“看一眼就中毒” 微软lnk漏洞相关病毒样本提供下载

显示全部楼层 · 发表于 2010-7-24 19:20:46

回复 71楼 jefffire 的帖子
如何操作?

显示全部楼层 · 发表于 2010-7-24 19:22:56

回复
如何操作?
hddu 发表于 2010.7.24 19:20

1. Unzip the files in ‘C: \’. Start a DbgView or paste a KD to your VM.
2. Rename ‘suckme.lnk_’ to ‘suckme.lnk’ and let the magic do the rest of shell32.dll.
3. Look at your logs.

要开启debugview，这个概念演示的是如何通过ink加载dll到explorer的，这个dll是无恶意的。

显示全部楼层 · 发表于 2010-7-24 22:04:54

似乎在WIN7 64下这个演示发挥不了作用？

显示全部楼层 · 发表于 2010-7-24 23:22:19

chenoe silver ray 可以查杀。。。

显示全部楼层 · 发表于 2010-7-25 10:33:25

还没下载就被杀了...[:26:]

显示全部楼层 · 发表于 2010-7-25 22:47:37

回复 3楼 FBAV 的帖子

哪里有样本

显示全部楼层 · 发表于 2010-7-26 19:34:20

本帖最后由黑衣~魂于 2010.7.26 19:35 编辑

確實無害
1.有人像我反應drweb 自動分析系統判別無毒希望我確認，經drweb分析師確認後確實無害，已將drweb報告轉交kaspersky lab，Panda lab與ESET

兩家均已排除了，ESET表示無害卻不一定要排除。

Dear customer,

After checking in our laboratory the message you submit, we inform you it contains no virus. The detection was caused due to a string coincidence.

Best regards,
PandaLabs

跟eset溝通中
Dear user,

Thank you for your submission. While the file is not harmful in itself, so far we've only seen it as part of a proof-of-concept exploit for the CVE-2010-2568 vulnerarability in Microsoft Windows operating systems -- thus, its presence in the system is very likely to be tied with exploitation attempts being performed.

Are you aware of any other ("benign") uses of this file?

Regards,

Peter Kosinar
Senior Virus Researcher
ESET spol. s r.o.

显示全部楼层 · 发表于 2010-7-26 21:18:41

mcafee企业版秒杀

显示全部楼层 · 发表于 2010-7-26 21:53:06

看一眼就中毒，这也太厉害了

显示全部楼层 · 发表于 2010-7-26 22:51:51

咋没反应？