(瑞星编译)
病毒名称:W32.Qint@mm
大小: 12,288字节
别名:W32.Invalid.worm, TROJ_INVALID.A, W32/InvalidSSL@MM, W32/InvalidSSL
这是一个网络蠕虫,通过邮件来传播,邮件是冒充微软的技术中心发的。
该蠕虫试图利用SMTP进行传播,它使用了一个SMTP服务器,这样要停止该蠕虫的传播就变得
比较容易,只要针对SMTP服务器并使用恰当的设置,该服务器就不能再传播蠕虫了。
由于执行时有缺陷,该蠕虫不断的出问题。
该蠕虫企图对exe文件进行加密,通过调用微软的Crypto API
函数,如果有INTERNET连接存在,
蠕虫会搜索\My Documents文件夹寻找扩展名为.ht*
的文件,从这些文件中分离出邮件地址,然
后将自己作为邮件发送给它们。实际上,附件文件是用MIME加密的。
邮件内容如下:
From: "Microsoft Support"
Subject: Invalid SSL Certificate
Attachment: Sslpatch.exe
Message:
Hello,
Microsoft Corporation announced that an invalid SSL certificate that web sites
use is required to be installed on the user computer to use the https protocol.
During the installation, the certificate causes a buffer overrun in Microsoft
Internet Explorer and by that allows attackers to get access to your computer.
The SSL protocol is used by many companies that require credit card or personal
information so, there is a high possibility that you have this certificate
installed. To avoid of being attacked by hackers, please download and install
the attached patch. It is strongly recommended to install it because almost all
users have this certificate installed without their knowledge.
Have a nice day,
Microsoft Corporation
您的位置: