Hillstone Networks

'; echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "www.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "www.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "www.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "www.hp-telecom.com") { echo ''; echo 'hp-telecom'; } else{ echo ''; echo 'Hillstone Networks'; } ?>

TCP协议攻击（攻击ID：700370）

发布日期：2009-09-27

攻击名称：Vampire 1.2连接确认

操作系统：Window

应用服务：

严重级别：

BUG ID：

CVE ID：

错误描述：

CrazzyNet使用端口17499。 CrazzyNet有许多功能。每个功能与都可能收到以下字符串的攻击：
Add Line To File - addlin
Overwrite File With Added Line - ovwlin
Add Icon To Desktop - addico
Beep Sound - sndbep
Change Windows Control Text - chgawc
Change Resolution - chgres
Chat - chatwy
Get Clipboard Text - clpget
Crazy Mouse On - crazym;1
Crazy Mouse Off - crazym;0
Delete File/Directory - delete
Remove Windows Functions - remwma;0
Download File - getfil
Disable Ctl-Alt-Del - discad;0
Enable Ctl-Alt-Del - discad;1
Disable Windows Startup - wndsas;0
Enable Windows Startup - wndsas;1
Find Files - findfi
Format - format
Get Colors - getcol
Get Computer Name - getcon
Set Computer Name - setcon
Get Date - gettad
Set Date - settad
Get Internet Explorer Start Page - geties
Set Internet Explorer Start Page - chgies
Get Mouse Position - getpos
Set Mouse Position - setmse
Get Clients Connected - geticc
Get Computer Information - getinf
Hide Picture - hidpic
List Installed Programs - asplst
Keylogger - keylog;1
Kill Mouse - kilmse
List Files And Directories - nextdr
List ICQ - icqlst
List Of Apps - lstapp
Make Directory - makdir
Monitor On - onmoni
Monitor Off - ofmoni
Get Mouse Double Click Time - getdcl
Set Mouse Double Click Time - setdcl
Open CD - opencd
Close CD - closcd
Ping - *ICMP Packet* Echo this string of data
Play Sound - playsd
Print Text - printt
Refresh File Listing - refdir
Run File - runfil
Screen Dump - screen
Get Screensaver - getfon
Set Screensaver - setscr
Enable Scrolling Text - scroll
Disable Scrolling Text - sscrol
Send To URL - senurl
Send Key - runkey
Send Message - msgbox
Set Clipboard Text - clpset
Set Desktop Image - chgdes
Show Clock - sclock;1
Hide Clock - sclock;0
Show Desktop Icons - deskic;1
Hide Desktop Icons - deskic;0
Show Start Bar - startb;1
Hide Start Bar - startb;0
Show Task Bar - sotask
Hide Task Bar - hitask
Show Task Bar Icons - staskb;1
Hide Task Bar Icons - staskb;0
Show Picture - shopic
Start CD loop - cdloop;1
Stop CD loop - cdloop;0
Steal Passwords - geticp
Swap Mouse Buttons On - swpmse;1
Swap Mouse Buttons Off - swpmse;0
Terminate Application - terapp
Get Text Box Cursor Blink Rate - getret
Set Text Box Cursor Blink Rate - setret
Upload File - uplfil
Change Volume - volume
Warp On - warpon
Warp Off - warpof
List Windows - wndlst
影响：
攻击者可以远程执行多种命令，破坏受影响的主机。

受影响的系统：
Windows 95/98/ME/NT/2000

参考：
http://www.pestpatrol.com/PestInfo/C/CrazzyNet.asp

解决方案：

CrazzyNet复制自己到C:\WINDOWS\Registry32.exe
删除注册表中HKCUU\Software\Microsoft\Windows\CurrentVersion\Run 的Reg32=Registry32.exe项的键值.
删除从Win.ini和System.ini 中删除Registry32.exe
如果存在，删除Registry32.exe和server.exe
更新杀毒软件的病毒库.
删除server.exe，杀死名为server.exe的进程。