病毒名称:TrojanClicker.Win32.Agent.ac(瑞星)
病毒别名:TrojanDownloader.ClickMe(江民),
影响系统:Windows系统 威胁级别:★
基本特征:大小 16,456 字节,是WIN32平台下的一个木马,具有自动拨号功能,可能导致用户的巨额话费;
病毒行为:
1:在%system32%下生成china.exe文件作为病毒体(16,456 ,I)
2:修改,创建如下注册表内容,实现自动启动
注册表键: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
值: HELPER
数据: C:\WINDOWS\system32\china.exe -N
3:在桌面以及开始菜单上生成一个彩色图样程序快捷方式,诱惑用户点击目的网址 //www.cbit-solutions.com,www.crl.thawte.com,www.ocsp.thawte.com等//
4:病毒文件内包含如下内容:
YOU MUST BE EIGHTEEN (18) YEARS OF AGE OR OLDER TO USE THIS SERVICE. IF YOU ARE EIGHTEEN (18) YEARS OF AGE OR OLDER AND YOU HAVE READ THE FOLLOWING TERMS AND CONDITIONS OF SERVICE IN FULL, CLICK ON THE OK BUTTON BELOW WARNING:- By using this software, your modem will dial a Premium Rate Number. NO CREDIT CARD IS REQUIRED TO ACCESS THIS SERVICE. YOU WILL ONLY BE CHARGED ON A MINUTE-BY-MINUTE BASIS ON YOUR PHONE BILL FOR A PREMIUM RATE CALL. By using the software, your computer will terminate the modem connection to your usual Internet Service Provider. Your modem will then dial a PREMIUM RATE TELEPHONE NUMBER. Using this software will initiate a direct connection to our server at a cost of an international call. The material that are available within the site may include graphic visual depictions and descriptions of nudity and sexual activity and should NOT be accessed by anyone younger than 18 years old
//大意:你必须达到18岁才能访问我们的服务....你的猫将拨号...拨打国际长途...//
5:造成已经拨号的网络断线。转为电话拨号,用户可能产生巨额话费;
