一 : QQ个性说说：物是人非,这是我见过的最狠毒的词语

　　一、 在这个世界上，只有伤心的借口，没有沉沦的理由。

　　二、 走了多少步狠棋毁了多少次自己。

　　三、 最痛的距离是你不在身边，却在我的心里。

　　四、 物是人非，这是我见过的最狠毒的词语。

　　五、 你走之后，思念变成一种习惯，微笑成为一种奢求。

　　六、 千万不要让别人驾驶你的生命之车，你要稳稳地坐在司机的位置上，决定自己何时要停、倒车、转弯、加速、刹车等等。虽然可以参考别人的意见，但千万不要随波逐流。---《30岁前别结婚》

　　七、 曾经知己成陌路，奈何时光成泪幕。

　　八、 当离别的钟声响起，天涯羁旅，各奔东西，不变的守候，是谁在流年的角落低声哭泣。

　　九、 不管原因和结果如何，睡了就是睡了。

　　十、 我们之间，时间与空间堆叠，陌生与空白滋生。回首间，红颜已入他人怀，默然间，尘世已落千年音。

　　

　　十一、 恋爱的人踹到床腿时会啊得一声歪倒在床哀嚎半天，演技连最好的演员也比不过;单身的人只会发出咝得一声，如同第一滴雨水落在被晒得炙热的下水道盖上，之后孤独像乌云倾城大雨如注，瞬间淹没了痛感。

　　十二、 什么样的阳光可以暖我的心脏。

　　十三、 一个人只要知道自己真正想要什么，找到最适合于自己的生活，一切外界的诱惑与热闹对于他就的确成了无关之物。 你的身体尽可能在世界上奔波，你的心情尽可以在红尘中起伏，关键在于你的精神一定要有一个宁静的核心。有了这个核心你就能成为你奔波的身体和起伏的心情的主人。---《只有一个人生》

　　十四、 终于有一天你的名字成了我身边闺蜜们的禁言。

　　十五、 不是所有的爱都可以重来，起码俄这里不可以。

　　十六、 此时此刻，我不想带着对你感情去开始我的下一段感情。

　　十七、 对你的爱在我鼓起勇气给你打电话告诉你说我已经发了疯想念你而你却一笑而过的时候荡然无存了。

　　十八、 爱情就是一场赌局，赢了，厮守一生，白头到老。输了，全盘皆输。

　　十九、 回忆的音乐盒旋转流泻出的是悲伤。

　　二十、 我们放下尊严，放下个性，放下固执，都只因为放不下一个人。

　　

　　二十一、 为什么，总是在最后一刻才明白。

　　二十二、 你有一天将遭遇的灾祸是你每一段疏懒时间积累的报应。

　　二十三、 你可以要求自己守信，但是不能要求别人守信，你可以要求自己对人好，但是不能期待人家对你好。你怎样对人，并不代表人家会怎样对你，如果看不透这一点，你只会徒添烦恼。

　　二十四、 精神的生命不是表现为害怕死亡，与荒芜保持绝对的距离，而是表现为承受死亡，并在死亡中保存自身。只有当精神在一种相当绝对的支离破碎状态下重新找到自己，他才赢得它的真理。精神作为这样一种肯定的事物，并没有逃避否定的事物... ...同样，当虚假成为真理的一个环节，它也不再是一个虚假的东西。---《精神现象学》

　　二十五、 那时候你还年轻，你以为自己遇到了这世上最好的理解，与最动人的感情。却不知道这份错觉将带你陷入无垠的沼泽，从此在治愈心伤与变强变大的道路上，将只能依靠那个毫无经验的自己。

　　二十六、 念旧的人活的总像个拾荒者。

　　二十七、 难过了，就蹲下来，抱抱自己，原谅别人也放过自己。

　　二十八、 有时和别人暧昧，只是不想自己在失去你的痛苦中度过。

　　二十九、 繁华落尽，我依旧在原地等你，等你。

　　三十、 有一种感情叫无缘;有一种放弃叫成全。

　　

　　三十一、 你的到来是如此的突兀，却一下就击中了我。

　　三十二、 怎么可以这么累，毕竟我才十六岁。

　　三十三、 人和人的差别就是因为每天积累差了一点点，终于有天你发现，原来我和他差了这么多。

　　三十四、 你的脸上云淡风轻，谁也不知道你的牙咬得有多紧。你走路带着风，谁也不知道你膝盖上仍有曾摔伤的淤青。你笑得没心没肺，没人知道你哭起来只能无声落泪。要让人觉得毫不费力，只能背后极其努力。我们没有改变不了的未来，只有不想改变的过去。---刘同《你的孤独，虽败犹荣》

　　三十五、 原来我还是不够好，原来我还是不勇敢，原来我还是过不了自己那一关。

　　三十六、 世界没那么坏，自己也没那么好。

　　三十七、 苟延残喘的呼吸，一切的结果都坚固的可怜。

　　三十八、 不知不觉，原来是伤心欲绝。

　　三十九、 一个人最怕的，就是把自己当成一件物品，按照别人的喜好和要求来改造自己，盼望着别人的认可和珍惜。你一定要清楚，你是自己，而不是一件物品，盲目地迁就别人，最后失去了自身的价值，别人也只会一脚踢开。只有自己修炼好了，才会有别人来亲附。

　　四十、 我从来都不敢理直气壮的说，我拥有过什么。

　　四十一、 晚安，对自己说的晚安最苍凉。

二 : WORM_DOWNAD.AD:应该是我见过最智能的病毒之一了...

