11月27日,江民快速反病毒小组最新监测到一种名为“美媚”(WORM/HOBO.A),别名为W32.Hobo@mm Win32.Hobex worm Win32/Hobo.A.Worm W32/Hobo-A Win32/Hobo.A@mm I-Worm.Hobex W32/Hobo@MM的新型蠕虫病毒,
新型“美媚”蠕虫病毒通过邮件大面积扩散传播
。该病毒大小为50233字节,易感染系统为Windows95/98/98SE/2000/ME/XP。江民反病毒专家指出:“美媚 ”(WORM/HOBO.A)病毒是一种新型邮件蠕虫病毒,采用了upx压缩,可以通过把自己作为附件发送邮件来进行传播。该病毒执行时,会显示一个Flash动画,内容为以下的文本文件:
There's a voice that keeps on calling me.
Down the road. That's where I'll always be.
Oh every stop I make I make a new friend.
Can't stay for long. Just turn around and I'm gone again.
Maybe tomorrow I'll settle down.
Until tomorrow I'll keep moving on.
So if you want to join me for awhile
just grab your hat and we'll travel light. That's hobo style.
Maybe tomorrow I'll want to settle down.
Until tomorrow I'll just keep on moving on.
Until tomorrow the whole world is my home.
然后将自己拷贝到Windows目录下文件HOBO.EXE和SENDTO.EXE,在C:\根目录下创建一个隐藏的文件夹_RESTOR,利用MAPI发送带有下面附件的邮件:附件:SENDTO.EXE
江民公司提醒用户:及时升级更新KV3000杀毒王最新病毒库,就可将此病毒有效地前杀于电脑系统之外,
电脑资料
《新型“美媚”蠕虫病毒通过邮件大面积扩散传播》(https://www.unjs.com)。已感染此病毒的用户,具体清除办法如下:更新KV3000杀毒王病毒库,全面扫描系统,把检测到感染WORM/HOBO.A的文件全部删除。