Ng�y ph�t hi?n: 13 ? 05 ? 2008
Hi?m h?a: TrojanDownloader
N?n t?ng: JS
Trojan n�y download m?t ch??ng tr�nh kh�c th�ng qua Internet v� kh?i ch?y n� tr�n m�y t�nh n?n nh�n m� ng??i d�ng m�y kh�ng h? bi?t hay cho ph�p. N� m� h�a Java Script trong m?t t�i li?u HTML. Dung l??ng c?a n� l� 14147 byte.
Ho?t ??ng :
Khi trang b? nhi?m ??c ???c m? ra b?ng tr�nh duy?t web, ng??i d�ng s? nh?n ???c m?t th�ng b�o:
Not Found
The requested URL / was not found on this server.
Trojan sau ?� gi?i m� ch�nh b?n th�n n� v� kh?i ch?y k?ch b?n m� ??c ?? th?c thi. N� s? s? d?ng c�c l? h?ng ???c li?t k� sau ?�y:
1. l?i tr�n b? ??m trong ?i?u khi?n ActiveX Live Picture Corporation DXSurface.LivePicture.FlashPix.1 trong DXTLIPI.DLL khi x? l� "SourceUrl()" (CVE-2007-4336)
2. trong plug-in c?a Windows Media Player khi x? l� m?t tham s? ?src? qu� d�i trong th? "embed" (MS06-006). L? h?ng n�y hi?n di?n khi plug-in ???c kh?i ch?y trong c�c tr�nh duy?t kh�ng ph?i IE.
3. Trong ??i t??ng QuickTime.QuickTime" ActiveX (CVE-2004-0431);
?? download m?t file c� t�n "ldr.exe" t? URL sau:
http://java62.com/load.php****
File download v? n�y c� dung l??ng 48640 byte. N� s? ???c ph�t hi?n b?i Kaspersky Anti-Virus nh? virus Backdoor.Win32.Agent.ich. File n�y s? ???c l?u v�o th? m?c h? th?ng Windows d??i t�n:
%System%~.exe
File n�y sau ?� kh?i ch?y qu� tr�nh th?c thi. Trojan s? s? d?ng ??i t??ng ActiveX "Msxml2.XMLHTTP" v� c�c ??i t??ng c� ??nh danh duy nh?t trong h? th?ng:
{BD96C556-65A3-11D0-983A-00C04FC29E30}
{BD96C556-65A3-11D0-983A-00C04FC29E36}
{AB9BCEDD-EC7E-47E1-9322-D4A210617116}
{0006F033-0000-0000-C000-000000000046}
{0006F03A-0000-0000-C000-000000000046}
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
{6414512B-B978-451D-A0D8-FCFDF33E833C}
{7F5B7F63-F06F-4331-8A26-339E03C0AE3D}
{06723E09-F4C2-43C8-8358-09FCD1DB0766}
{639F725F-1B2D-4831-A9FD-874847682010}
{BA018599-1DB3-44F9-83B4-461454C84BF8}
{D0C07D56-7C69-43F1-B4A0-25F5A11FAB19}
{E8CCCDDF-CA28-496B-B050-6C07C962476B}
?? download m?t file c� t�n g?i "ldr.exe" t? ???ng d?n sau:
http://java62.com/load.php?MSIE
N� s? d?ng ??i t??ng ActiveX "ADODB.Stream" ?? l?u file n�y d??i t�n:
c:sys.exe
v� b?n k� t? ??ng sau nh? v� d? sau:
syskmtz.exe
syskqoq.exe
File ???c download v? sau ?� s? kh?i ch?y qu� tr�nh th?c thi.
H??ng d?n g? b?
N?u m�y t�nh c?a b?n kh�ng c� m?t ch??ng tr�nh di?t virus t? ??ng c?p nh?t, ho?c kh�ng c� m?t gi?i ph�p di?t virus to�n v?n, h�y th?c hi?n theo c�c h??ng d?n sau ?? x�a b? m� ??c kh?i m�y t�nh:
1. X�a file g?c c?a Trojan (v? tr� file t�y thu?c v�o c�ch n� x�m nh?p ban ??u v�o m�y t�nh n?n nh�n).
2. X�a c�c file sau:
%System%~.exe
c:sys.exe
3. V� hi?u h�a c�c ??i t??ng ActiveX b? l? h?ng
4. C�i ??t c�c b?n v� b?o m?t sau:
http://www.microsoft.com/technet/security/Bulletin/MS06-006.mspx
5. C�i ??t phi�n b?n m?i nh?t c?a QuickTime.
6. C?p nh?t c? s? d? li?u virus v� th?c hi?n qu�t to�n b? m�y t�nh.
Other Recommended Posts on This Category
- Virus Gpcode.ak v� c�ch di?t
- L�m g� khi m�y t�nh b? nhi?m ??c
- C�ch di?t Trojan-Downloader.JS.Multi.ca
- C�ch di?t virus W32.Kavo - l�m k?t th�c Yahoo ngay khi ??ng nh?p
- C�ch di?t : Rootkit.Win32.Agent.pp
- L?i Joomla: Ch? nguy hi?m v?i webmaster thi?u � th?c!
- Ph�t hi?n h�ng lo?t l? h?ng trong tr�nh duy?t Opera
- ?�o t?o v? b?o m?t cho ng�nh H?i quan
- B? T? ph�p Anh ?�nh m?t th�ng tin
- H?u h?t th? r�c ??u l� m� ??c
- Cisco v� l?i ch??ng tr�nh h?p tr?c tuy?n
- MobileMe l?t v�o t?m ng?m c?a hacker
- ?V�? l? h?ng Joomla b?ng c�ch th? c�ng
- V� l?i DNS v?n ch?a ?? an to�n?
- Hacker Nga k�u g?i t?n c�ng Georgia
- S�u Storm m?i t?n c�ng ng??i d�ng Facebook
- L?a "b�a h? m?nh" cho m�y t�nh
- D?ch v? Blogger c?a Google: thi�n ???ng cho malware!
- C�ch di?t virus HackTool.Perl.IrBot.d
Đăng nhận xét