计算机防病毒技术培训.pptVIP

* 例子，WORM_MYTOB /vinfo/virusencyclo/default5.asp?VName=WORM_MYTOB.A * 例子， WORM_SDBOT.ANF 病毒 /vinfo/virusencyclo/default5.asp?VName=WORM%5FSDBOT%2EANFVSect=T Network Propagation and Exploit This worm spreads by dropping copies of itself in the following network shares: ADMIN$ IPC$ E$ D$ C$ * /vinfo/virusencyclo/default5.asp?VName=WORM_PEERCOPY.A WORM_PEERCOPY.A Description:? This worm propagates via peer-to-peer (P2P) applications, such as Kazaa, WinMX, Morpheus, Edonkey2000, Bearshare, and KMD. It may also propagates via the instant messaging appilications ICQ and mIRC. Upon execution, it drops the following copies of itself in the indicated hardcoded location: C:\Program Files\XP Keychanger.exe C:\Program Files\kazaa\my shared folder\Win XP Key Generator.exe C:\Program Files\mIRC\download\XP Keychanger.exe C:\mIRC\XP Keychanger.exe C:\Program Files\icq\shared files\XP Keychanger.exe C:\Program Files\WinMX\my shared folder\XP Keychanger.exe C:\Program Files\morpheus\my shared folder\XP Keychanger.exe C:\Program Files\Edonkey2000\incoming\XP Keychanger.exe C:\Program Files\Bearshare\XP Keychanger.exe C:\Program Files\KMD\my shared folder\XP Keychanger.exe If the immediate parent folder of any the said paths is non-existent, it skips the corresponding path. * WORM_MYTOB It propagates via networks by taking advantage of the Windows LSASS vulnerability, Microsoft Security Bulletin MS04-011 WORM_SDBOT It also takes advantage of the Microsoft Windows Plug and Play vulnerability to propagate across networks. Microsoft Security Bulletin MS05-039 * WORM_MYTOB It propagates via networks by taking advantage of the Windows LSASS vulnerability, Microsoft Security Bulletin MS04-011 WORM_SDBOT It also takes advantage of the Microsoft Windows Plug and Play vulnerability to propagate across networks. Microsoft Security Bulletin MS05-039 极光行动（英语：Operation Aurora）或欧若拉行动是2009年12月中旬源自中国的一场网络攻击中文維基百科未有网络攻击頁面，可參考英语维基百科的对应页面cyber attack。