Virus/DOS.SSR早在2008年就已经出现。它属于典型感染式病毒，是一类以感染宿主的方式完成自我传播的恶意代码。该感染式病毒关联样本是DOS平台下的BIN文件，主要采用命令行对系统或数据等发起攻击。目前Virus/DOS.SSR存在可执行文件、压缩文件等至少5种格式的样本，可执行文件占绝大部分。除安天外，基于样本的命名对比分析，当前至少4个安全厂商对其进行命名，安全厂商对其行为分析较为清晰，检测的方式基本一致，对该感染式病毒形成相同命名。
病毒行为
Initiating a large number of forged requests, consuming system resources, and causing the system to become extremely slow.
Attacking critical components of the system, such as the network protocol stack, to maliciously disrupt the system's network functionality.
Modifying system files and registry entries to load the virus code during system startup and to make it difficult to detect.
Generating random file names to make it difficult for antivirus software to identify and remove the virus.
Creating hidden processes in the system to prevent detection and termination by antivirus software.
Spreading itself through the network, infecting other systems, and continuing malicious attacks.
样本格式分布
格式类别 占比 格式描述
BinExecute 72.0% 用于执行二进制文件的工具或实用程序
Generic 21.33% 不能确定具体类型的文件
Archive 2.67% 将文件或数据进行压缩和存储
Text 2.67% 纯文字内容的文件
DBinExecute 1.33%
其他厂商命名
厂商 命名
Fortinet MSIL/Agent.SSR!tr
Microsoft Virus:DOS/SSR
Kaspersky not-a-virus:AdWare.NSIS.ConvertAd.ssr
ESET-NOD32 a variant of Win32/TrojanDownloader.Banload.SSR
典型变种
Virus/DOS.SSR.19834
Virus/DOS.SSR.18364
Virus/DOS.SSR.bbav
Virus/DOS.SSR.bbei
Virus/DOS.SSR.1630
典型样本
类型 值
MD5 319e4be463e4f402de0d0ca203fa54d1
MD5 54f5ec1f73737059d5e26a41e1fb7f31
MD5 60a3f131b73011fc356c177d01dd71d1
MD5 78c7b906dd940694a4f7f2755582af11
MD5 8011de9c9d614117c525020b62020cb1
解决方案
Keep antivirus programs up to date and ensure that their virus databases are up to date.
Regularly scan and remove malicious files and registry entries from the system.
Deploy a firewall in the system to promptly block the spread of the virus.
Use trusted sources for software and avoid downloading and running unverified programs.
Increase employees' awareness of network security and educate them about the ways viruses are spread.
Regularly back up system data to prevent data loss caused by the virus.Please note that the above solutions are for reference only. Take appropriate protective measures based on the actual situation.