·Î±×ÀÎ(»ç¿ëÀÚÀÎÁõ)
    ÇÁ·Î±×·¥ ¼Ò°³
    ÇÁ·Î±×·¥ °¡À̵å
        _±¸¸Å¹æ¹ý
        _°Ë»ç¹æ¹ý
        _°Ë»ç¤ýÄ¡·á
        _ȯ°æ¼³Á¤
        _ÆÄÀϺ¹¿ø
    ¾Ç¼ºÄÚµå Á¤º¸
        _¾Ç¼ºÄÚµå¶õ?
        _¾Ç¼ºÄÚµå Á¤º¸Ã£±â
    ¹ÙÀÌ·¯½º Á¤º¸
        _¹ÙÀÌ·¯½º¶õ?
        _¹ÙÀÌ·¯½º Á¤º¸Ã£±â
        _¹ÙÀÌ·¯½º ¿¹¹æ´Þ·Â
    °í°´Áö¿ø
        _°øÁö»çÇ×
        _ÀǽɵǴ ÆÄÀϽŰí
        _´º½ºÆ®·£µå
        _FAQ(ÀæÀºÁú¹®´äº¯)
        _Q&A(¹«·á Áø´Ü)
        _Q&A(À¯·á Ä¡·á)

 
¹ÙÀÌ·¯½º À̸§ Trojan-W32/VirtualRoot ¹ÙÀÌ·¯½º Á¾·ù Trojan
½ÇÇà ȯ°æ Win NT, Win 2000 Á¦ÀÛÁö
¹ß°ßÀÏ ¹ÙÀÌ·¯½ºÅ©±â
¸ÞÀÏ Á¦¸ñ
÷ºÎÆÄÀÏ
Áõ»ó Worm/CodeRed_II °¡ »ý¼ºÇÏ´Â Æ®·ÎÀ̸ñ¸¶ ÇÁ·Î±×·¥À¸·Î C µå¶óÀ̺곪 D µå
¶óÀÌºê ·çÆ®¿¡explorer.exe ÆÄÀÏÀ» »ý¼ºÇϴµ¥ ½ÇÇàµÇ¸é À©µµ¿ì Æú´õÀÇ Á¤
»óÆÄÀÏÀÎ explorer.exe¸¦ ½ÇÇàÇÑ´Ù. ÀÌÈÄ ·¹Áö½ºÆ®¸® º¯°æÀ» ÅëÇؼ­ ¿ø°ÝÁö
¿¡¼­ C µå¶óÀ̺ê¿Í D µå¶óÀ̺꿡 Á¢±ÙÀÌ °¡´ÉÇÏ°Ô µÈ´Ù.

ÀÌ¿Ü¿¡ ÀÚ¼¼ÇÑ ¼³¸íÀº Worm/CodeRed_II Á¤º¸¸¦ Âü°íÇϱ⠹ٶõ´Ù.

¸Å¿ù 1ÀÏ¿¡¼­ 19ÀÏ »çÀÌ¿¡´Â ÀÓÀÇÀÇ IP ÁÖ¼ÒÀÇ 80¹ø(HTTP) Æ÷Æ®·Î ¸Þ¸ð¸®
¿¡ ÀÖ´ø ÀÚ±âÀÚ½ÅÀ» ¼Û½ÅÇÏ¿© °¨¿°À» ½ÃÅ°·Á ½ÃµµÇÑ´Ù.
¸Å¿ù 20ÀÏ¿¡¼­ 28ÀÏ »çÀÌ¿¡´Â www1.whitehouse.gov »çÀÌÆ®¸¦ ¸¦ °ø°ÝÇÏ¿©
¼­¹öÀÇ ¿î¿µÀ» ¹æÇØÇϴµ¥, ¸¸¾à °¨¿°µÈ À¥ ¼­¹ö°¡ 1,000 ´ë ¶ó¸é ÀÌ ¼­¹ö
µéÀÌ µ¿½Ã¿¡ °ø°ÝÀ» ÇϰԵǴµ¥, ÇöÀç ±¹³»ÀÇ À¥¼­¹öµéµµ ¸¹ÀÌ °¨¿°µÈ »óȲ
À̸ç, ÇØ´ç ±â°£ÀÌ µÇ¸é ÀÏÁ¦È÷ www1.whitehouse.gov»çÀÌÆ®¸¦ °ø°ÝÇÒ °ÍÀÌ
´Ù.

