病毒名称:W32.Supova.B.worm
发现日期:2002-07-18
别名:W32.Supova.Worm
病毒类型:蠕虫
感染长度:14,336 字节
危害级别:中
传播速度:中
受影响系统:Windows 95, Windows 98, Windows NT, Windows 2000, Windows XP, Windows Me
不受影响系统:Macintosh, Unix, Linux
病毒危害:
1.删除文件:会删除%Windows%\*.*, %Windows%\System\*.*及%Windows%\System32\*.*文件;
2.降低性能:会对"www.islamicity.com", "www.christianity.com", 及 "www.beliefnet.com" 发动拒绝服务攻击。
技术特征:
该病毒以伪装的流行软件在互联网上蔓延。通过欺骗KaZaA用户下载并运行流行程序来借助KaZaA共享网络传播。病毒运行后会:
1.弹出信息框:
2.以如下文件名将自身拷贝至C:\Windows\Media文件夹下:
Windows XP key generator.exe
Windows XP serial generator.exe
Key generator for all windows XP versions.exe
Warcraft 3 ONLINE key generator.exe
Half-life ONLINE key generator.exe
Quake 4 BETA.exe
Grand theft auto 3 CD1 crack.exe
GTA3 crack.exe
Battle.net key generator (WORKS!!).exe
Warcraft 3 battle.net serial generator.exe
Half-life WON key generator.exe
Star wars episode 2 downloader.exe
Winzip 8.0 + serial.exe
Winrar + crack.exe
Britney spears nude.exe
Macromedia MX key generator (all products).exe
KaZaA media desktop v2.0 UNOFFICIAL.exe
Microsoft key generator, works for ALL microsoft products!!.exe
Microsoft Windows XP crack pack.exe
Hack into any computer!!.exe
DivX codec v6.0.exe
DivX newest version.exe
DivX.exe
DivX pro key generator.exe
Key generator for over 1,000 applications (really!).exe
DivX patch - Increases quality.exe
KaZaA spyware remover.exe
Age of empires 2 crack.exe
Norton antivirus 2002.exe
Macromedia Dreamweaver MX Key Generator.exe
Macromedia Flash MX Key Generator.exe
Neverwinter nights crack.exe
Microsoft Office XP (english) key generator.exe
Microsoft Office XP.iso.exe
CloneCD + crack.exe
CloneCD all-versions key generator.exe
XBOX emulator (WORKS!!).exe
Gamecube Emulator (WORKS!!).exe
Xbox.info.exe
Grand Prix 4 crack.exe
Nokia simlock remover (includes new models).exe
Britney spears hard porn (REAL!).exe
Christina Aguilera fuck (REAL!).exe
Kiddy child incest porn.exe
Doom 3 preview!!.exe
Crazy taxi crack.exe
Copy protection remover.exe
Sex.exe
A.exe
Jedi Knight 2 crack.exe
Warcraft 3 trainer.exe
Cable modem uncapper.exe
Grand theft auto 3 trainer.exe
KaZaA hack.exe
KaZaA lite.exe
Dragonball Z.exe
Dragonball Z COMPLETE episode guide.exe
Dragonball Z shootout.exe
Dragonball Z episode 1.exe
J-LO Nude (REAL!!).exe
Doom 3 screenshots.exe
Resident Evil [DivX].exe
Shrek.exe
Starcraft 2 preview!.exe
Starcraft battle.net key generator.exe
Starcraft ONLINE crack.exe
3.修改KaZaA下载文件夹设置,使得其他KaZaA网络用户也能访问media文件夹。这使得其他KaZaA用户可从此位置下载病毒程序。
注意:只有在电脑上安装了KaZaA程序的情况下该病毒才能传播
4.为进一步掩盖其恶意行径,病毒会使用以下图标:
5.病毒还会从以下列表中随机选择不同的名称将自身拷贝至\Windows文件夹下:
Alles-ist-vorbei.exe
Desktop-shooting.exe
Hello-Kitty.exe
BigMac.exe
Cheese-Burger.exe
Blaargh.exe
6.在\Windows下创建一文本文件,文件名以12个随机数字组成,其中包含的文本如下:
W32.Supernova - Ban religion
---------------------------------------------------
Religion = War
Religion = Based on fairytales
Wars based on fairytales?
Ban religion, welcome to the truth
---------------------------------------------------
7.它还会将如下信息发送给MSN Messenger联系人:
Hehe, check this out :-)
Funny, check it out (h)
LOL!! See this :D
LOL!! Check this out :)
Hehe, this is fun :-)
8.添加键值SupernovaC:\Windows\.exe
至注册表HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
使得Windows启动时,病毒会自动运行。
9.删除如下文件:
%windir%\*.*
%windir%\System\*.*
%windir%\System32\*.*"
在删除文件之前,它会显示"0wned by the blasting star." 的信息框。
文件被删除之后又会显示Patch the leaks... Or the ship will sink.... 信息,之后又弹出信息框"Religion is war!!"
10.对如下站点发动拒绝服务攻击:
www.islamicity.com
www.christianity.com
www.beliefnet.com |
