查看單個文章
舊 2004-09-02, 11:57 AM   #4 (permalink)
boatswain
榮譽勳章

勳章總數
UID -
在線等級:
文章: n/a
精華:
預設

Tuesday, August 31, 2004
More details on Bagle.AK Posted by Alexey @ 21:48 GMT

--------------------------------------------------------------------------------
The e-mail that Bagle.AK was spammed in contains an archive named FOTO.ZIP. Inside there's an HTML file and an EXE file named FOTO.EXE. This EXE file is a dropper. It drops and activates a DLL file that kills processes belonging to updating components of several anti-virus programs.

After this it tries to connect to 131 different websites and to download a file named B.JPG from them. The URLs are hardcoded in the program's body. So far we have not been able to get the contents of that file for investigation. The sites are either down or the file is simply not there.

http://www.f-secure.com/weblog/
 
送花文章: 0, 收花文章: 0 篇, 收花: 0 次
回覆時引用此帖