저희 회사 및 제품에 대한 자세한 정보는 저희
에서 보실 수 있습니다.
Spreads over shared directories.
Looks for IP addresses and shared directories. It copies itself on them.
VBS/Netlog is written in Visual Basic Script.
Version A: Netlog.A
When activated, the worm creates the log file "c:\network.log", which contains:
Log file Open
The worm generates a random IP address and writes it in the log file:
Subnet:*.*.*.0 every star ("*") is a number.
The worm connects to an IP address (1-254) and searches on all systems for access to drive C:/. If access is granted, the drive is mapped as J:/ on the infected computer and the worm writes in the log file:
Copying files to:\\*.*.*.*\C
Then the worm copies itself on the remote computer as:
j:\win95\start menu\programs\startup\network.vbs j:\win95\startm~1\programs\startup\network.vbs
This is the PC infecting procedure.
The next system start will activate the worm. When the file is copied, the log file reads:
Successfull copy to : \\*.*.*.*\C
Finally, the worm connects to the next address of SubNetz or to another random IP address and restarts the procedure.
Version B: Netlog.B
This version consists in two files. It copies itself as:
It maps this drive as Z:\ (not J:\ as does version A). When creating the log file, "c:\network.log", the drive is changed accordingly.
설명 삽입자 Crony Walker 2004년 6월 15일 화요일
© 2013 Avira Operations GmbH & Co. KG. All rights reserved.
이 창은 보안을 위해 암호화되었습니다.