Kanonウイルス | 萌えログ.com

ログイン

Kanonウイルス

2007/03/01 by 和製ホーリックス4,955 views

The Trojan will display such picture containing some text in Japanese.

Once executed, the Trojan copies itself as the following files:

taskmgr.exe
ugu.scr

It then creates the following files:

C:\MI3\LOOT.TXT – trace route output
C:\MI3\IP.TXT – IP address of the victim
C:\MI3\SHOT.BMP – screenshot of the desktop

Then it replaces random files from the current drive with a picture
contained within the Trojan and also changes the file extension to .jpg.
The files may be any type, including documents and executables.

It then deletes all files from all folders found under:
C:\Program Files

It takes screenshots of the desktop and saves them to :
C:\MI3\SHOT.BMP

It executes the following command:
command.com /C tracert www.yahoo.co.jp

It then stores the output to the following file:
C:\MI3\LOOT.TXT

The Trojan connects to the following ftp server:
[ftp://]ftp.isweb.i[REMOVED]

Then it creates a folder containing the local logged user name,
the date and the IP address into the above mentioned ftp location
using the following account:

name: oonoki2006
pass: o2006

The Trojan stores the following information in the created folder:

IP[COUNTER].TXT – contains the output of the tracert command
*.BMP – BMP images that contain screenshots of the desktop

The other following pictures when it executed.

如上述，常使用日系的檔案共有軟體Winny(俗稱NY或紐約)的人可得注意了～
記得之前也曾出現類似手法，以「涼宮ハルヒの憂鬱」為名的侵略(笑
總而言之，養成習慣開啟任何壓縮檔如zip或rar的時候請事先掃毒一下吧～
至於在下的話…其實我只抓附檔名為avi、mpeg、mpg、wmv的玩意！(拖走

