|
|
发表于 2006-12-4 13:29:27
|
显示全部楼层
Common name: Agent.APB
$ R% f) b( a9 w: `; D3 g ; }0 m( ?0 j* |0 D# \7 L5 m$ N
Technical name: Bck/Agent.APB
' `9 \3 F& W+ F- W # Q J8 V& F9 S( }
Threat level: Low
3 {# \! U5 \/ ]' z
+ d8 u) X3 T z8 c$ Z$ VType: Backdoor
3 R; ~* V% F3 p5 {* J
; p. v$ e' D: `) f D4 MEffects: % ^1 B5 c0 z* \8 G; n
It installs a proxy server, opens a random port on the affected computer and provides its author with the information necessary to access it remotely. One of its components provides it with the ability to make downloads, so that it can update itself.
& G7 P1 S$ _; t" w% j& y- T& Q: G8 p) K) w1 y9 d* J. [4 j8 ~- B
; x6 ^( _4 R! R$ a
# y1 }3 X: V0 DAffected platforms: Windows 2003/XP/2000/NT/ME/98/95" {6 ^" u6 \, s' s0 M( v% r, v
0 @: X+ x5 d$ p* Y: q- V: k$ y
* G: A7 N) v6 [9 y9 i8 i
First detected on: Sept. 27, 2005
2 ^& [1 G; t, z9 r* ?% q
: G7 ^4 [+ C7 P" O. zDetection updated on: Sept. 29, 2005 / Z1 A0 _* D+ l2 v9 H) l0 r$ I2 i
- B8 T( h6 U" f, YIn circulation? No
. R! m7 C+ Q M! h" G 0 H7 F/ n9 H P
Proactive protection: Yes, using TruPrevent Technologies 2 X6 C8 d; R+ w
. \7 X8 C8 B6 J! R 7 c: Y$ {+ a5 K: l! E1 q
# H9 U5 H! L& D+ ]% Y: E0 `& K
Brief Description
2 Q3 e8 q0 Q$ q1 {
2 l7 ~8 h2 R0 M2 w5 d% zAgent.APB is a backdoor that installs a proxy server, and opens a random port on the affected computer.$ `; O( Z, B7 U9 Z! j
+ _- |" [7 v) Y' E; ^
Then, it makes GET requests of a specific format to three different websites in order to notify its authors that the computer has been compromised and supply them with the necessary information to access it remotely: number of the port opened, version of the operating system, last known IP address, etc.
f5 c1 b& z' ~' h5 I% k2 ~& N. b8 ~* Y4 \- ~0 ]+ Y% W. ^, I; d2 W) E# ?) {
Additionally, one of the components of Agent.APB provides it with the ability to make downloads, so that it can update itself.
- o! U4 `" H, \) M2 c6 z: O [. z5 u- H7 ]3 C: p6 K# L' G. r
Agent.APB does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.
8 X, M) w( L' B ( w+ {' B$ z" s b
6 n' \" l8 q- q
Visible Symptoms
1 s( P3 A/ ]# |' _+ l' s5 W! r+ H' E
* e# e0 L1 K2 q- ^# c" | q3 {Agent.APB is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.0 W9 m0 b' v6 a6 k( }% T' A% }$ ^8 ?
5 B3 T2 l; ?( F0 ?
上面是这个病毒的特征,用panda可以删除 |
|
狗仔卡
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