Ä¡·á ¹æ¹ý MS »çÀÌÆ®¿¡¼­ ÆÐÄ¡¸¦ Àû¿ëÇÏÁö ¾ÊÀº °æ¿ìÀÌ°í, C µå¶óÀ̺곪 D µå¶óÀ̺ê
·çÆ®¿¡¼­ explorer.exe
ÆÄÀÏÀÌ ¹ß°ßµÈ °æ¿ì¶ó¸é ¾Æ·¡¿Í °°Àº ¹æ¹ýÀ¸·Î Ä¡·áÇϱ⠹ٶõ´Ù.

1. »èÁ¦ÇÒ ÆÄÀϵé
\inetpub\scripts\root.exe
\Program Files\Common Files\system\msadc\root.exe
\explorer.exe (¸ÕÀú µµ½º¸ðµå¿¡¼­ attrib \explorer.exe -h -a -r ÇÏ¿© ¼Ó
¼ºÀ» º¯°æÇÑ´Ù.)

2. ·¹Áö½ºÆ®¸® ¼öÁ¤
HKEY_LOCAL_MACHINE\Software\Microsoft\WindowsNT\Current
Version\WinLogon\SFCDisable
Å° °ªÀ» 0 À¸·Î º¯°æ ÇÕ´Ï´Ù.

HKEY_LOCAL_MACHINE\System\CurrentControl\Set\Services\W3SVC\Parameters
\Virtual Roots/Scripts
HKEY_LOCAL_MACHINE\System\CurrentControl\Set\Services\W3SVC\Parameters
\Virtual Roots/msadc

À§ ·¹Áö½ºÆ®¸®ÀÇ °ªÀ» 217 ¿¡¼­ 204, 205 ·Î º¯°æÇÕ´Ï´Ù.

HKEY_LOCAL_MACHINE\System\CurrentControl\Set\Services\W3SVC\Parameters
\Virtual Roots/c
HKEY_LOCAL_MACHINE\System\CurrentControl\Set\Services\W3SVC\Parameters
\Virtual Roots/d

À§ ·¹Áö½ºÆ®¸®¸¦ »èÁ¦ÇÑ´Ù.

3. IIS ¸¦ ¼³Ä¡ÇÑ ¼­¹ö °ü¸®ÀÚ´Â CodeRed ÀÇ °¨¿°¿©ºÎ¿Í »ó°ü¾øÀÌ ¾Æ·¡ÀÇ
ÁÖ¼Ò¿¡¼­ ÆÐÄ¡¸¦ ¹Þ¾Æ Àû¿ëÇÏ¿© ¹Ì¿¬ÀÇ ÇÇÇظ¦ ¹æÁöÇϱ⠹ٶõ´Ù.

http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/security/bulletin/ms01-033.asp

ÀÌ¿Ü¿¡ °©Àڱ⠺ÎÇÏ°¡ ¸¹ÀÌ °É·Á¼­ À¥¼­¹ö°¡ ´À·ÁÁø °æ¿ì¶ó¸é CodeRed ¸¦
ÀǽÉÇØ º¼¼ö ÀÖ´Ù.
CodeRed ´Â °¨¿°½Ã ¸Þ¸ð¸®¿¡¸¸ »óÁÖÇϹǷΠÀçºÎÆÃÇϰųª inetinfo.exe ¸¦
Àç½ÇÇàÇÏ¸é »ç¶óÁö°Ô µÈ´Ù.
Á÷Á¢Ä¡·á¹æ¹ý
ÁÖ¼Ò : ¼­¿ïƯº°½Ã ¸¶Æ÷±¸ °ø´öµ¿ 253-42È£ Áö¹æÀçÁ¤È¸°ü 11Ãþ | »ç¾÷ÀÚ µî·Ï¹øÈ£ : 220-81-67981
°³ÀÎÁ¤º¸°ü¸® Ã¥ÀÓÀÚ : ´ëÇ¥ÀÌ»ç ÀÓÇüÅà | Åë½ÅÆǸž÷ ½Å°í¹øÈ£ Á¦ ¸¶Æ÷-2419È£
e-mail : webmaster@everyzone.com(°í°´Áö¿ø) | vaccine@everyzone.com(¹ÙÀÌ·¯½º)