按照慣例, 小弟主機收到新病毒樣式就拿來貼一下.....
-------病毒信內容-----
From - Mon May 24 09:58:21 2004
X-UIDL: 40ac46b7000003e5
X-Mozilla-Status: 0001
X-Mozilla-Status2: 10000000
Return-Path: <jongmou@taiwan.com>
Received: from cm1.hinet.net (cm1.hinet.net [168.95.4.201])
by mail.mycom.com.tw (8.12.8p1/8.12.8) with ESMTP id i4O1pwWV038311
for <user@mycom.com.tw>; Mon, 24 May 2004 09:51:58 +0800 (CST)
(envelope-from jongmou@taiwan.com)
Received: from msr10.hinet.net (msr10.hinet.net [168.95.4.110])
by cm1.hinet.net (8.8.8/8.8.8) with ESMTP id JAA00898
for <user@cm1.hinet.net>; Mon, 24 May 2004 09:51:58 +0800 (CST)
From: jongmou@taiwan.com
Received: from cm1.hinet.net ([61.219.27.114])
by msr10.hinet.net (8.9.3/8.9.3) with ESMTP id JAA27416
for <user@cm1.hinet.net>; Mon, 24 May 2004 09:51:55 +0800 (CST)
Message-Id: <200405240151.JAA27416@msr10.hinet.net>
To: user@cm1.hinet.net
Subject: Delivery failure notice (ID-00005E49)
Date: Mon, 24 May 2004 09:52:12 +0800
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0014_00005CAA.00006DBF"
X-Priority: 3
X-MSMail-Priority: Normal
Status:
This is a multi-part message in MIME format.
------=_NextPart_000_0014_00005CAA.00006DBF
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
--- Mail Part Delivered ---
220 Welcome to [cm1.hinet.net]
Mail type: multipart/related
--- text/html RFC 2504
MX [Mail Exchanger] mx.mt2.kl.cm1.hinet.net
Exim Status OK.
Delivered message is available.
------=_NextPart_000_0014_00005CAA.00006DBF
Content-Type: application/octet-stream;
name="www.cm1.hinet.net.magnolia.session-00005E49.com"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="www.cm1.hinet.net.magnolia.session-00005E49.com"
然後, 後面就是他整個病毒檔案的程式碼, 小弟就不貼了.......
這個病毒看起來應該是仿造之前會使用
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
宣告樣式的病毒引擎所產生的, 可以說, 此作者的程度不高, 但選定的攻擊範圍相當廣泛! 同時, 也使用微軟嶄新的技術, 有可能是針對『殺手病毒的修正』所產生的攻擊....
修正, 修補, 自我檢視, 才是安全之道!