WORM_DOWNAD.AD

Arrival Details

This worm may be downloaded from remote sites by other malware. It may bedropped by other malware. It may also arrive bundled with malwarepackages as a malwarecomponent.It may also arrive via removable drives, network shares, or through avulnerability.

Installation

This worm drops the followingcopy of itself:

%System%\{Random filename}.dll

It checks if the command line includes thestring RUNDLL32.EXE. If itdoes, this worm assumes it is running as a scheduled task. It theninjects itself to the legitimate processes SVCHOST.EXE and EXPLORER.EXE.

It is capableof exporting functions used by other malware. It sets the creationtime of the file similar to that of the creation time indicated inthe legitimate Windows file KERNEL32.DLL, which is alsolocated in the Windows system folder. It does this to prevent earlydetection as a newly added file on the affected system.

Upon execution, it creates arandom mutex and then elevate system privileges. It also creates asecond mutex based on the computer name of the affectedsystem.

It then checksif the operating system version of the affected system. If the wormis running on a Windows 2000 machine, it injects itself toSERVICES.EXE. If the affectedsystem has any of the following operating systems, this worminjects itself to SVCHOST.EXE:

Windows Server 2003
Windows Server 2003 R2
Windows XP

If the system is running under Windows Vista, it executes thefollowing command to disable autotuning:

netsh interface tcp setglobal autotuning=disabled

It also injects itself to the process SVCHOST.EXEto hook NetpwPathCanonicalize and avoid reinfection of an affectedsystem.

It may also drop a copy ofitself in the following folders:

%Application Data%
Default system directory
%Program Files%\Internet Explorer
%Program Files%\Movie Maker
%Temp%

This technique prevents it from dropping copies of itself onsystems it has already affected. It also locks its dropped copy toprevent users from reading, writing, and deleting it.

AutostartTechniques

This wormregisters itself as a system serviceto ensure its automatic execution at everysystem startup. It does this by creating thefollowing registry key(s)/entry(ies):

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{Randomservice name}
Image Path = "%Windows%\System32\svchost.exe -knetsvcs""

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{Randomservice name}\Parameters
ServiceDll = "{Malware path and file name}"

It then locks the permissionsettings of the registry.

It creates the followingregistry entry to enable its automaticexecution every system startup:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
{Random characters} = rundll32.exe（www.61k.com） {System folder}\{Malware filename}.dll, {Parameters}"

Other SystemModifications

This worm modifies thefollowing registry entries to disable certainservices:

Background IntelligentTransfer Service (BITS)

Windows Error ReportingService

Windows Security CenterService

Windows Automatic UpdateService

This worm modifies the registryentry to allow simultaneous networkconnections:

Propagation viaSoftware Vulnerabilities

This worm propagates in twoways from which they are achieved by taking advantage of avulnerability discovered in certain Microsoft operating systemsthat could allow remote code execution if an affected systemreceived a specially crafted RPC request, which also contains ashellcode.

Once this specially crafted RPC request reaches its targetvulnerable system, the shellcode is decrypted, and then retrievescertain APIs capable of downloading a copy of the worm from theaffected system, which is already converted into an HTTP server.The affected system then opens a random TCP port, allowing thevulnerable machine to connect to itself using the followingURL:

http://{IP address of the affected machine}:{Random portgenerated by this worm}/{Malware file name composed of randomcharacters}

During this exploit, a high traffic on TCP port 445 is seen sincethis is the port that this worm uses.

When the copy of the worm isbeing downloaded from the affected system to the vulnerable system,the worm modifies its packet header to make itself appear as aharmless .JPEG, .BMP, .GIF, or .PNG file, when in fact, it isactually an executable file. It does this to avoid detection by thenetwork firewall or system security applications. If an unpatchedsystem continues to receive malicious packets, the said system mayeventually crash. The downloaded copy of the worm is saved as X inthe Windows system folder.

It is also capable ofpropagating over the Internet by attempting to send the exploitcode to a random Internet address. It first broadcasts the openedrandom port that serves as an HTTP server so that it is accessibleover the internet. It then gets the external IP address of thesystem to check if it has direct connection to the Internet. Thisworm does the routine to launch the exploit code over the Internetif the affected system has a direct connection to the Internet bychecking the external IP address and the configured IP address inthe ethernet or modem driver.

