蠕虫病毒Win32.Luder.K

编辑:大楼网互动百科 时间:2020-01-18 03:00:09
编辑 锁定
本词条缺少名片图,补充相关内容使词条更完整,还能快速升级,赶紧来编辑吧!
Win32/Luder.K是一种通过邮件传播的蠕虫,并寄存在PE 文件中进行传播。另外,它还会生成一个特洛伊,用来下载并运行其它的恶意程序。它是大小为47,235字节,以UPX加壳的加密的Win32可运行程序。
中文名
蠕虫病毒Win32.Luder.K
病毒属性
蠕虫病毒
危害性
中等危害
流行程度

蠕虫病毒Win32.Luder.K其它名称

编辑
Downloader-BAI!M711 (McAfee), W32/Downloader.AYEV (Trend), W32/Dref-X (Sophos), Win32/Luder.K!corrupt, Win32/Luder.K!Worm, Trojan.Peacomm (Symantec), Email-Worm.Win32.Zhelatin.a (Kaspersky)

蠕虫病毒Win32.Luder.K病毒特性

编辑
感染方式:
运行时,Win32/Luder.K复制"alsys.exe"到%System%目录 ,并设置文件属性为隐藏。随后,修改以下注册表键值,以确保在每次系统启动时运行这个副本:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Agent = "%System%\alsys.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Agent = "%System%\alsys.exe"
蠕虫还生成"klllekkdkkd"互斥体,以确保每次只有一个副本运行。
注:'%System%'是一个可变的路径。病毒通过查询操作系统来决定当前系统文件夹的位置。Windows 2000 and NT默认的系统安装路径是C:\Winnt\System32; 95,98 和 ME 的是C:\Windows\System; XP 的是C:\Windows\System32。

蠕虫病毒Win32.Luder.K传播方式

编辑

蠕虫病毒Win32.Luder.K通过邮件传播

Luder.K从 'Z:\' 到 'C:\' 驱动器上搜索小于122,880字节并包含"exe", "scr" 和 "rar"扩展名的文件,查找邮件地址。
蠕虫执行DNS MX (mail exchanger)查询,为每个域找到适合的邮件服务器来发送病毒。它使用本地配置的默认的DNS服务器来执行这些查询。
Luder.K尝试发送邮件到它收集的每个邮件地址。蠕虫发送的邮件带有以下特点:

