Mytob.33 骇虫变种频繁，开启後门程式，降低安全设定，使电脑无防卫能力 Mytob 病毒依然非常活跃，病毒作者不断修改原始程式码并发布新变种，大部分都具有相 同行为模式。 Mytob.33 骇虫与之前的变种相似，不但会取得通讯录名单并且大量传送病 毒邮件，而且会开启後门程式，允许骇客攻击，降低安全设定，使电脑无防卫能力。 基本介绍： 病毒名称：[email protected] 病毒别名：W32.Mytob.ML@mm[symantec] 病毒型态：Worm , E-Mail , Backdoor 病毒发现日期：2005/12/06 影响平台：Windows 95/98/ME , Windows NT/2000/XP/2003 风险评估： 散播程度：高 破坏程度：中 [email protected] 信件格式： 发信者： < 随机 > 主旨： < 下列任一个 > *DETECTED* Online User Violation Email Account Suspension Important Notification Members Support Notice of account limitation Security measures Warning Message: Your services near to be closed. You have successfully updated your password Your Account is Suspended Your Account is Suspended For Security Reasons .................... 内文： < 下列任一个 > Dear user [USER NAME], You have successfully updated the password of your [DOMAIN NAME] account. If you did not authorize this change or if you need assistance with your account, please contact [DOMAIN NAME] customer service at: [SPOOFED EMAIL ADDRESS WITH DOMAIN NAME] Thank you for using [DOMAIN NAME]! The [DOMAIN NAME] Support Team +++ Attachment: No Virus (Clean) +++ [domain part of email] Antivirus - www.[DOMAIN NAME] Dear user [USER NAME], It has come to our attention that your [DOMAIN NAME] User Profile ( x ) records are out of date. For further details see the attached document. Thank you for using [DOMAIN NAME]! The [DOMAIN NAME] Support Team +++ Attachment: No Virus (Clean) +++ [DOMAIN NAME] Antivirus - www.[DOMAIN NAME] ...................... 附加档案： < 下列任一个 > [RANDOM FILE NAME] accepted-password account-details account-info account-password account-report approved-password document email-details email-password ................... [email protected] 行为描述： 注：在Win95/98/me %System% 预设值为 C:\windows\System 在WinNT/2000/XP/2003 %System% 系统预设值为 C:\WinNT\System32 骇虫会从通讯录和下列位置取得电子邮件地址： %UserProfile%\Local Settings\Temporary Internet Files 骇虫会从下列副档名档案中取得电子邮件地址： .adb .asp .cgi .dbx .htm .html .jsp .php .pl .sht .......... 骇虫会开启後门程式并允许骇客攻击。 透过病毒执行後，将骇虫本身复制到%System% skype32.exe 病毒执行後，在%System%产生 rofl.sys 修改登录档，降低安全设定。 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center "AntiVirusDisableNotify" = "1" "AntiVirusOverride" = "1" "FirewallDisableNotify" = "1" "FirewallOverride" = "1" "UpdatesDisableNotify" = "1" 修改登录档，降低安全设定。 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile "EnableFirewall" = "0" 修改登录档，降低安全设定。 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate "DoNotAllowXPSP2" = "1" -- 夫兵者不祥之器物或恶之故有道者不处君子居则贵左用兵则贵右兵者不祥之器非君子 之器不得已而用之恬淡为上胜而不美而美之者是乐杀人夫乐杀人者则不可得志於天下 矣吉事尚左凶事尚右偏将军居左上将军居右言以丧礼处之杀人之众以哀悲泣之战胜以 丧礼处之道常无名朴虽小天下莫能臣侯王若能守之万物将自宾天地相合以降甘露民莫 之令而自均始制有名名亦既有夫亦61-62-84-213-adsl-tpe.STATIC.so-net.net.tw海