新年快樂病毒報到

最近信箱收到一些垃圾郵件是有關新年快樂的訊息，但此信件中包含可下載風暴蠕蟲 (Storm Worm) 的連結，下載檔案名稱為 happy-2008.exe，可見此病毒的作者又開始利用「放年假的心態」，以散播新變種的風暴蠕蟲，請各位小心囉。

執行之後，有下面的行為 (具有隱匿行為)：

[Added service]
NAME: init_1c52-26ff
DISPLAY: init_1c52-26ff
FILE: \??\C:\WINDOWS\system32\init_1c52-26ff.sys (random file name)

[Added file]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OXI7BCE5\happy-2008[1].exe
C:\WINDOWS\system32\init_1c52-26ff.sys

到目前為止 (2007/12/26 @ 14:41)，下面的防毒軟體可以偵測到這些惡意檔案 (僅提供參考)：

init_1c52-26ff.sys:
[ Microsoft ], "Backdoor:WinNT/Nuwar.B!sys"
[ McAfee ], "Downloader-BAI.sys.gen.a"
[ McAfee_Beta ], "Downloader-BAI.sys.gen.a"
[ Alwil ], "Win32:Zhelatin-ASX [Wrm]"
[ Nod32 ], "probably a variant of Win32/Fuclip trojan"
[ HBEDV ], "TR/Rootkit.Gen"
[ Ikarus ], "Backdoor.Win32.Agent.amd"
[ WebWasher ], "Trojan.Rootkit.Gen"
init_sys_config:
[ Microsoft ], "Backdoor:Win32/Nuwar.B!ini"
[ Sophos ], "Troj/Dorfin-Fam"
happy-2008[1].exe:
[ Microsoft ], "Backdoor:WinNT/Nuwar.B!sys"
[ McAfee ], "W32/Nuwar@MM"
[ McAfee_Beta ], "W32/Nuwar@MM"
[ Alwil ], "Win32:Zhelatin-ASX [Wrm]"
[ Nod32 ], "probably a variant of Win32/Fuclip trojan"
[ HBEDV ], "TR/Rootkit.Gen"
[ Authentium ], "W32/StormWorm.Q"
[ WebWasher ], "Trojan.Rootkit.Gen"
[ bitdefender ], "DeepScan:Generic.Malware.FMH@mmign.893777D0"