第一种:通过INTERNET邮件,它搜索当前用户的地址簿文件中的类邮件地址的文本内容,或随机计算邮件地址,通过WINDOWS的SOCKET函数集用SMTP服务器发送自己这个带毒木马,邮件文件是由木马部分形成,并且该邮件会在OUTLOOK EXPRESS下自动执行,它的主题是随机的,但以下几种情况:
Hi
Hello
How are you?
Can you help me?
We want peace.
Where will you go?
Congratulations!!!
Dont cry.
Look at the pretty.
Some advice on your shortcoming.
Free XXX Pictures.
A free hot porn site.
Why dont reply to me?
How about have dinner with me together?
信的正文为:
Im sorry to do so,but its helpless to say sorry.
I want a good job,I must support my parents.
Now you have seen my technical capabilities.
How much my year-salary now? NO more than $5,500.
What do you think of this fact?..Dont call my names,I have no hostility.
Can you help me?
how are you
Lets be friends
Darling
Dont drink too much
your password
Honey
Some questions
Please try again
welcome to my hometown
The Garden of Eden
Introduction on ADSL
Meeting notice
questionnaire
Congratulations
Sos!
Japanese girl VS playboy
Look,my beautiful girl friend
Eager to see you
spice girls vocal concert
Japanese lass sexy pictures
信件携带的附件虚假扩展名可能为以下之一:
txt htm html wab doc xls jpg cpp c pas mpg mpeg bak mp3
真实扩展名为EXE SCR PIF BAT之一。
病毒体内有以下加密信息:
Win32 Klez V2.0 & Win32 Elkern V1.1,(There nick name is Twin Virus*^__^*)
Copyright,made in Asia,announcement:
1.I will try my best to protect the user from some vicious virus,Funlove,Sircam,Nimda,CodeRed and even include 32.Klez1.X
2.Pitiful AVers,cant Elkern 1.0 & 1.1 work on Win 2K&XP?Plz clear your eyes.
3.Well paid jobs are wanted
4.Poor life should be unblessed
5.Dont accuse me.Please accuse the unfair shit world