病毒大百科

这是一个通过电子邮件和mIRC传播的蠕虫病毒。该病毒会在特定类型的文件中收集邮件地址，再使用伪造的发信人地址向这些用户发送带有病毒的邮件。此外，该病毒还会连接到指定的mIRC频道，向频道内的所有用户发送该病毒文件，诱骗其运行。

1.将自己拷贝到%System%\chwin.exe

2.从下来类型的文件中收集邮件地址
adb
.asp
.cgi
.dbx
.htm
.html
.jsp
.php
.sht
.tbb
.txt
.wab
.xml

跳过带有如下字眼的邮件地址：
.edu
.gov
.mil
accoun
acketst
admin
anyone
arin.
avp
be_loyal
berkeley
borlan
bsd
bugs
certific
contact
example
feste
fido
foo.
fsf.
gnu
gold-certs
google
gov.
help
hotmail
iana
ibm.com
icrosof
icrosoft
ietf
info
inpris
isc.o
isi.e
kernel
linux
listserv
math
mit.e
mozilla
msn.
mydomai
nobody
nodomai
noone
not
nothing
ntivi
page
panda
pgp
postmaster
privacy
rating
rfc-ed
ripe.
root
ruslis
samples
secur
sendmail
service
site
soft
somebody
someone
sopho
submit
support
syma
tanford.e
the.bat
unix
usenet
utgers.ed
webmaster
you
your

3.邮件可能的主题：
hello
hi
error
status
test
Mail Transaction Failed
Mail Delivery System
SERVER REPORT

4.邮件可能的正文：
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

Mail transaction failed. Partial message is available.

test

The message contains Unicode characters and has been sent as a binary attachment.

5.附件可能的文件名：
body
data
doc
document
file
message
readme
test

6.附件可能的后缀名：
.exe
.scr
.pif
.zip