·Î±×ÀÎ(»ç¿ëÀÚÀÎÁõ)
    ÇÁ·Î±×·¥ ¼Ò°³
    ÇÁ·Î±×·¥ °¡À̵å
        _±¸¸Å¹æ¹ý
        _°Ë»ç¹æ¹ý
        _°Ë»ç¤ýÄ¡·á
        _ȯ°æ¼³Á¤
        _ÆÄÀϺ¹¿ø
    ¾Ç¼ºÄÚµå Á¤º¸
        _¾Ç¼ºÄÚµå¶õ?
        _¾Ç¼ºÄÚµå Á¤º¸Ã£±â
    ¹ÙÀÌ·¯½º Á¤º¸
        _¹ÙÀÌ·¯½º¶õ?
        _¹ÙÀÌ·¯½º Á¤º¸Ã£±â
        _¹ÙÀÌ·¯½º ¿¹¹æ´Þ·Â
    °í°´Áö¿ø
        _°øÁö»çÇ×
        _ÀǽɵǴ ÆÄÀϽŰí
        _´º½ºÆ®·£µå
        _FAQ(ÀæÀºÁú¹®´äº¯)
        _Q&A(¹«·á Áø´Ü)
        _Q&A(À¯·á Ä¡·á)

 
¹ÙÀÌ·¯½º À̸§ W32/Ratos.27136@mm ¹ÙÀÌ·¯½º Á¾·ù Worm
½ÇÇà ȯ°æ Windows Á¦ÀÛÁö ºÒºÐ¸í
¹ß°ßÀÏ 20040816 ¹ÙÀÌ·¯½ºÅ©±â 27,136 byte
¸ÞÀÏ Á¦¸ñ photos
÷ºÎÆÄÀÏ photos_arc.exe
Áõ»ó ÀÌ ¿úÀº ºñÁÖ¾ó C++ ·Î ÀÛ¼ºµÇ¾ú°í, UPX ·Î ¾ÐÃàµÇ ÀÖÀ¸¸ç À̸ÞÀÏ·Î ÀüÆĵȴÙ.

[¸ÞÀÏ Á¦¸ñ]

photos


[¸ÞÀÏ ³»¿ë]

LOL!;))))

[÷ºÎÆÄÀÏ]

photos_arc.exe


[Ư¡]

¿úÀÌ ½ÇÇà µÇ¸é À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Winnt\system32, Win XP : c;\windows\sytem32))¿¡
winpsd.exe(27,136 byte), dx32hhec.sys(4,096 byte), dx32hhlp.exe(139,776 byte), dx32hhconf.ini(1,345 byte) ¿Í
À©µµ¿ì Æú´õ((win 2000, NT : c:\Winnt, Win XP : c;\windows) rasor38a.dll(27,136 byte), winvpn32.exe (139,776 byte) ¸¦ »ý¼ºÇÑ´Ù.

¿úÀº ÀÚü SMTP¸¦ ÀÌ¿ëÇÏ¿© °¨¿°µÈ ÆÄÀÏÀÌ Ã·ºÎµÈ À̸ÞÀÏÀ» Àü¼ÛÇÑ´Ù.

¸ÞÀÏÁÖ¼Ò´Â ´ÙÀ½°ú °°Àº È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ¿¡¼­ ÃßÃâÇÑ´Ù.

adb
asp
dbx
htm
php
pl
sht
tbb
txt
wab

±×¸®°í À©µµ¿ìÀÇ hosts ÆÄÀÏÀ» ´ÙÀ½°ú °°ÀÌ º¯°æÇÏ¿© ÇØ´ç À¥¼­¹ö·ÎÀÇ Á¢±ÙÀ» Â÷´ÜÇÑ´Ù.

127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com

¶ÇÇÑ ´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run
Ç׸ñ¿¡

(win2000, NTÀÇ °æ¿ì)
winpsd = C:\WINNT\System32\winpsd.exe

(WinXPÀÇ °æ¿ì)
winpsd = C:\Windows\System32\winpsd.exe


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dx32hhec
Ç׸ñ¿¡

ImagePath = system32\dx32hhec.sys

ƯÈ÷ dx32hhec.sys¿Í dx32help.exe ÆÄÀÏÀº ÀºÆó±â¹ýÀ» »ç¿ëÇÏ¿©

ÇØ´ç ÆÄÀÏÀ» À©µµ¿ì Ž»ö±âµîÀ¸·Î È®ÀÎ ÇÒ ¼ö ¾ø´Ù.
Ä¡·á ¹æ¹ý Åͺ¸¹é½Å Ai, Åͺ¸¹é½Å 2001 ¶Ç´Â Åͺ¸¹é½Å OnlineÀ¸·Î Ä¡·á
°¡´É ÇÕ´Ï´Ù.
Á÷Á¢Ä¡·á¹æ¹ý
ÁÖ¼Ò : ¼­¿ïƯº°½Ã ¸¶Æ÷±¸ °ø´öµ¿ 253-42È£ Áö¹æÀçÁ¤È¸°ü 11Ãþ | »ç¾÷ÀÚ µî·Ï¹øÈ£ : 220-81-67981
°³ÀÎÁ¤º¸°ü¸® Ã¥ÀÓÀÚ : ´ëÇ¥ÀÌ»ç ÀÓÇüÅà | Åë½ÅÆǸž÷ ½Å°í¹øÈ£ Á¦ ¸¶Æ÷-2419È£
e-mail : webmaster@everyzone.com(°í°´Áö¿ø) | vaccine@everyzone.com(¹ÙÀÌ·¯½º)