Worm.Agobot.3.ch.enc
2008-02-23 09:31:53来源:互联网 阅读 ()
病毒名称:
Worm.Agobot.3.ch.enc
类别: 蠕虫
病毒资料:
破坏方法:
病毒"高波"变种
病毒采用PE Diminisher v0.1压缩,VC 6.0编写,蠕虫。
一旦执行,病毒将自我复制系统文件夹.
它将创建下列注册表键值来使自己随Windows系统自启动:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
"nVidia Chip4"="%SYSDIR%\%CURFILE%"
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices "nVidia Chip4"="%SYSDIR%\%CURFILE%"
网络传播:
该病毒利用在 windows 2000 和 XP 系统上的 Remote Procedure Call (RPC) Distributed
Component Object Model (DCOM) 漏洞。该漏洞允许攻击者获得在目标机器上完全的访问权限和执行代码权利。
通过对随机的 TCP/IP 地址的135端口的进行扫描,找到网络中存在安全漏洞的系统。
有关该漏洞的更多信息可以从下面的链接中找到:
Microsoft Security Bulletin MS03-026
另外,该病毒还会在下面的拥有完全访问权限的网络共享中生成并执行自己的拷贝:
admin$
c$
d$
e$
print$
它可以进行IPC弱口令猜测,可能的用户名、密码组合为:
用户名:
"Administrateur"
"Coordinatore"
"Administrador"
"Verwalter"
"Ospite"
"kanri"
"kanri-sha"
"admin"
"administrator"
"Default"
"Convidado"
"mgmt"
"Standard"
"User"
"Administrat"
"administrador"
"Owner"
"user"
"server"
"Test"
"Guest"
"Gast"
"Inviter"
"a"
"aaa"
"abc"
"x"
"xyz"
"Dell"
"home"
"pc"
"test"
"temp"
"win"
"asdf"
"qwer"
"OEM"
"root"
"wwwadmin"
"login"
"owner"
"mary"
"admins"
"computer"
"xp"
"OWNER"
"mysql"
"database"
"teacher"
"student"
密码:
"admin"
"Admin"
"passWord"
"Password"
"1"
"12"
"123"
"1234"
"!@#$"
"asdfgh"
"!@#$%"
"!@#$%^"
"!@#$%^&"
"!@#$%^&*"
"WindowsXP"
"windows2k"
"windowsME"
"windows98"
"windoze"
"hax"
"dude"
"owned"
"lol"
"ADMINISTRATOR"
"rooted"
"noob"
"TEMP"
"share"
"r00t"
"ROOT"
"TEST"
"SYSTEM"
"LOCAL"
"SERVER"
"Access"
"BACKUP"
"computer"
"fUCked"
"gay"
"idiot"
"Internet"
"test"
"2003"
"2004"
"backdoor"
"whore"
"wh0re"
"CNN"
"pwned"
"own"
"crash"
"passwd"
"PASSWD"
"devil"
"Linux"
"UNIX"
"feds"
"fish"
"changeme"
"ASP"
"PHP"
"666"
"BOX"
"Box"
"box"
"12345"
"123456"
"1234567"
"12345678"
"123456789"
"654321"
"54321"
"111"
"000000"
"00000000"
"11111111"
"88888888"
"pass"
"passwd"
"database"
"abcd"
"Oracle"
"sybase"
"123qwe"
"server"
"computer"
"Internet"
"super"
"123asd"
"ihavenopass"
"godblessyou"
"enable"
"xp"
"2002"
"2003"
"2600"
"0"
"110"
"111111"
"121212"
"123123"
"1234qwer"
"123abc"
"007"
"alpha"
"patrick"
"pat"
"administrator"
"root"
"sex"
"god"
"Foobar"
"a"
"aaa"
"abc"
"test"
"temp"
"win"
"pc"
"asdf"
"secret"
"qwer"
"yxcv"
"zxcv"
"home"
"xxx"
"owner"
"login"
"Login"
"Coordinatore"
"Administrador"
"Verwalter"
"Ospite"
"administrator"
"Default"
"administrador"
"admins"
"teacher"
"student"
"superman"
"supersecret"
"kids"
"penis"
标签:
版权申明:本站文章部分自网络,如有侵权,请联系:west999com@outlook.com
特别注意:本站所有转载文章言论不代表本站观点,本站所提供的摄影照片,插画,设计作品,如需使用,请与原作者联系,版权归原作者所有
上一篇:Worm.Cissi.b
下一篇:Worm.Sober.d.enc
IDC资讯: 主机资讯 注册资讯 托管资讯 vps资讯 网站建设
网站运营: 建站经验 策划盈利 搜索优化 网站推广 免费资源
网络编程: Asp.Net编程 Asp编程 Php编程 Xml编程 Access Mssql Mysql 其它
服务器技术: Web服务器 Ftp服务器 Mail服务器 Dns服务器 安全防护
软件技巧: 其它软件 Word Excel Powerpoint Ghost Vista QQ空间 QQ FlashGet 迅雷
网页制作: FrontPages Dreamweaver Javascript css photoshop fireworks Flash
