確認他們已經修復後，會在此更新訊息 (此惡意程式應該會偷帳號與密碼)。另外，此惡意程式是利用微軟所公佈的安全漏洞 (Vulnerability in Windows Animated Cursor Handling) (此為零時差攻擊)。 **請幫忙通知他們，謝謝** 惡意連結是放置在首頁中的： 惡意程式碼的一部份為： ANI 零時差攻擊部分： 執行之後，有下面的行為： [DLL injection] C:\WINDOWS\Debug\UserMode\32BB5B6.dll (注入某些執行程序如檔案總管、IE 等) [Added service] NAME: winsedx.com.cn DISPLAY: winsedx.com.cn FILE: C:\WINDOWS\win.cn.exe [Added file] C:\Documents and Settings\Administrator\Local Settings\Temp\gz002.exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\gh02[1].exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\gh[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C13NVBMZ\index0707[1].exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\mian1[1].jpg C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\gh1[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Q08VKCK4\kabakao[1].exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\gh[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\gz[1].htm C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SEUIMLSE\help[1].htm C:\WINDOWS\Debug\UserMode\32BB5B6.dll C:\WINDOWS\Debug\UserMode\32BB5B6.exe [ Added COM/BHO ] {F2319AD4-D519-45AC-86A7-02FE9B851F37}-C:\WINDOWS\debug\userMode\32BB5B6.dll 到目前為止 (2007/4/7 @ 17:10)，下面的防毒軟體可以偵測到這些惡意檔案： 32BB5B6.exe: [ Trend ], "Possible_Lineage" gh02[1].exe: [ Trend ], "Possible_Lineage" gh[1].htm: [ Trend ], "VBS_PSYME.AKW" gz[1].htm: [ Trend ], "HTML_AGENT.PQV" 32BB5B6.dll: [ Trend ], "Possible_Lineage" gz002.exe: [ Kaspersky ], "PAK:PE-Armor, unknown format." [ Fortinet ], "suspicious" [ HBEDV ], "HEUR/Crypted" index0707[1].exe: [ Symantec ], "Backdoor.Graybird" [ Microsoft ], "TrojanDropper:Win32/Hupigon.gen!A" [ Kaspersky ], "PAK:PE-Armor, unknown format." [ McAfee ], "BackDoor-AWQ" [ Sophos ], "Mal/GrayBird" [ Alwil ], "Win32:Hupigon-OH [Trj]" [ Fortinet ], "suspicious" [ HBEDV ], "BDS/Hupigon.Gen" kabakao[1].exe: [ Kaspersky ], "PAK:PE-Armor, unknown format." [ Fortinet ], "suspicious" [ HBEDV ], "HEUR/Crypted" win.cn.exe: [ Symantec ], "Backdoor.Graybird" [ Microsoft ], "TrojanDropper:Win32/Hupigon.gen!A" [ Kaspersky ], "PAK:PE-Armor, unknown format." [ McAfee ], "BackDoor-AWQ" [ Sophos ], "Mal/GrayBird" [ Alwil ], "Win32:Hupigon-OH [Trj]" [ Fortinet ], "suspicious" [ HBEDV ], "BDS/Hupigon.Gen"-----