It attempts toconnectcertain URLs to know the IP address of theaffected computer.Once theIP address is retrieved, it scans the entire block of IP addresses.For example, if the IP address of the infected system is10.10.10.1, it scans from 10.0.0.1 up to10.255.255.255. It then checks if the said IP address isvalid and is not a local IP address. It also checks if the externalIP address is the same with the configured IP address on thesystem. Note that this worm makes the random port it uses availableonline by broadcasting the port over the Internet via a SimpleService Discovery Protocol (SSDP) request.

Propagation viaRemovable Drives

This worm drops a copy of itself in all available removable andnetwork drives.

It drops a copy of itself in{Removable Drive}\Recycler\S-%d-%d-%d-%d%d%d-%d%d%d-%d%d%d-%dfolder. It also drops an AUTORUN.INF file to automatically executedropped copies when the drives are accessed. the said .INF filecontains random characters inserted to avoid easydetection.It also monitorsdrive access by creating a hidden window. When this event istriggered, it does the abovementioned routine.

Propagation via NetworkShares

This worm gets informationabout the affected system's configuration. It lists all servers ofthe specified type that are visible in a domain and if found, listsdown the available users for both local and servermachine.

It first enumerates theavailable servers using NetServerEnum API. Using this information,it then uses NetUserEnum API to gather the list of user accountsthen brute forces its way to the network using a dictionary attack.

Once it gains access on the machine, it will drop a copy of itselfin the Admin$\System32 directory using a randomly named file. Uponsuccessful network propagation, a scheduledtask will be created in the %Windows%\Tasks folder using theNetScheduleJobAdd API to be able to execute its droppedcopy. The scheduled time of execution on the created JOBfile is retrieved from GetLocalTime API. This scheduled task fileis detected by Trend Micro as TROJ_DOWNADJOB.A.

DownloadRoutine

This worm attempts to connect to certain URLs to download afile that indicates the location of the affectedsystem。It has a payloadthat attempts to download and update copy ofitself.

It checks the system time andproceeds with the generation of random domain names if the year is2009 and above and the month is January andabove.Itconnects tocertain URLs to get the currentdate. If the malware cannotget the date from 1 of the above mentioned Web site, it will usethe infected computer's date.

Based on the dates, it thencomputes for strings to generate URLs. After computing, it thenappends any of the following strings to the computedURLs:

.biz
.cc
.cn
.com
.info
.net
.org
.ws

It generates a set of URLs containing 250 random sites per daybased on the UTC time standard. For example, if the computed stringis abcdef, the worm then appends either .biz, ,info, .org, .net, or.com to the string so the resulting URL may either be abcdef.biz,abcdef.info, abcdef.org, abcdef.net, or abcdef.com.

This worm also checks if any ofthe Web sites generated is active. It then creates another threadto download and execute files. This routine also converts thehostname to IP address, which it uses as a parameter in the nextthread.

OtherDetails

This worm hooks the followingAPIs to filter out list of antivirus-related sites when beingaccessed on the Internet:

DnsQuery_A
DnsQuery_UTF8
Query_Main
Query_Main

When users attempt to access antivirus-related sites, it returns areply informing the user that the server isdown.It blocks access toWeb sites that contains any of the following strings, which aremostly related to antivirus programs:

ahnlab
arcabit
avast
……
symantec
trendmicro
windowsupdate

Affected Platforms

This worm runs on Windows 2000,XP, Server 2003, Vista 32-bit, and Vista 64-bit.

=======================================

Antivirus SolutionLink

Symantec Antivirus解决方案

TrendMicro Antivirus解决方案

PersonalNotes

透过这两年流行的一些病毒，我们可以看到如今流行病毒的趋势：

注册成迷惑人的系统服务，

自动从远端Download更新，

嵌入网页的IFRAME，

利用系统楼顶进行“零日”攻击

使用可移动存储设备的Autoplay传播，

还能使用字典攻击破解复杂度不高的密码获得权限，

当然还有利用一些传统的伎俩：修改注册表啊什么的……这个已经很普遍了……

针对这些趋势，我们需要在日常防毒中做到：

主机登录帐号的管理（密码复杂度，权限管理，局域网文件共享管理）

系统补丁的安装管理（如果相对电脑较多，则要考虑架设一台WSUSServer）

可移动存储设备管理（禁用USB接口或者使用资产管理软件禁用USB存储，禁止Autoplay）

防病毒软件的管理（防病毒软件组件更新，病毒库更新，防火墙管理）

公司人员的防病毒观念提升（这个非一日一夕之功，要潜移默化，但是仍然很难做到）

Internet入口处的防病毒管理（网关防病毒管理，架设专门的诸如IWSA，IGSA等网关防毒设备）

防病毒，还是平时要做好工作，防微杜渐，

否则真遇到病毒爆发的状况，那就真的是手忙脚乱，

死去活来搞定之后，还要想办法做个靓靓的Report跟上头解释得尽量好看一些，残念……

本文标题：这是我见过的最狠毒的词语-QQ个性说说：物是人非,这是我见过的最狠毒的词语
本文地址： http://www.61k.com/1088023.html