·Î±×ÀÎ(»ç¿ëÀÚÀÎÁõ)
    ÇÁ·Î±×·¥ ¼Ò°³
    ÇÁ·Î±×·¥ °¡À̵å
        _±¸¸Å¹æ¹ý
        _°Ë»ç¹æ¹ý
        _°Ë»ç¤ýÄ¡·á
        _ȯ°æ¼³Á¤
        _ÆÄÀϺ¹¿ø
    ¾Ç¼ºÄÚµå Á¤º¸
        _¾Ç¼ºÄÚµå¶õ?
        _¾Ç¼ºÄÚµå Á¤º¸Ã£±â
    ¹ÙÀÌ·¯½º Á¤º¸
        _¹ÙÀÌ·¯½º¶õ?
        _¹ÙÀÌ·¯½º Á¤º¸Ã£±â
        _¹ÙÀÌ·¯½º ¿¹¹æ´Þ·Â
    °í°´Áö¿ø
        _°øÁö»çÇ×
        _ÀǽɵǴ ÆÄÀϽŰí
        _´º½ºÆ®·£µå
        _FAQ(ÀæÀºÁú¹®´äº¯)
        _Q&A(¹«·á Áø´Ü)
        _Q&A(À¯·á Ä¡·á)

 
¹ÙÀÌ·¯½º À̸§ W32/PiBi@mm ¹ÙÀÌ·¯½º Á¾·ù Worm
½ÇÇà ȯ°æ Win9x, Win2000, NT Á¦ÀÛÁö ºÒºÐ¸í
¹ß°ßÀÏ 20021103 ¹ÙÀÌ·¯½ºÅ©±â 32,256 Bytes
¸ÞÀÏ Á¦¸ñ Internet Explorer vulnerability patch
÷ºÎÆÄÀÏ setup.exe
Áõ»ó °¨¿°µÈ À̸ÞÀÏÀÇ Ã·ºÎ ÆÄÀÏ°ú, KazaA, IRC¸¦ ÅëÇØ Àü
ÆÄ µÈ´Ù.
¸¶ÀÌÅ©·Î ¼ÒÇÁÆ® ºñÁÖ¾ó C++·Î ÄÚµùµÇ¾î ÀÖÀ¸¸ç, UPX
¾ÐÃàÇÁ·Î±×·¥À¸·Î ¾ÐÃà
µÇ ÀÖ´Ù.
ºÎÁ¤È®ÇÑ MIME Çì´õ¸¦ ÀÌ¿ëÇÏ¿© E-mail÷ºÎÆÄÀÏÀ» ½Ç
ÇàÇϵµ·Ï ¾ß±âÇÏ´Â º¸
¾È ¹ö±×¸¦ ÀÌ¿ë ÇϹǷΠ¸ÞÀÏÀ» Ŭ¸¯ ÇÏ´Â °Í¸¸À¸·Î °¨
¿°µÉ ¼ö ÀÖ´Ù.

¸ÞÀÏ º»¹®Àº ´ÙÀ½°ú °°´Ù.

You will find all you need in the attachment.

ÆÄÀÏÀÌ ½ÇÇàµÇ¸é À©µµ¿ìÀÇ ½Ã½ºÅÛ Æú´õ(win9x :
c:\windows\system,
Win2000 : c:\Winnt\system32)¿¡ winsysXXX.exeÆÄÀÏ
°ú win32sysXXX.zipÆÄÀÏ
À» »ý¼ºÇÑ´Ù.(XXX : ·£´ýÇÑ ¼ýÀÚ)

¶ÇÇÑ ´ÙÀ½°ú °°ÀÌ ·¹Áö½ºÆ®¸®¸¦ Á¶ÀÛÇÑ´Ù.

