大砲開講

國立清華大學新聞網網站被植入惡意連結，此惡意程式為灰鴿子變種，最近有瀏覽這些網頁的網友，應該要盡速檢查自己的電腦。請各位暫時不要瀏覽這個網站，以免中毒，等確認他們已經修復後，會在此更新訊息 (此惡意程式應該會偷帳號與密碼)。另外，此網站也遭駭，請參考 zone-h。 **請幫忙通知他們，謝謝** 惡意連結是放置在首頁中的： 惡意程式碼的一部分為： 執行之後，有下面的行為： [Added hidden process] C:\Program Files\Internet Explorer\iexplore.exe (鎖住 C:\WINDOWS\RavStub.exe) [DLL injection] C:\Documents and Settings\Administrator\Desktop\svchost.exe (注入 svchost.exe 的執行程序) [Added service] NAME: QQ DISPLAY: QQ FILE: C:\WINDOWS\RavStub.exe [Added file] C:\Documents and Settings\Administrator\Desktop\svchost.exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6DEV01Y7\a[1].htm C:\WINDOWS\RavStub.exe 到目前為止 (2007/4/10 @ 11:17)，下面的防毒軟體可以偵測到這些惡意檔案： RavStub.exe: [ Symantec ], "Backdoor.Hupigeon" [ Microsoft ], "TrojanDropper:Win32/Hupigon.gen!A" [ Kaspersky ], "PAK:NSPack, PAK:ASPack" [ McAfee ], "BackDoor-AWQ.b" [ Sophos ], "Mal/GrayBird" [ Fortinet ], "suspicious" [ HBEDV ], "BDS/Hupigon.Gen" [ Ewido ], "Backdoor.Pigeon.128" [ Ahnlab ], "infected by Win-Trojan/Hupigon.359759" svchost.exe: [ Symantec ], "Backdoor.Hupigeon" [ Microsoft ], "TrojanDropper:Win32/Hupigon.gen!A" [ Kaspersky ], "PAK:NSPack, PAK:ASPack" [ McAfee ], "BackDoor-AWQ.b" [ Sophos ], "Mal/GrayBird" [ Fortinet ], "suspicious" [ HBEDV ], "BDS/Hupigon.Gen" [ Ewido ], "Backdoor.Pigeon.128" [ Ahnlab ], "infected by Win-Trojan/Hupigon.359759" a[1].htm: [ Sophos ], "Mal/Psyme-A" [ Fortinet ], "VBS/Psyme.AFF6!exploit" [ HBEDV ], "HTML/Dldr.Agen.3032" [ Grisoft ], "Virus identified VBS/Psyme.N"-----