Jiang Min's October 3 virus broadcast: Beware of "nilag" virus stealing equipment information of online game heaven
Jiang min reminds you today: In today's virus, TrojanDropper. HTML. r "HTML messenger" variants r and Trojan/
PSW. Nilage. bql "nilag" variant bql is worth noting.
Virus name: TrojanDropper. HTML. r
Chinese name: "HTML messenger" variant r
Virus length: 222950 bytes
Virus Type: Trojan Releaser
Hazard level:★★
Affected Platforms: Win 9X/ME/NT/2000/XP/2003
TrojanDropper. HTML. r the "HTML messenger" variant r is one of the latest members of the "HTML messenger" Trojan family. It is written in Delphi 6.0-7.0 and shelled. The "HTML messenger" variant r is a tool used by hackers to generate the "webpage script Trojan downloader" variant. The generated "web script Trojan download tool" is written in a variety of web script languages, using Microsoft MS06-014 and other 13 Windows system vulnerabilities to download a large number of malicious programs, destructive is very powerful. The "HTML messenger" variant r can avoid monitoring of most anti-virus security software and reduce the security level on infected computers. If your computer does not install the corresponding Windows vulnerability patch released by Microsoft in a timely manner, when you use a browser to access a malicious webpage with the "webpage script Trojan" variant, the malicious programs of the specified site of the hacker will be downloaded and run automatically in the background of the infected computer.
Virus name: Trojan/PSW. Nilage. bql
Chinese name: "nilag" variant bql
Virus length: 89722 bytes
Virus Type: Trojan
Hazard level:★
Affected Platforms: Win 9X/ME/NT/2000/XP/2003
Trojan/PSW. Nilage. bql "nilag" variant bql is one of the latest members of the "nilag" Trojan family. It is written in Delphi and shelled. After operating the bqlcommand, the tool copies the file to the Reference Directory of the infected computer and renames it as "mongoer.exe ". Release the virus file dab1.dll in the same directory and inject the file into the processes with all user-level permissions of the infected computer system. Modify the Registry to enable automatic startup of Trojans. Secretly monitors the title of the window opened by the user in the background, and steals the game account, password, equipment information, amount of money, and other information of online game heaven 1 players, the stolen player information is sent to the remote server specified by the hacker in the background, causing loss of the player's game account, equipment, items, money, etc., causing great losses to the game players. In addition, the nílager.exe process name is changed to the bql1_upload icon and the zookeeper er.exe process name to disguise itself and prevent it from being discovered.
According to rising global anti-virus monitoring network, today there is a virus worth noting that it is the "ze Latin variant JR (Worm. Mail. Win32.Zhelatin. jr)" virus. A large number of Spam Sent by the virus will slow down the user's computer speed, seriously occupy the network bandwidth, and even cause the enterprise's local area network to crash.
Popular Viruses today:
"Ze Latin variant JR (Worm. Mail. Win32.Zhelatin. jr)" virus: vigilance★★★, Worm virus, transmitted by email, dependent system: WIN9X/NT/2000/XP.
The virus is transmitted by email, and an attachment file is attached to the mail sent by the virus. When other users open the attachments to these emails, they will be infected with viruses. A large number of spam messages sent by the virus will slow down the user's computer speed, seriously occupy the network bandwidth, and even cause some local network crashes.