What is Worm.Whboy?
Worm.Whboy
is a variants computer worm. It created
by Li Jun in October 16, 2006. Li was sold to more than 120 people in the network and earned one
hundred thousand dollars from the worm. The worm infected through the
downloading files. It spread in the China, over 1 million computers had been infected
in January 2007. They also sold out the online game account and QQ account
which were stole to seek profit.
Symptoms of
poisoning
When Windows user poisoned
the Worm.Whboy, all of the suffix name .exe
files cannot be excuted and the file's icon will become panda pattern.
The following
picture shows symptoms after poisoning:
In addition, the
computer would be blue screen, reboot system frequently and the data files have
been destroyed.
The hazards of
worm
The worm would
delete the .gho file, so that users could not use ghost to restore the
operating system. If the web developer’s computer poisoned the worm, the virus
code would add into the website files. After the webpage upload to the website,
the user have been infected when they browser these website. As the views of
these sites was very large, resulting in Worm.Whboy infected a very wide range, more
than one thousand enterprises and government agencies have been poisoned.
How Worm.Whboy spread?
Worm.Whboy used Instant Messaging software
(e.g. MSN, ICQ) as its source of targets, people downloaded the infected files.
If Worm.Whboy Infected systems .exe, .com, .pif, src, .html, .asp file, it
would add the virus URL. User clicked to open these file, IE will automatically
connect to the specified URL to download the Worm.Whboy.
Solution
Some method can solve the Worm.Whboy problem. First of all, check
the local administrator member passwords and use the strong password. Secondly,
turn off autoplay feature on all drives. Thirdly, keep the operating system to the
latest security updates, do not access to the site from unknown sources,
especially Microsoft's MS06-014 vulnerability. Lastly, enable the firewall to
protect your local computer and the share folder should stop sharing.
References:
1. 熊貓燒香. n.d. In Wikipedia. Retrieved March 20, 2014, from http://zh.wikipedia.org/wiki/%E7%86%8A%E7%8C%AB%E7%83%A7%E9%A6%99.
2. 熊貓燒香. n.d. In Baike. Retrieved March 20, 2014, from http://www.baike.com/wiki/%E7%86%8A%E7%8C%AB%E7%83%A7%E9%A6%99.
3. Reports Sophos. (February 13, 2007) .Panda Joss-Stick Virus Is No Pandemic. Retrieved March 20, 2014, from http://english.cri.cn/4026/2007/02/13/202@195894.htm.
2. 熊貓燒香. n.d. In Baike. Retrieved March 20, 2014, from http://www.baike.com/wiki/%E7%86%8A%E7%8C%AB%E7%83%A7%E9%A6%99.
3. Reports Sophos. (February 13, 2007) .Panda Joss-Stick Virus Is No Pandemic. Retrieved March 20, 2014, from http://english.cri.cn/4026/2007/02/13/202@195894.htm.
沒有留言:
張貼留言