|
发表于 2006-12-4 13:29:27
|
显示全部楼层
Common name: Agent.APB
) }5 f( k* [. U
; k5 F1 D. @% Y$ bTechnical name: Bck/Agent.APB
: c6 f3 `* Y( s' [0 Y3 q3 O * D$ g9 u. z8 e: }5 v4 a8 u
Threat level: Low # {- @' C3 K" R) Y' F4 M! K
- \# j K/ @7 j% V9 K$ m
Type: Backdoor * n) z9 u5 \* ~" F3 r$ x1 _3 @
; A4 _$ ?( Q L" Q5 B8 x! E
Effects: 9 E+ i/ Y6 e+ n3 d \. o3 |
It installs a proxy server, opens a random port on the affected computer and provides its author with the information necessary to access it remotely. One of its components provides it with the ability to make downloads, so that it can update itself.' q; D! J" T( i+ y: \4 |
2 R: T! t9 `/ P ^: L/ [9 f2 g
3 Q# d; H B' U- L5 A. I
+ K4 A6 ]' Q i% E% C
Affected platforms: Windows 2003/XP/2000/NT/ME/98/95
' F) R9 ~5 i& `' Q0 p8 r- }5 ? " O( R' z( Y$ |! Z2 P, b1 D
, S5 ?. P: U* Q; U0 VFirst detected on: Sept. 27, 2005
5 E3 q6 h/ i) w+ [* J : ]0 Z2 }9 I$ g0 `/ {! _
Detection updated on: Sept. 29, 2005 1 F) h0 n" @' p2 ?2 q o4 n
) L0 C4 P' E) B" R. c. C( H a* GIn circulation? No
& p, }1 H, h* ]0 t# s4 Y
$ e! \; K- _" z7 \; ^Proactive protection: Yes, using TruPrevent Technologies 0 Q$ u b. d6 i1 }! m" l2 l! U
" m: n, N, j) H5 S
) Y2 s3 c( ~( }+ j R3 J5 B 1 a5 i. I' _5 i5 l6 I$ K) s& }
Brief Description / {2 @+ M* U Y% C: Y
& e8 l. a$ i/ f9 `+ o
Agent.APB is a backdoor that installs a proxy server, and opens a random port on the affected computer.
+ p1 @# G) x+ |& ]) x$ N0 N( ^- J. ^) ]5 q2 R0 V
Then, it makes GET requests of a specific format to three different websites in order to notify its authors that the computer has been compromised and supply them with the necessary information to access it remotely: number of the port opened, version of the operating system, last known IP address, etc.
1 s! P" I) p, c8 C& n$ C9 u$ f S
4 e( s9 [/ Q0 Z- N, eAdditionally, one of the components of Agent.APB provides it with the ability to make downloads, so that it can update itself.( U2 `7 C \4 E$ e& H6 c
$ r" F7 r6 B/ g: v& n7 D, P/ |9 [, yAgent.APB does not spread automatically using its own means. It needs an attacking user's intervention in order to reach the affected computer. The means of transmission used include, among others, floppy disks, CD-ROMs, email messages with attached files, Internet downloads, FTP, IRC channels, peer-to-peer (P2P) file sharing networks, etc.' k* ~* w7 X. T, Q7 _
* \- V& \" }0 J& Y2 h
) Y4 V3 i( F8 X% ~Visible Symptoms ! D# @4 A/ }+ u7 ~* _$ H
3 c4 S- I$ g: |- |9 p! }
Agent.APB is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.
5 z+ i- D+ n S! m% V0 V: F0 @
8 C# U) A( p1 o" D' b上面是这个病毒的特征,用panda可以删除 |
|