|
|
|
|
 |
|
| ¹ÙÀÌ·¯½º
À̸§ |
Worm-W32/Welchia.12800.C |
¹ÙÀÌ·¯½º
Á¾·ù |
Worm |
| ½ÇÇà
ȯ°æ |
Windows |
Á¦ÀÛÁö |
ºÒºÐ¸í |
| ¹ß°ßÀÏ |
20040214 |
¹ÙÀÌ·¯½ºÅ©±â |
12,800 Bytes |
| ¸ÞÀÏ
Á¦¸ñ |
|
| ÷ºÎÆÄÀÏ |
|
| Áõ»ó |
Worm-W32/Welchia.12800ÀÇ º¯ÇüÀ¸·Î Worm-W32/Blaster ¿Í °°Àº NT °è¿ÀÇ
DCOM RPC º¸¾ÈÀÇ Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© °¨¿° ÀüÆĵȴÙ.
±×·¯³ª À©µµ¿ìÁî ¾÷µ¥ÀÌÆ® »çÀÌÆ®¿¡¼ ÇØ´ç OS ¾ð¾îº° DCOM RPC ÆÐÄ¡¸¦
´Ù¿î¹Þ¾Æ ¼³Ä¡ÇÑ ÈÄ¿¡ ÀçºÎÆÃÈÄ W32/Mydoom@mmÀÌ »ý¼ºÇÑ ´ÙÀ½°ú °°Àº ÆÄÀÏÀÌ
Á¸ÀçÇÏ¸é »èÁ¦½Ãµµ¸¦ ÇÑ´Ù.
ctfmon.dll
Explorer.exe
shimgapi.dll
TaskMon.exe
¿úÀÌ ½ÇÇà µÇ¸é À©µµ¿ì ½Ã½ºÅÛ ÇÏÀ§ driversÆú´õ(win 2000, NT : c:\winnt\system32\drivers
Windows Xp : c:\windows\system32\drivers)¿¡
svhost.exe(12,800 byte)¸¦ »ý¼ºÇÑ´Ù.
ÀÌ¿úÀº 4°¡Áö Ãë¾àÁ¡°ú ³×°¡Áö Æ÷Æ®¸¦ ÀÌ¿ëÇÏ¿© ½Ã½ºÅÛ ÀÌ»óÀ» ÀÏÀ¸Å°´Âµ¥, ´ÙÀ½°ú °°´Ù.
1. 135¹ø Æ÷Æ®¸¦ ÅëÇؼ´Â DCOM RPC Ãë¾àÁ¡(http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp)
2. 80¹ø Æ÷Æ®¸¦ ÅëÇؼ´Â WebDav Ãë¾àÁ¡(http://www.microsoft.com/korea/technet/security/bulletin/MS03-007.asp)
3. TCP 139¹ø°ú 445 Æ÷Æ®¸¦ ÅëÇؼ´Â Workstation service buffer overrun Ãë¾àÁ¡(http://www.microsoft.com/korea/technet/security/bulletin/MS03-049.asp
4. ·ÎÄÉÀÌÅÍ ¼ºñ½º Ãë¾àÁ¡ (http://www.microsoft.com/korea/technet/security/bulletin/MS03-007.asp)
¿úÀº À̵é Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© IIS 5.0 ½Ã½ºÅÛÀ» °ø°ÝÇÑ´Ù.
¶ÇÇÑ ½Ã½ºÅÛ³¯Â¥¸¦ üũÇÏ¿© 2004³â 6¿ù1ÀÏ ÀÌÈÄ ¶Ç´Â ½ÇÇàµÈÁö 120ÀÏÀÌ Áö³ª¸é ½ÇÇàµÇÁö ¾Ê°í ÀÚ½ÅÀ» »èÁ¦ÇÑ´Ù.
|
|
Ä¡·á ¹æ¹ý |
Åͺ¸¹é½Å Ai, Åͺ¸¹é½Å 2001 ¶Ç´Â Åͺ¸¹é½Å OnlineÀ¸·Î Ä¡·á
°¡´É ÇÕ´Ï´Ù.
Ä¡·á ÈÄ windows 2000 Server À̻󿡼 IIS ¼¹ö¸¦ »ç¿ëÇϽô À¯Àú´Â
±Ùº»ÀûÀÎ ÇØ°áÀ» À§ÇØ ´ÙÀ½ÀÇ À©µµ¿ìÁî º¸¾ÈÆÐÄ¡¸¦ ¼öÇà ÇϽñ⠹ٶø´Ï´Ù.
*WebDAV ÆÐÄ¡
http://www.microsoft.com/korea/technet/security/bulletin/MS03-013.asp
*RPC-DCOM º¸¾ÈÆÐÄ¡ ´Ù¿î·Îµå ¾È³»
http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp
*¿öÅ©½ºÅ×ÀÌ¼Ç ¼ºñ½ºÀÇ ¹öÆÛ ¿À¹ö·± º¸¾ÈÆÐÄ¡ ´Ù¿î·Îµå ¾È³»
http://www.microsoft.com/korea/technet/security/bulletin/MS03-049.asp
*·ÎÄÉÀÌÅÍ ¼ºñ½º ´Ù¿î·Îµå ¾È³»
http://www.microsoft.com/korea/technet/security/bulletin/MS03-007.asp |
|
Á÷Á¢Ä¡·á¹æ¹ý |
|
|
|