私は死なないよ。だって私は…君を守る方だもん。

{"msgall":31,"auto_msg":"","msg":["\u79c1\u306f\u6b7b\u306a\u306a\u3044\u3088\u3002\u3060\u3063\u3066\u79c1\u306f\u2026\u541b\u3092\u5b88\u308b\u65b9\u3060\u3082\u3093\u3002","\u65e5\u672c\u3067\u4e00\u756a\u9ad8\u3044\u5c71\u306f\u5bcc\u58eb\u5c71\u3068\u77e5\u3063\u3066\u3044\u308b\u304c\u3001\u4e8c\u756a\u76ee\u306f\u8ab0\u3082\u77e5\u3089\u306a\u3044\u3002","\u8af8\u884c\u7121\u5e38\u3002","\u6226\u308f\u306a\u3051\u308c\u3070\u524d\u306b\u9032\u3081\u306c\u306a\u3089\u3070\u3001\u8e74\u6563\u3089\u3057\u307e\u3059\uff01","\u805e\u304f\u306f\u4e00\u6642\u306e\u6065\u3001\u805e\u304b\u306c\u306f\u4e00\u751f\u306e\u6065\u3002","\u4eba\u751f\u306b\u5927\u5207\u306a\u3053\u3068\u306f\u3001\u4e94\u6587\u5b57\u3067\u8a00\u3048\u3070\u300c\u4e0a\u3092\u898b\u308b\u306a\u300d\u4e03\u6587\u5b57\u306e\u65b9\u306f\u300c\u8eab\u306e\u307b\u3069\u3092\u77e5\u308c\u300d","IE 6\u306f\u53e4\u3044\u3067\u3059\u304b\u3089\u3001\u5f53\u30b5\u30a4\u30c8\u5bfe\u5fdc\u3057\u306a\u3044\u308f\u3002","\u4f55\u4e8b\u3082\u6050\u308c\u305a\u3001\u6311\u6226\u3059\u308b\u5fc3\u304c\u5927\u4e8b\u3088\u3002","\u7b11\u3063\u3066\u66ae\u3089\u3059\u3082\u4e00\u751f\u3001\u6ce3\u3044\u3066\u66ae\u3089\u3059\u3082\u4e00\u751f\u3002","\u4e2d\u306b\u8ab0\u3082\u3044\u307e\u305b\u3093\u3088\uff5e","\u79d8\u6280\u30a4\u30f3\u30d5\u30a3\u30cb\u30c6\u30a3\u30fb\u30e2\u30fc\u30e1\u30f3\u30c8\u767a\u52d5\uff01","\u6211\u304c\u65d7\u3088\u3001\u6211\u304c\u540c\u80de\u3092\u5b88\u308a\u305f\u307e\u3048\uff01\u30ea\u30e5\u30df\u30ce\u30b8\u30c6\u30fb\u30a8\u30c6\u30eb\u30cd\u30c3\u30eb\uff01","\u3082\u3046\u4f55\u3082\u6050\u304f\u306a\u3044\u2015\u2015\u2015\u2015\uff01","\u65b0\u3057\u3044\u6226\u3044\u304c\u59cb\u307e\u3063\u305f\u3088\u3046\u3067\u3059\u306d\u2026","\u77e5\u3063\u3066\u308b\uff1f\u305f\u3081\u3044\u304d\u4e00\u56de\u306b\u3064\u304d\u3001\u5e78\u305b\u304c\u4e00\u3064\u9003\u3052\u3066\u3044\u304f\u305d\u3046\u3088\u3002","\u4eca\u307e\u3067\u305d\u3046\u3044\u3046\u9854\u3057\u305f\u4eba\u304b\u3089\u3001\u4f55\u5ea6\u304b\u7d50\u5a5a\u3092\u7533\u3057\u8fbc\u307e\u308c\u305f\u308f\u3002","\u4eca\u306f\u3082\u3046\u623b\u3063\u3066\u306f\u3053\u306a\u3044\u3002\u3060\u304b\u3089\u30011\u52061\u79d2\u3067\u3082\u7121\u99c4\u306b\u3057\u305f\u304f\u306a\u3044\u3002","\u8b72\u3063\u3066\u640d\u306f\u306a\u304f\u3001\u596a\u3063\u3066\u5f97\u306f\u306a\u3044\u3002","\u79c1\u304c\u90aa\u9b54\u306a\u3093\u3060\u3063\u3066\uff1f\uff01\u4e0b\u306e\u30ed\u30b0\u30a2\u30a6\u30c8\u30dc\u30bf\u30f3\u3092\u62bc\u305b\u3070\uff1f","\u9a0e\u58eb\u306e\u8a93\u3044\u306f\u7834\u308c\u306a\u3044\uff01","\u697d\u3057\u3044\u3053\u3068\u306f\u3001\u3053\u308c\u304b\u3089\u59cb\u307e\u308a\u307e\u3059\u3088\u3002","\u8db3\u3092\u6b62\u3081\u305f\u3089\u99c4\u76ee\u3067\u3059\u3002\u9032\u3081\u308b\u306a\u3089\u3001\u9032\u3080\u3079\u304d\u306a\u3093\u3067\u3059\u3002","Asuna\u304b\u3089\u30d1\u30fc\u30c6\u30a3\u306b\u8a98\u308f\u308c\u3066\u307e\u3059\u3002","\u767e\u805e\u306f\u4e00\u898b\u306b\u5982\u304b\u305a\u3001\u3055\u308c\u3069\u767e\u898b\u306f\u4e00\u8df5\u306b\u5982\u304b\u305a\u3002\u3059\u306a\u308f\u3061\u3001\u4e07\u805e\u306f\u4e00\u8df5\u306b\u5982\u304b\u305a\u3002","\u3053\u306e\u4e16\u306f\u7d20\u6674\u3089\u3057\u3044\u3002\u6226\u3046\u4fa1\u5024\u304c\u3042\u308b\u3002","\u5f7c\u3092\u77e5\u308a\u5df1\u3092\u77e5\u308c\u3070\u3001\u767e\u6226\u3057\u3066\u3082\u6b86\u3046\u304b\u3089\u305a\u3002","\u77e5\u308b\u8005\u306f\u8a00\u308f\u305a\u3001\u8a00\u3046\u8005\u306f\u77e5\u3089\u305a\u3002","\u4f55\uff1f\u6587\u53e5\u3067\u3082\u3042\u308b\u306e\uff1f","\u5c11\u3057\u2026\u982d\u51b7\u3084\u305d\u3046\u304b\u2026","\u305f\u3081\u606f\u3064\u304f\u3068\u3001\u4e0d\u5e78\u306b\u306a\u308b\u308f\u3002","\u4eba\u751f\u306b\u78ba\u304b\u306a\u3053\u3068\u306a\u3093\u3066\u306a\u3044\u3001\u305d\u308c\u3060\u3051\u304c\u78ba\u304b\u306a\u3053\u3068\u306a\u3093\u3060\u3002","\u4e3b\u306e\u5fa1\u696d\u3092\u3053\u3053\u306b\uff01"]}

アスナ何か文句ある ver.