|
Klez(求职信)
病毒名称:Klez(求职信)
别名:Win32/Krn132,Win32/Klez,
W32.Klez, Kleza.A,ElKern, Klaz, Kletz,
I-Worm.Klez
病毒特点:
由于病毒体代码包含以下内容,该英文信的内容与求职有关,所以我们将其命名为“求职信”病毒。
(I'm sorry to
do so,but it's helpless to say sorry.
I want a good job,I must support my parents.
Now you have seen my technical capabilities.
How much my year-salary now? NO more than $5,500.
What do you think of this fact?
Don't call my names,I have no hostility.
Can you help me?)
该病毒通过电子邮件传播,邮件的主题从下列中随机选取
Hi
Hello
How
are you?
Can
you help me?
We
want peace
Where
will you go?
Congratulations!!!
Don't
Cry
Look at the pretty
Some advice on your shortcoming
Free XXX Pictures
A free hot porn site
Why
don't you reply to me?
How
about have dinner with me together?
Never
kiss a stranger
附件的名称也是随机的,如Nxrj.exe,Uruo.exe,Vws.exe。如果用户使用微软的Outlook收发电子邮件,那么在预览含有该病毒的邮件时,病毒已经被执行。病毒一旦运行,将在C:\Windows\System下生成两个隐含文件Krn132.exe和Wqk.exe,修改注册表,添加如下键值:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Krn132=C:\WINDOWS\SYSTEM\Krn132.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\WQK=C:\WINDOWS\SYSTEM\Wqk.exe
同时感染PE文件和.scr文件。
一旦感染此病毒,系统将变得非常缓慢,并且该病毒还可以通过取Outlook地址簿中的邮件地址自动传播给其他用户。
国家计算机病毒应急处理中心
计算机病毒防治产品检验中心
网 址:Http://www.antivirus-China.org.cn
电 话:022-27316567
022-87307180
传 真:022-27316567
电子邮件:sos@tjlink.tisti.ac.cn
|