·Î±×ÀÎ(»ç¿ëÀÚÀÎÁõ)
    ÇÁ·Î±×·¥ ¼Ò°³
    ÇÁ·Î±×·¥ °¡À̵å
        _±¸¸Å¹æ¹ý
        _°Ë»ç¹æ¹ý
        _°Ë»ç¤ýÄ¡·á
        _ȯ°æ¼³Á¤
        _ÆÄÀϺ¹¿ø
    ¾Ç¼ºÄÚµå Á¤º¸
        _¾Ç¼ºÄÚµå¶õ?
        _¾Ç¼ºÄÚµå Á¤º¸Ã£±â
    ¹ÙÀÌ·¯½º Á¤º¸
        _¹ÙÀÌ·¯½º¶õ?
        _¹ÙÀÌ·¯½º Á¤º¸Ã£±â
        _¹ÙÀÌ·¯½º ¿¹¹æ´Þ·Â
    °í°´Áö¿ø
        _°øÁö»çÇ×
        _ÀǽɵǴ ÆÄÀϽŰí
        _´º½ºÆ®·£µå
        _FAQ(ÀæÀºÁú¹®´äº¯)
        _Q&A(¹«·á Áø´Ü)
        _Q&A(À¯·á Ä¡·á)

 
¹ÙÀÌ·¯½º À̸§ Worm-W32/IRCBot.103832 ¹ÙÀÌ·¯½º Á¾·ù Worm
½ÇÇà ȯ°æ Windows Á¦ÀÛÁö ºÒºÐ¸í
¹ß°ßÀÏ 20041108 ¹ÙÀÌ·¯½ºÅ©±â 103,832 byte
¸ÞÀÏ Á¦¸ñ
÷ºÎÆÄÀÏ
Áõ»ó ºñÁÖ¾ó C++·Î ÀÛ¼ºµÈ ÀÌ ¿úÀº À©µµ¿ì º¸¾È º¸¾ÈÃë¾àÁ¡°ú À©µµ¿ì °øÀ¯ Æú´õ, ±×¸®°í ¾ÏÈ£°¡ ¼³Á¤µÇÁö ¾ÊÀº NT Ä¿³Î À©µµ¿ì¸¦ ÅëÇØ ÀüÆĵȴÙ.

Ư¡À¸·Î´Â ÇØ¿Ü À¯¸íÇÑ º¸¾È¾÷ü ½ÎÀÌÆ®¿Í ¾÷µ¥ÀÌÆ® ½ÎÀÌÆ®ÀÇ Á¢¼ÓÀ» ¹æÇØ Çϸç, ¹é½Å ¼ÒÇÁÆ®¿þ¾îÀÇ

ÇÁ·Î¼¼½º¸¦ °­Á¦·Î Á¾·á ÇÏ´Â ±â´ÉÀ» žÀçÇÏ°í ÀÖ´Ù.

[Ư¡]

½ÇÇà½Ã ƯÁ¤ IRC ¼­¹ö·Î ¿¬°áµÇ°Ô µÇ´Âµ¥ À̶§ À©µµ¿ì CD key, ½Ã½ºÅÛ Á¤º¸, ³×Æ®¿÷ Á¤º¸ ¹×

ÀϹÝÀûÀÎ ÇØÅ· È°µ¿ÀÎ CD-Rom ¿­°í ´Ý±â, ÇÁ·Î¼¼½º °­Á¦ Á¾·á, ¸ÞÀÏÁÖ¼Ò ¼öÁý, ÆÄÀÏ ½ÇÇà¹× »èÁ¦ µîµîÀ»

ÇÒ¼ö ÀÖ´Ù.

±×¸®°í À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Winnt\system32, win XP : c:\windows\system32, win 95/98/me : c:\windows\system)¿¡

bcvsrv32.exe (103,832 byte) ¸¦ »ý¼º ÇÏ°í

´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡

Bcvsrv32 = bcvsrv32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run \RunServices\
Ç׸ñ¿¡

Bcvsrv32 = bcvsrv32.exe

ƯÈ÷ ¾ÈƼ ¹ÙÀÌ·¯½º¹× º¸¾È ½ÎÀÌÆ®¿¡ Á¢¼ÓÀ» ¹æÇØÇÏ´Â ¹æ½ÄÀ¸·Î À©µµ¿ìÀÇ hosts ÆÄÀÏÀ» Á¶ÀÛÇÏ°Ô µÈ´Ù.

