Worm.Glowa.h

病毒别名： 处理时间：2007-03-16 威胁级别：★

中文名称： 病毒类型：蠕虫 影响系统：Win 9x/ME,Win 2000/NT,Win XP,Win 2003

病毒行为:

该病毒是一个邮件蠕虫病毒。该病毒会向一些知名网站群发带病毒的邮件。建议电脑用户不要随便打开来历不名的邮件，以免中毒受害。

1、生成的文件

%SystemRoot%system32wservice.exe（原病毒文件）

%原病毒所以在目录%SPQ2x10.exe（Worm.Glowa.b.5707）

2、添加启动项

HKLMSoftwareMicrosoftWindowsCurrentVersionRun

"UpdateService" = "%SystemRoot%system32wservice.exe..."

3、该病毒运行后会将自身向系统盘的所有名录拷贝，拷贝的名称（*.t）和拷贝的数目随机，并将其设置为隐藏属性。

4、发送邮件的标题

ATTN TO EVERYBODY!

White house news!

READ AND RESEND ASAP!

Incredible news!

NEWS!

URGENT NEWS!

5、邮件内容

3rd Glogal War Just Started!!! Read more in file!

Putin and Bush starts NUCLEAR WAR! Check the file!

GLOBAL NUCLEAR WAR JUST STARTED! News in file.

Nuclear War in Russia! Read news in file!

Nuclear WAR in USA! Read attached file!

President Putin dead! Read more in attached file!

President Bush DEAD! Read attached file!

6、附件名

open.exe

truth.exe

war.exe

last.exe

about me.exe

a.exe

never.exe

latest news.exe

read me.exe

7、结束下列名称程序

anti

viru

troja

avp

nav

rav

reged

nod32

spybot

zonea

vsmon

avg

blackice

firewall

msconfig

lockdown

f-pro

hijack

taskmgr

mcafee

8、收信人名单

Zenia

Zoe

Zilya

Xenia

Xylia

Xandra

Willa

Wendy

Vicky

Vivian

Violet

Valora

Vanessa

Valda

Ula

Uma

Sharon

Silver

Rosa

Ruby

Rita

Rae Rachel

Queen

Peggy

Pamela

Olivia

Olga

Nicole

Naomi

Natalie Nora

Nina

Nova

Nadia

Maia

Mary

Melody

Mimi

Myra

Linda

Lisa

Lolita

Lynn

Laura

Lara

Kara

Kassia

Kyle

Kali

Kacey

Katrina

Janet

Jewel

Joanna

Juliet

Julie

Ida

Idona

Isabel

Iris

Ivana

Ivory

Helga

Holly

Haley

Gloria

Gilda

Gale

Faith

Emily

Evelyn

Eve Erika

Eliza

Eden

Ebony

Donna

Dora

Doris

Diana

Danielle

Daria

Damita

Camille

Cara

Carla

Carmen

Clarissa

Chelsea

Caitlin

Bettina

Blenda

Bridget

Briana

Bella

Becky

Barbra

Aldora

Alysia

Amorita

Aretina

Ara

April

Anita