|
|
|||||||
| 論壇說明 |
|
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
|
|
主題工具 | 顯示模式 |
2004-09-02, 11:57 AM
|
#4 (permalink) |
|
|
Tuesday, August 31, 2004
More details on Bagle.AK Posted by Alexey @ 21:48 GMT -------------------------------------------------------------------------------- The e-mail that Bagle.AK was spammed in contains an archive named FOTO.ZIP. Inside there's an HTML file and an EXE file named FOTO.EXE. This EXE file is a dropper. It drops and activates a DLL file that kills processes belonging to updating components of several anti-virus programs. After this it tries to connect to 131 different websites and to download a file named B.JPG from them. The URLs are hardcoded in the program's body. So far we have not been able to get the contents of that file for investigation. The sites are either down or the file is simply not there. http://www.f-secure.com/weblog/ |
|
送花文章: 0,
|
樹形模式