病毒大百科

这是一个通过邮件传播的蠕虫病毒。同时该病毒也是一个后门程序，该病毒运行后，自动连接IRC聊天室，等待黑客命令进行对用户的远程控制及攻击；该病毒会进行溢出攻击和共享攻击。建议用户及时打上漏洞补丁及关闭ipc$等共享服务。该病毒会搜索用户主机上的doc、htm及txt文件，读取上面的邮件地址，并把带有病毒的邮件发送到那些地址。

1，生成文件
%system%\winint.exe

2，添加服务
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft System Debugger

启动项
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Microsoft System Debugger
"ImagePath" = "%system%\winint.exe"

3，邮件内容
Dear user %s,
You have successfully updated the password of your %s account.
If you did not authorize this change or if you need assistance with your account, please contact %s customer service at: %s
Thank you for using %s!
The %s Support Team
+++ Attachment: No Virus (Clean)
+++ %s Antivirus - www.%s

Dear user %s,
It has come to our attention that your %s User Profile ( x ) records are out of date. For further details see the attached document.
Thank you for using %s!
The %s Support Team
+++ Attachment: No Virus (Clean)
+++ %s Antivirus - www.%s

Dear %s Member,
We have temporarily suspended your email account %s.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the details to reactivate your %s account.
Sincerely,The %s Support Team
+++ Attachment: No Virus (Clean)
+++ %s Antivirus - www.%s

Dear %s Member,
Your e-mail account was used to send a huge amount of unsolicited spam messages during the recent week. If you could please take 5-10 minutes out of your online experience and confirm the attached document so you will not run into any future problems with the online service.
If you choose to ignore our request, you leave us no choice but to cancel your membership.
Virtually yours,
The %s Support Team
+++ Attachment: No Virus found
+++ %s Antivirus - www.%s