蠕虫病毒Win32.Luder.K发件地址

蠕虫使用任意名称(从蠕虫自带的一个列表中选择),或生成一个任意字符的字符串并结合"yahoo.com",例如 huwqi@yahoo.com。

蠕虫病毒Win32.Luder.K主题可能是

5 Reasons I Love You
A Bouquet of Love
A Day in Bed Coupon
A Hug & Roses
A Kiss for You
A Kiss So Gentle
A Little (sex) Card
A Monkey Rose for You
A Red Hot Kiss
A Relaxing Coupon
A Romantic Place
A Song to You
A Special Flower for You
A Special Kiss
A Sweet Love
A Token of My Love
A Weekend Getaway
Against All Odds
All For You
All That Matters
Angel of Love
Awaiting Your Love
Baby, I'll Be There
Back Together
Between Us
Bewitching Moonlight
Brand New Love
Breakfast in Bed Coupon
Bubble Bath Coupon
Can't Wait to See You!
Crazy way to say I Luv U
Cuddle Me Please
Cuddle Up
Cyber Love
Dancing With You
Dinner Coupon
Doing It for You
Dream Date Coupon
Dream Girl
Emptiness Inside Me
Eternity of Your Love
Evening Romance
Every Inch of Your Body
Everyone Needs Someone
Falling In Love with You
Feeling Horny?
Fields Of Love
For Better of For Worse
For You
For You....My Love
Forever and Ever
Forever in Love
From this day forward
Full Heart
Hand in Hand
Hand in Hand
He Blessed Our Lives
Heart is Breaking
Heart of Mine
Hey Cutie
Hold Me (distant love)
Hold On
How Much I Love You
Hugging My Pillow
I Always Knew
I am Complete
I Am Lost In You
I Believe
I Can't Function
I Dream of you
I Give to You
I Love Thee
I Love Thee
I Love You Mower
I Love You So
I Love You Soo Much
I Love You with All I Am
I Still Love You
I Think of You
I Win with You
I wish
I Woof You
I Would Do Anything
I Would Give you Anything
If I Could
If I Knew
I'll Be Your Man
In Love
In My Heart
Inside My Heart
Internet Love
It's Your Move
Just You
Just You & Me
Kiss Coupon
Kisses, Hugs & Roses
Last Night was Hot!
Let's Get Frisky
Live With Me
Longing for You
Love at First Sight
Love Birds
Love for Granted
Love is in the Air
Love Remains
Love You Deeply
Made for Each Other
Magic of Flowers
Massage Coupon
Memories
Miracle of Love
Miracle of Love
Moonlit Waterfall
Most Beautiful Girl
My Eye on You
My Heart belongs to you
My Heart is Thinking
My Invitation
My Love
My Perfect Love
Now and Forever
Now I Know
Old Together
Only You
Our Love
Our Love Everyday
Our Love is Free
Our Love is Strong
Our love is torn by miles
Our Love Nest
Our Love Will Last
Our Two Hearts
Our Wedding Day
P.M.S
Passionate Kiss
Peek-A-Boo
Pockets of Love
Puppy Love
Red Rose
Romantic Picnic Coupon
Rose for my Love
Safe and Sound
Safe With You
Search for One
Sending Kiss
Sending You My Love
Sending You My Love
Showers Of Love
So in Love
So in Love
So Unique
Solitary Beauty
Someone at Last
Soul Mates
Soul Partners
Steamy Dream
Steamy Sex Coupon
Summer Love
Take My Hand
Teddy Bear & Roses
Tender Whispers
Thanks...Love
That Special Love
The Candle's Light
The Dance of Love
The Kiss
The Letter
The Long Haul
The Love Bugs
The Miracle of Love
The Mood for Love
The Mood for Love
The Sweet Taste of Love
The Time for Love
Thinking about you
Thinking of You
This Day Forward
This Feeling
Til the End of Time
Till Morning's Light
Till Morninig's Light
Times Are Hard, I Luv U
To New Spouse
Together Again
Together You and I
Touched by Love
True Love
Trunk Full Of Love
Twice Blest
Twilight Paradise
Two of a Kind
Unique Love
Unmatchable Beauty
Until the Day
Vacation Love
Waiting for You
Want to Meet?
Want You to Know
We Are Different
We Have Walked
We're a Perfect Fit
When I look at you
When I'm With You
When I'm With You
When You Fall in Love
Why I Love You
Wild Nights--Wild Nights
Will You?
Window of Beauty
Wine and Roses
Wish I Could Tell You
Wish Upon a Star
With All My Love
With All of My Heart
With This Ring
Without Your Love
Won't you dance with me
Words I Write
Worthy of You
Wrapped in Your Arms
Wrapped Up
You + Me
You and I
You and I Forever
You Are My Guiding Star
You are out of this world
You Asked Me Why
You Brighten My Day
You Lucky Duck!
You Rock Me!
You Were Worth the Wait
Your Love Has Opened
Your Silly Smile
You're My Hero
You're so Far Away
You're Soo kissable
You're the One

蠕虫病毒Win32.Luder.K附件名称

flash postcard.exe
Flash Postcard.exe
Greeting Card.exe
greeting card.exe
Greeting Postcard.exe
greeting postcard.exe
Postcard.exe
postcard.exe
通过文件感染-PE文件
Luder.K每次发现一个带有"exe" 或 "scr" 扩展名的文件,都使用.t文件名复制病毒到文件所在目录,并设置为隐藏文件
注:由8个小写字母组成。例如:"vrstmkgk.t"。
Luder.K检查文件的PE头,来查看是否有足够的空间运行,并在中间插入一个代码。另外,它不会感染已经被感染的DLL或可执行文件。如果被运行,它首先运行相关的.t。Luder.K在被感染文件的PE头的timestamp中写入666作为一个标记,避免再次感染同一文件。
注:生成的.t文件即使不满足感染的所有条件,也不会被Luder.K修改。

蠕虫病毒Win32.Luder.K危害

编辑
生成并运行其它恶意程序
Luder.K在被感染机器上生成Win32/Pecoan.E特洛伊。
终止进程
每隔4秒,如果注册表编辑器(regedit.exe)和名称中包含以下字符串的其它进程(显示在Windows Title Bar中)正在运行,Luder.K就会尝试终止注册表编辑器和这些进程:
anti
avg
avp
blackice
firewall
f-pro
hijack
lockdown
mcafee
msconfig
nav
nod32
rav
reged
spybot
taskmgr
troja
viru
vsmon
zonea
修改系统设置
Luder.K修改以下注册表键值,使得"Windows Firewall/Internet Connection Sharing (ICS)"(还称为"Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)")服务失效:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Start = 4
清除:
KILL安全胄甲InoculateIT 23.73.120,Vet 30.3.3343版本可检测/清除此病毒
词条标签:
计算机学 病毒