·Î±×ÀÎ(»ç¿ëÀÚÀÎÁõ)
    ÇÁ·Î±×·¥ ¼Ò°³
    ÇÁ·Î±×·¥ °¡À̵å
        _±¸¸Å¹æ¹ý
        _°Ë»ç¹æ¹ý
        _°Ë»ç¤ýÄ¡·á
        _ȯ°æ¼³Á¤
        _ÆÄÀϺ¹¿ø
    ¾Ç¼ºÄÚµå Á¤º¸
        _¾Ç¼ºÄÚµå¶õ?
        _¾Ç¼ºÄÚµå Á¤º¸Ã£±â
    ¹ÙÀÌ·¯½º Á¤º¸
        _¹ÙÀÌ·¯½º¶õ?
        _¹ÙÀÌ·¯½º Á¤º¸Ã£±â
        _¹ÙÀÌ·¯½º ¿¹¹æ´Þ·Â
    °í°´Áö¿ø
        _°øÁö»çÇ×
        _ÀǽɵǴ ÆÄÀϽŰí
        _´º½ºÆ®·£µå
        _FAQ(ÀæÀºÁú¹®´äº¯)
        _Q&A(¹«·á Áø´Ü)
        _Q&A(À¯·á Ä¡·á)

 
¹ÙÀÌ·¯½º À̸§ Worm-W32/Welchia.10240 ¹ÙÀÌ·¯½º Á¾·ù Worm
½ÇÇà ȯ°æ Win9x, Win2000, NT Á¦ÀÛÁö Áß±¹
¹ß°ßÀÏ 20030818 ¹ÙÀÌ·¯½ºÅ©±â 10,240 Bytes
¸ÞÀÏ Á¦¸ñ
÷ºÎÆÄÀÏ
Áõ»ó ºñÁÖ¾ó C++·Î ÀÛ¼ºµÇ¾úÀ¸¸ç, Worm-W32/Blaster ¿Í °°Àº NT °è¿­ÀÇ
DCOM RPC º¸¾ÈÀÇ Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© °¨¿° ÀüÆĵȴÙ.

±×·¯³ª À©µµ¿ìÁî ¾÷µ¥ÀÌÆ® »çÀÌÆ®¿¡¼­ ÇØ´ç OS ¾ð¾îº° DCOM RPC ÆÐÄ¡¸¦
´Ù¿î¹Þ¾Æ ¼³Ä¡ÇÑ ÈÄ¿¡ ÀçºÎÆÃÈÄ Worm-W32/Blaster°¡ Á¸ÀçÇÏ¸é »èÁ¦½Ãµµ¸¦ ÇÑ´Ù.

¿úÀÌ ½ÇÇà µÇ¸é À©µµ¿ì ½Ã½ºÅÛ ÇÏÀ§ winsÆú´õ(c:\winnt\system32\wins)¿¡
dllhost.exe(10,240 byte)¿Í svchost.exe(19,728 byte)¸¦ »ý¼ºÇÑ´Ù.

svchost.exe ÆÄÀÏÀº ½Ã½ºÅÛ Æú´õÀÇ dllcacheÆú´õ(c:\winnt\system32\dllcache)¿¡¼­ Á¤»óÆÄÀÏÀÎ tftpd.exeÀ» º¹»çÇÑ ÈÄ À̸§À» º¯°æÇÑ°ÍÀ¸·Î, ½Ã½ºÅÛ Æú´õ(c:\winnt\system32)ÀÇ svchost.exe¿Í ´Ù¸¥ ÆÄÀÏÀÌ´Ù.

¶ÇÇÑ ÀÚ½ÅÀ» ½ÇÇàÇÒ¼ö ÀÖ°Ô ¾Æ·¡ÀÇ ³»¿ëÀÌ ·¹Áö½ºÆ®¸®¿¡ Ãß°¡ µÈ´Ù.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcPatch

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcTftpd

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RpcPatch

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RpcTftpd

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcPatch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcTftpd


±×¸®°í °¨¿° ´ë»ó ½Ã½ºÅÛÀ» ã±â À§ÇØ ICMP ¶Ç´Â, PING ½ÅÈ£¸¦ º¸³»°Ô µÇ¸ç, ÀÌ °úÁ¤¿¡¼­ ³×Æ®¿÷ Æ®·¡ÇÈÀÌ Áõ°¡ÇÏ°Ô µÈ´Ù.

ÀÌ¿úÀº µÎ°¡Áö Æ÷Æ®¸¦ ÀÌ¿ëÇÏ¿© ½Ã½ºÅÛ ÀÌ»óÀ» ÀÏÀ¸Å°´Âµ¥, 135¹ø Æ÷Æ®¸¦
ÅëÇؼ­´Â DCOM RPC Ãë¾àÁ¡À», ¶ÇÇÑ 80¹ø Æ÷Æ®¸¦ ÅëÇؼ­´Â WebDav Ãë¾àÁ¡
(http://www.microsoft.com/korea/technet/security/bulletin/MS03-007.asp)À» ÀÌ¿ëÇÏ¿© IIS 5.0 ½Ã½ºÅÛÀ» °ø°ÝÇÑ´Ù.


¿ú ³»ºÎ¿¡´Â ´ÙÀ½°ú °°Àº ¹®ÀÚ¿­ÀÌ Á¸Àç ÇÑ´Ù.

=========== I love my wife & baby :-)~~~ Welcome Chian~~~ Notice: 2004 will remove myself:-)~~ sorry zhongli~~~=========== wins

¶ÇÇÑ 2004³âÀÌ µÇ¾î ½ÇÇà µÇ¸é ÀÚ½ÅÀ» »èÁ¦ÇÏ°Ô µÈ´Ù.
Ä¡·á ¹æ¹ý
Åͺ¸¹é½Å Ai, Åͺ¸¹é½Å 2001 ¶Ç´Â Åͺ¸¹é½Å OnlineÀ¸·Î Ä¡·á °¡´É ÇÕ´Ï´Ù.

Ä¡·á ÈÄ windows 2000 Server À̻󿡼­ IIS ¼­¹ö¸¦ »ç¿ëÇϽô À¯Àú´Â ±Ùº»ÀûÀÎ ÇØ°áÀ» À§ÇØ ´ÙÀ½ÀÇ À©µµ¿ìÁî º¸¾ÈÆÐÄ¡¸¦ ¼öÇà ÇϽñ⠹ٶø´Ï´Ù.

*WebDAV ÆÐÄ¡

http://www.microsoft.com/korea/technet/security/bulletin/MS03-013.asp
Á÷Á¢Ä¡·á¹æ¹ý
ÁÖ¼Ò : ¼­¿ïƯº°½Ã ¸¶Æ÷±¸ °ø´öµ¿ 253-42È£ Áö¹æÀçÁ¤È¸°ü 11Ãþ | »ç¾÷ÀÚ µî·Ï¹øÈ£ : 220-81-67981
°³ÀÎÁ¤º¸°ü¸® Ã¥ÀÓÀÚ : ´ëÇ¥ÀÌ»ç ÀÓÇüÅà | Åë½ÅÆǸž÷ ½Å°í¹øÈ£ Á¦ ¸¶Æ÷-2419È£
e-mail : webmaster@everyzone.com(°í°´Áö¿ø) | vaccine@everyzone.com(¹ÙÀÌ·¯½º)