(Á¤»óÀûÀÎ hostsÀÇ ¿¹)

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ''#'' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

(¿úÀÌ ¹Ù²Û hosts ÆÄÀÏÀÇ ¿¹)

127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.fastclick.net
127.0.0.1 ads.fastclick.net
127.0.0.1 ar.atwola.com
127.0.0.1 atdmt.com
127.0.0.1 avp.ch
127.0.0.1 avp.com
127.0.0.1 avp.ru
127.0.0.1 awaps.net
127.0.0.1 banner.fastclick.net
127.0.0.1 banners.fastclick.net
127.0.0.1 ca.com
127.0.0.1 click.atdmt.com
127.0.0.1 clicks.atdmt.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 download.microsoft.com
127.0.0.1 downloads.microsoft.com
127.0.0.1 engine.awaps.net
127.0.0.1 fastclick.net
127.0.0.1 f-secure.com
127.0.0.1 ftp.f-secure.com
127.0.0.1 ftp.sophos.com
127.0.0.1 go.microsoft.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 mast.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 media.fastclick.net
127.0.0.1 msdn.microsoft.com
127.0.0.1 my-etrust.com
127.0.0.1 nai.com
127.0.0.1 networkassociates.com
127.0.0.1 office.microsoft.com
127.0.0.1 phx.corporate-ir.net
127.0.0.1 secure.nai.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 service1.symantec.com
127.0.0.1 sophos.com
127.0.0.1 spd.atdmt.com
127.0.0.1 support.microsoft.com
127.0.0.1 symantec.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 vil.nai.com
127.0.0.1 viruslist.ru
127.0.0.1 windowsupdate.microsoft.com
127.0.0.1 www.avp.ch
127.0.0.1 www.avp.com
127.0.0.1 www.avp.ru
127.0.0.1 www.awaps.net
127.0.0.1 www.ca.com
127.0.0.1 www.fastclick.net
127.0.0.1 www.f-secure.com
127.0.0.1 www.kaspersky.ru
127.0.0.1 www.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 www.nai.com
127.0.0.1 www.networkassociates.com
127.0.0.1 www.sophos.com
127.0.0.1 www.symantec.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.viruslist.ru
127.0.0.1 www3.ca.com
Ä¡·á ¹æ¹ý Åͺ¸¹é½ÅAi, Åͺ¸¹é½Å Online, Åͺ¸¹é½Å 2001 Á¦Ç°±ºÀ¸·Î Ä¡·á°¡´É.

Ä¡·á ÈÄ [½ÃÀÛ]->Windows Update ¸Þ´º¸¦ ÀÌ¿ëÇÏ¿©

À©µµ¿ì ¿î¿µÃ¼Á¦ ÀÚüÀÇ º¸¾ÈÆÐÄ¡¸¦ ÇØ Áֽñ⠹ٶø´Ï´Ù.

*Lsass Vulnerability MS04-011
--> http://www.microsoft.com/korea/technet/security/bulletin/MS04-011.asp *RPC DCOM2 Vulnerability MS03-039
--> http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp

*RPC DCOM Vulnerability MS03-026
--> http://www.microsoft.com/korea/technet/security/bulletin/MS03-026.asp

*RPC Locator Vulnerability MS03-001
--> http://www.microsoft.com/korea/technet/security/bulletin/MS03-001.asp

*UPnP (Universal Plug and Play) Vulnerability MS01-054
--> http://www.microsoft.com/korea/technet/security/bulletin/MS01-054.asp


°£ÆíÇÑ ÆÐÄ¡¿¡ ´ëÇÑ ¼³¸íÀº ´ÙÀ½ ¹ÙÀÌ·¯½ºÄ®·³À» È®ÀÎÇØ Áֽñ⠹ٶø´Ï´Ù.
http://www.everyzone.com/service/info/content.asp?part=tbl_viruscolumn&id=20&GotoPage=1&block=&number=

º¸´Ù ÀÚ¼¼ÇÑ ¼³¸íÀº ´ÙÀ½ ¸µÅ©¸¦ È®ÀÎÇØ Áֽʽÿä.
http://www.everyzone.com/service/bbs/faq/content.asp?part=everyzone_faq&menu=0&id=22&GotoPage=3&block=0&number=
Á÷Á¢Ä¡·á¹æ¹ý
ÁÖ¼Ò : ¼­¿ïƯº°½Ã ¸¶Æ÷±¸ °ø´öµ¿ 253-42È£ Áö¹æÀçÁ¤È¸°ü 11Ãþ | »ç¾÷ÀÚ µî·Ï¹øÈ£ : 220-81-67981
°³ÀÎÁ¤º¸°ü¸® Ã¥ÀÓÀÚ : ´ëÇ¥ÀÌ»ç ÀÓÇüÅà | Åë½ÅÆǸž÷ ½Å°í¹øÈ£ Á¦ ¸¶Æ÷-2419È£
e-mail : webmaster@everyzone.com(°í°´Áö¿ø) | vaccine@everyzone.com(¹ÙÀÌ·¯½º)