|
“对抗型木马下载器23552”,样本是一个采用vc++高级语言编写的木马下载器。它会关闭常见的安全软件,然后利用IE浏览器在后台静静下载其它病毒文件并执行。
“摄像头偷窥者701045”。这是一个远程控制木马。它能帮助黑客完全控制中毒电脑,并可以枚举局域网内的资源,而且还能控制中毒电脑上的摄像头。
一.“对抗型木马下载器23552” 威胁级别:★
此木马下载器具有对抗杀毒软件的能力。它进入用户系统.在当前目录下释放出随机命名的病毒文件,然后就搜索用户电脑中的安全软件,尝试将其强行关闭。
它的黑名单非常庞大,包括金山毒霸在内的几乎所有主流杀软都“榜上有名”,不过,经毒霸反病毒工程师检查,它的这种动作对毒霸无效。
同时,该毒修改注册表实现开机自启动,当电脑下一次开机后,它就调用IE浏览器的进程,从病毒作者指定的远程地址读取一份下载列表,再根据其中的地址下载更多其它病毒文件,带来无法估计的破坏。
关于该病毒的具体分析报告,可在金山病毒大百科中查阅 http://vi.duba.net/virus/win32-troj-agent-ks-23552-50887.html
二.“摄像头偷窥者701045” 威胁级别:★★
此木马对用户系统的最大危害在于,它能够帮助黑客控制用户的摄像头。
病毒进入用户电脑后,立即在当前目录下运行起来。它修改注册表启动项,实现开机自启动。这样,当电脑再次启动时,它就能够自动运行。假如得以顺利运行,该毒就能取得系统权限。它反向连接到病毒作者指定的远程黑客服务器,等待黑客的指令。
借助它的帮助,黑客可实现治理本机的文件.监视键盘鼠标输入.监视本机的桌面图像,实现远程控制的功能。同时,它还能遍历局域网内的共享资源,让黑客获得这些资源。
由于该木马专门针对控制用户的摄像头进行了设计,能让黑客利用摄像头进行偷窥,因此,它比普通的远程控制木马更能威胁用户隐私。
关于该病毒的具体分析报告,可在金山病毒大百科中查阅 http://vi.duba.net/virus/win32-troj-ecode-701045-50888.html
金山反病毒工程师建议
1.最好安装专业的杀毒软件进行全面监控,防范日益增多的病毒。用户在安装反病毒软件之后,应将一些主要监控经常打开<如邮件监控.内存监控等>.经常进行升级.碰到问题要上报,这样才能真正保障计算机的安全。
2.由于玩网络游戏.利用QQ等即时聊天工具交流的用户数量逐渐增加,所以各类盗号木马必将随之增多,建议用户一定要养成良好的网络使用习惯,如不要登录不良网站.不要进行非法下载等,切断病毒传播的途径,不给病毒以可乘之机。
金山毒霸反病毒应急中心及时进行了病毒库更新,升级毒霸到2008年8月23的病毒库即可查杀以上病毒;如未安装金山毒霸,可以登录http://www.5kdj.com免费下载最新版金山毒霸2008或使用金山毒霸在线杀毒来防止病毒入侵。拨打金山毒霸反病毒急救电话010—82331816,反病毒专家将为您提供帮助。
英文介绍:
"Antagonism trojan downloads implement 23552 " (Win32.Troj.Agent.ks.23552) , example is a trojan download that uses Vc++ advanced language to write implement. It can shut common safe software, use IE browser to backstage downloads other virus file stealthily and be carried out next.
"Photograph the person that peep like the head 701045 " (Win32.Troj.ECode.a.701045) . This is trojan of a long-range control. It can help a hacker control toxic computer completely, OK the resource inside enumerate local area network, and return what can control toxic computer to go up to photograph like the head.
One, " does antagonism trojan download implement 23552 " (Win32.Troj.Agent.ks.23552) ? Minatory level: ★
This trojan downloads appliance to antagonism reduces the capacity of poisonous software. It enters user system, the virus document that names randomly is released below present list, search the safe software in user computer next, try to shut its forcibly.
Its blacklist is very giant, include golden hill poison bully inside almost all mainstream is killed soft " on a list of names posted up famous " , nevertheless, classics poison bully oppose virus engineer examination, this kind of its movement is right poison bully is invalid.
In the meantime, this poison is revised register watch implementation to switch on the mobile phone to be started oneself, switch on the mobile phone the next time when computer hind, it calls the progress of IE browser, the long-range address that appoints from virus author is read take list of a download, download file of more other virus according to among them address again, bring inestimable destruction.
About the labor report of this virus, can be in golden hill virus consults in 100 divisions greatly Http://vi.duba.net/virus/win32-troj-agent-ks-23552-50887.html
2, " photograph the person that peep like the head 701045 " (Win32.Troj.ECode.a.701045) ? Minatory level: ★ ★
This trojan depends on to the greatest harm of user system, it can help what the hacker controls an user photograph like the head.
After virus enters user computer, move below present list instantly rise. It is revised register a watch to start, implementation switchs on the mobile phone to be started oneself. Such, start again when computer when, it can move automatically. If be able to move smoothly, this poison can gain systematic limits of authority. It receives the long-range hacker server that virus author appoints repeatedly reversely, await the hacker's instruction.
Have the aid of its help, the hacker can realize input of mouse of the file that runs this machine, surveillant clavier, surveillance the desktop image of this machine, |
