(瑞星编译)
病毒名称:VBS/European-A
VBS/European-A是一个乱发邮件的VBS脚本病毒,如果C盘中的C:\startup文件夹不存在,该蠕虫在创建该文件夹,并将自身复制到该文件夹中,文件名可能是下面之一:
"startup.bll"
"start.bll"
"winstart.bll"
"autoexec.bat.bll"
"win.ini.bll"
"config.bll"
"windoh.bll"
"fooled.bll"
"nothing.bll"
或
"gotcha***.fooled.bll"
(其中 *** 代表6个空格)
蠕虫创建一个新的注册键值HKCROOT\.bll\,这样扩展名为BLL的文件将作为VBS文件运行。蠕虫还会创建
"URGENT.TXT***.vbs" (其中***代表17个空格)到windows目录中,同时注册键被修改,以便每次系统启动都会运行该文件。
蠕虫企图将自身伪装成其所在目录中的HTML, HTA,
OCX, DLL, BAT, EXE, VBS 或VBE文件,同时还利用Microsoft Outlook将自身作为附件发送。
如果安装了outlook,蠕虫会利用 windows目录中的三个文件名之一(Readme.TXT***.vbs",
"SECURE.JPG***.vbs" 或 "MyDildo.jpg***.vbs)其中***分别代表不同数量的空格,然后,蠕虫将
作为附件发送给outlook中的每一个地址,邮件的内容如下:
主题:
"Something very special"
"I know you will like this"
"Yes, something I can share with you"
"Wait till you see this!"
"Check out this picture of me masturbating"
消息:
"Hey you, take a look at the attached file. You won't believe your eyes
when you open it!"
"Run this vulnerable script checker to see if your system is vulnerable to
malicious scripts."
"Did you see the pictures of me and my battery operated boyfriend?"
"My best friend,This is something you have to see! Till next time"
"Is the Internet that safe? Check it out"
最后,令人烦恼的是蠕虫要打开10个记事本窗口。
您的位置: