论坛: 病毒专区 标题: 综合三大病毒特性 Scezda虎视眈眈 复制本贴地址    
作者: zhangyun [zhangyun]    论坛用户   登录
一位名叫Melhacker的黑客日前放出言论说,如果美国发动侵袭伊拉克的武装战争,他将释放在自己在8月份编写好的病毒。这个病毒叫Scezda ,综合了著名的SirCam、 Klez和Nimda病毒的特征,具有极强的杀伤力。
����
����接受Computerworld采访时,Melhacker表示,他非常同伊拉克的处境,所以他和俄国和巴基斯坦病毒编写组的人合作,在八月份就已经准备好了这个病毒,准备在美国发动侵袭伊拉克战争的同时在网上释放这个病毒。
����
����据iDefense公司的总裁Kelly先生透露,这个黑客可能是基地组织的一名成员,他从事了六年编写恶意代码病毒的工作,其间他参与了BS.OsamaLaden@mm、Melhack、 Kamil、BleBla.J 和 Nedal worms病毒的编写和传播 。而且还有可能参与编写了9月份在网上肆虐的“Bugbear”病毒。
����
����Kelly先生警告互联网用户说:尽管我们不知道Melhacker和俄国或者巴基斯坦到底有什么瓜葛,也不清楚他在传播病毒方面有多擅长,但是我们必须提高警惕:一旦美国发动侵伊战争,我们应该时时小心我们机子上的一切异常情况。
����
����安全公司McAfee的副总裁Gullotto表示:Scezda病毒对互联网的破坏力,关键在于Melhacker怎么让这个病毒开始在网上传播。传播方式不明智,再强大的病毒攻击也是徒劳,但是一旦传播开来,它们的破坏力不可小觑。
����
����Gullotto最后幽默的补充了一句:Melhacker作为基地组织的成员,居然能被同情心驱使编写病毒,也许我们得怀疑一下基地组织的管理制度了。




文章来源:计算机世界


地主 发表时间: 04-06-26 08:38

回复: z7 [skyzz]   论坛用户   登录
2002年的事情啦

B1层 发表时间: 04-06-26 18:50

回复: zhangyun [zhangyun]   论坛用户   登录
那不能发吗???

B2层 发表时间: 04-06-26 19:15

回复: z7 [skyzz]   论坛用户   登录
好吧  你没有注明时间啊 
下面给出一点 资料  是MCAFREE里的资料  定义病毒为W32/Cezdas
Virus Characteristics: 
Prior to receiving this sample, this threat was detected with DAT files as old as 2 years, version 4105+, as New Worm when scanning with program heuristics enabled.

This is an intended destructive mass-mailing worm. The author recently contacted a reporter, threatening to release this virus if America attacks Iraq. The author submitted his "W32.Scedza@mm" virus, mentioned in the article, to several anti-virus vendors on 11/10/2002. This version does not work due to bugs in the code.
有作者说明
The virus intends to delete anti-virus software and spread via KaZaa and mIRC. If it worked, users could receive the virus in an email message with various subject lines, message bodies, and attachment names. The virus aims to copy itself to C:\Windows\Scezda.exe and create several registry run keys:
奇怪的传播方式  也难怪在中国爆发的可能性比较不好

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run\Scezda01=C:\Windows\Scezda.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunOnce\Scezda01=C:\Windows\Scezda.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices\Scezda01=C:\Windows\Scezda.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServicesOnce\Scezda01=C:\Windows\Scezda.exe
It also aims to copy itself to default KaZaa shared folders using various filenames:
C:\KaZaA\My Shared Folder\
C:\Program Files\KaZaA\My Shared Folder\
As well as to overwrite the mIRC script.ini file to send itself when users join the same channel as an infected user:
c:\mIRC\script.ini
c:\mIRC32\script.ini
c:\Program Files\mIRC\script.ini
c:\Program Files\mIRC32\script.ini
The destructive payload is intended to drop a batch file as well as overwrite the Autoexec.bat file with instructions to delete various files; including documents, registry, and security software files.
Note: None of the aforementioned behavior was observed during testing. However, the author does write "< Scezda Worm > This virus are intro only and this is the first version of Scezda Worm. Just wait for another."
他定义为低风险的



B3层 发表时间: 04-06-26 20:33

回复: zhangyun [zhangyun]   论坛用户   登录
嘿嘿....
  知道拉!~~

B4层 发表时间: 04-06-27 10:25

回复: kailangq [kailangq]   版主   登录
警告第一次:禁止灌水!在灌水就封帖!

B5层 发表时间: 04-06-27 10:29

论坛: 病毒专区

20CN网络安全小组版权所有
Copyright © 2000-2010 20CN Security Group. All Rights Reserved.
论坛程序编写:NetDemon

粤ICP备05087286号