查看: 6515|回复: 7
收起左侧

Symantec(赛门铁克)公布李俊版熊猫烧香专杀工具测试结果

[复制链接]
wangjay1980
发表于 2007-3-31 12:02:46 | 显示全部楼层 |阅读模式
2007-3-28,著名安全厂商Symantec(赛门铁克)公司在官方博客上公布了李俊版熊猫烧香专杀工具测试结果,结果显示,熊猫烧香作者李俊编写的熊猫烧香专杀工具不能有效的清除病毒。

以下是熊猫烧香作者李俊编写的熊猫烧香专杀工具对"熊猫烧香"各变种能否检测清除的 测试结果:

熊猫烧香病毒变种:测试结果:
W32.Fujacks.A 无效
W32.Fujacks.AF 无效
W32.Fujacks.AW 无效
W32.Fujacks.B 部分有效
W32.Fujacks.C 部分有效
W32.Fujacks.D 部分有效
W32.Fujacks.E 部分有效
W32.Fujacks.L 部分有效

原文如下:http://www.symantec.com/enterprise/security_response/weblog/2007/03/fujacks_worm_creators_fixtool.html
Fujacks fixtool fixes "jack"Following the arrest of Jun Li (creator of the W32.Fujacks or "Panda" worm) by the Hubei Police on February 3rd, the police promised to make an example of the virus author. To that end, the police announced in early February that they were going to have the virus creator write a program to remove this virus and repair the damage done by it.
On March 27th we obtained a copy of the removal tool created by Li. Naturally we were curious about the effectiveness of the tool against the variants of the threat that were found in the wild.
When the tool is executed, the user is presented with a message from Li himself:

The message contains an apology and an explanation that he created the worm for research. He ends with a warning to beware of future threats (from others), and to take the necessary precautions. Li also acknowledges that his tool may not work as well as professional tools provided by security vendors.
To find out how good (or bad) the tool is, we ran a battery of tests against samples we had and the results made for a sobering read:
Variant:Efficacy:
W32.Fujacks.A Not effective
W32.Fujacks.AF Not effective
W32.Fujacks.AW Not effective
W32.Fujacks.B Partially effective
W32.Fujacks.C Partially effective
W32.Fujacks.D Partially effective
W32.Fujacks.E Partially effective
W32.Fujacks.L Partially effective
Note:
"Partially effective" means that the tool managed to remove some of the system changes made by Fujacks, but many still remained. For example, in many of the tests the tool left behind registry keys created by the worm and failed to clean files that were infected by Fujacks.

What we can tell from our tests is that this removal tool is not effective against most of the samples we have tested against and isn't fully effective against any of them. For Li, perhaps he may have learned the hard way that this sort of activity does not pay. He has found out, to his cost, that it is much easier to write a program to cause destruction than it is to repair the damage.
Update:
We have published a whitepaper by Robert X Wang called
The Panda Outlaw: W32.Fujacks. This paper discusses the authors of the worm, their motivations, the technical details, and the subsequent events since the release of the worm.
剑指七星
发表于 2007-3-31 12:12:03 | 显示全部楼层
已经不错了   
人家好歹是在号子里面编写的
zhaonimm
发表于 2007-3-31 17:25:59 | 显示全部楼层
这个  毕竟是自己作的  现在的变种是在是厉害啊  
原作者都没办法........
一旦病毒被破解

变种满天飞啊
gaue
发表于 2007-4-5 23:57:16 | 显示全部楼层
創毒容易解毒難
sharkvv
发表于 2007-4-6 22:36:28 | 显示全部楼层
可恶的熊猫烧香``
浪客
发表于 2007-4-7 09:47:19 | 显示全部楼层
那个公安局的官网说还未正式公布,当初这个是流出的还是另有人编的
shincon
发表于 2007-4-7 14:24:24 | 显示全部楼层
公安局说话不算话
hhj9920
发表于 2007-4-25 23:31:18 | 显示全部楼层
呵呵 没中过熊猫烧香
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-12-22 17:23 , Processed in 0.128699 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表