|
病毒无奇不有 Valcard病毒创建音频图片文件
别名:Win32/Admirer.A,I-Worm.Valcard,WORM_VALCARD.A
类别一:Win32
类别二:蠕虫病毒
破坏性:低
流传性:广
最新病毒Win32.Valcard特征:
Win32.Valcrad是一个通过微软OutLook传播的邮件蠕虫病毒。其邮件主题从下面列表随机选取而来:
Secret Admirer
Somebody Loves You
Romance from Afar
Love at first sight
...when sleepers wake and yet still dream...
Be Mine ?!
Yours Always
Happy Valentines
From Me To You
Thy eternal summer shall not fade
I can express no kinder sign of love, than this kind kiss
Poetry is an echo, asking a shadow to dance
O, beauty, till now I never knew thee!
Romantic gesture
Good night, sweet prince, and flights of angels sing thee to thy rest
像邮件主题一样,其内容也是随机选取的,从下面的列表中:
Happy Valentines
I hope you like the card I‘ve attached,
even if you don‘t feel the same.
[Sender‘s Name]
Febuary Feelings
It‘s that time of year again.
But I‘m still only sedning a card to you.
[Sender‘s Name]
Hi
I feel like a child sending you this card
but I just had to do it.
[Sender‘s Name]
...and every breath I ever took,
every tear I ever wept,
Every star I wished upon,
Seemed nothing until now.
[Sender‘s Name]
In this life we cannot do great things.
We can only do small things with great love.
[Sender‘s Name]
发送者的名字从注册表中下面这个键中取得
HKLM\Software\Microsoft\Windows\CurrentVersion\RegisteredOwner
并且都会带一个名叫"ValentineCard.exe"的附件。如果运行了这个附件,病毒会将自身拷贝到系统目录,而且会在注册表启动项中,加入下面键值:HKLM\Software\Microsoft\Windows\CurrentVersion\Run\14th="%system directory%\ValentineCard.exe",也会加入下面这个键值:HKLM\Software\Microsoft\Windows\CurrentVersion\Valentine="true"。
这个病毒包括一个音频文件与一个JPEG格式的图片。如果该病毒在星期四触发的话,它会产生一个图片文件"c:\evil.jpg",
并且会执行这个"start c:\evil.jpg".这样将会用缺省的看图软件来打开这个JPG图片文件。
因为BUG原因,实际上是由一个音频文件替换了"c:\evil.jpg",而且这个音频文件也不会正确执行。而图片文件"c:\evil.jpg",将会永远不能被该病毒创建或者显示!
在有些情况下,该蠕虫病毒也能正确创建音频文件"c:\1.wav",如果有声卡的话,会立即执行。这个音频文件是由一个女人说的一句话"somebody loves you",你可以点击这里下载!
源文:http://www3.ca.com/virus/virus.asp?ID=10953
(,2002-02-19)
|