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Run
Ç׸ñ¿¡
Win9x ÀÎ °æ¿ì : Windows task32 sys =
c:\windows\system\winsysXXX.exe
Win2000 Àΰæ¿ì: Windows task32 sys =
c:\winnt\system32\winsysXXX.exe
(XXX : ·£´ýÇÑ ¼ýÀÚ)

HKEY_LOCAL_MACHINE\Software\RedCell
Ç׸ñÀ» »ý¼º
infected = yes

KaZaA¸¦ ÅëÇÑ °¨¿°ÆÄÀÏÀº ¾Æ·¡ÀÇ À̸§À» ·£´ýÇÏ°Ô ¼±
ÅÃÇÏ¿© ÀüÆĵȴÙ.
icq2002.exe
wincrack.exe
winamp3.exe
mirc6.exe

¶ÇÇÑ IRC ÇÁ·Î±×·¥À» »ç¿ëÇÑ´Ù¸é ÇØ´ç µð·ºÅ丮¿¡
SCRIPT.INI ÆÄÀÏÀ» »ý¼º
ÇÏ°Ô µÇ´Âµ¥, ÀÌÆÄÀÏ¿£ win32sysXXX.zipÀ» Àü¼ÛÇÏ´Â
½ºÅ©¸³Æ®°¡ Æ÷Ç﵂ ÀÖ
´Ù.

÷ºÎµÈ ÆÄÀÏÀ» ½ÇÇà ÇÑÈÄ ´ÙÀ½°ú °°Àº ¿¡·¯ ¸Þ½ÃÁö¸¦
¶ç¿ì¸ç, ½ÇÇàÇÒ¼ö ¾ø
´Â °Íó·³ À§ÀåÇÑ´Ù.

This program has performed an illegal operation

9¿ù 15ÀÏ¿¡ ´ÙÀ½°ú °°Àº ¸Þ½ÃÁö âÀ» ¶ç¿î´Ù.

"Cause nothing ever lasts forever
We''''re like flowers in this vase, together
You and me, it''''s pulling me down
Tearing my down, piece by piece
And you can''''t see
That''''s it''''s like a disease
Killing me now, it''''s so hard to breathe"
-Feeder <Piece by Piece>

¶ÇÇÑ Æ¯Á¤ ¾ÈƼ ¹ÙÀÌ·¯½º ÇÁ·Î¼¼½º¸¦ Á¤Áö ½ÃÅ°´Â ±â
´ÉÀ» °¡Áö°í ÀÖ´Â °ÍÀ¸
·Î º¸ÀδÙ.
Ä¡·á ¹æ¹ý Åͺ¸¹é½Å Ai, Åͺ¸¹é½Å 2001 ¶Ç´Â Åͺ¸¹é½Å OnlineÀ¸ ·Î Ä¡·á°¡´ÉÇÕ´Ï´Ù.

ºÎÁ¤È®ÇÑ MIME Çì´õ¸¦ ÀÌ¿ëÇÏ¿© E-mail÷ºÎÆÄÀÏÀ» ½ÇÇàÇϵµ·Ï ¾ß±âÇÏ´Â º¸ ¾È ¹ö±×¿Í ÷ºÎµÇ´Â HTML ÆÄÀÏÀº Microsoft VM ActiveX ComponentÀÇ ÇãÁ¡ À» ÀÌ¿ë ÇϹǷΠ¸ÞÀÏÀ» Ŭ¸¯ ÇÏ´Â °Í¸¸À¸·Î °¨¿°µÉ ¼ö ÀÖ´Ù.

ÀÌ ¹ö±×¸¦ ¼öÁ¤Çϱâ À§Çؼ­ ¾Æ·¡ »çÀÌÆ®¿¡¼­ ÆÐÄ¡¸¦ ¹Þ¾Æ Àû¿ëÇϱ⠹ٶõ ´Ù.

< Outlook Express >
- http://www.microsoft.com/windows/ie/downloads/critical/q3 23759ie/default.asp

< Outlook 2000 >
- http://office.microsoft.com/korea/downloads/2000/Out2ksec .aspx

< Outlook 2002(Office XP) >
- http://office.microsoft.com/korea/Downloads/2002/oxpsp2.a spx
Á÷Á¢Ä¡·á¹æ¹ý
ÁÖ¼Ò : ¼­¿ïƯº°½Ã ¸¶Æ÷±¸ °ø´öµ¿ 253-42È£ Áö¹æÀçÁ¤È¸°ü 11Ãþ | »ç¾÷ÀÚ µî·Ï¹øÈ£ : 220-81-67981
°³ÀÎÁ¤º¸°ü¸® Ã¥ÀÓÀÚ : ´ëÇ¥ÀÌ»ç ÀÓÇüÅà | Åë½ÅÆǸž÷ ½Å°í¹øÈ£ Á¦ ¸¶Æ÷-2419È£
e-mail : webmaster@everyzone.com(°í°´Áö¿ø) | vaccine@everyzone.com(¹ÙÀÌ·¯½º)