异世界里的生活玩家:wgareg.exe是什么

我找到了，总算明白为什么所有人都是在今天中了wgareg：

http://www.f-secure.com/weblog/

Sunday, August 13, 2006
IRC bot exploits the 5-day old MS-06040 vulnerability Posted by Mikko @ 08:23 GMT

wgareg.exe
Hopefully everybody followed the advice we gave five days ago.
http://www.f-secure.com/weblog/archives/archive-082006.html#00000944
We've just located the first bot exploiting one the remote code execution vulnerabilities patched in last Tuesday's patch set by Microsoft.

The bot, known as Mocbot aka Backdoor.Win32.IRCBot.st is apparently only able to spread to Windows 2000 and perhaps to Windows XP SP1 computers.

Our update 2006-08-13_01 detects this bot.

The bot connects to IRC servers at:

bbjj.househot.com:18067
ypgw.wallloan.com:18067

Network admins might want to monitor connection attempts to those hosts from within their network.

More info on the MS06-040 vulnerability.
http://www.microsoft.com/technet/security/bulletin/ms06-040.mspx