|
|
|
|
¹ÙÀÌ·¯½º
À̸§ |
W32/BoBax.79936@mm |
¹ÙÀÌ·¯½º
Á¾·ù |
Worm |
½ÇÇà
ȯ°æ |
Windows |
Á¦ÀÛÁö |
ºÒºÐ¸í |
¹ß°ßÀÏ |
20050815 |
¹ÙÀÌ·¯½ºÅ©±â |
79,936 bytes |
¸ÞÀÏ
Á¦¸ñ |
Accounts department ¿Ü ´Ù¼ö |
÷ºÎÆÄÀÏ |
account-info.zip ¿Ü ´Ù¼ö |
¹ÙÀÌ·¯½º Áõ»ó |
ÀÌ ¿úÀº À̸ÞÀÏ°ú ³×Æ®¿÷ º¸¾ÈÃë¾à¼ºÀ» ÀÌ¿ëÇؼ ÀüÆĵȴÙ.
[¸ÞÀÏ Á¦¸ñ]
´ÙÀ½ Áß¿¡¼ ¼±ÅõȴÙ.
Accounts department
Ahtung!
Camila
Daily activity report
Ello!
Flayers among us
Freedom for everyone
From Hair-cutter
From me
Greet the day
Hardware devices price-list
Hello my friend
Hi!
Jenny
Jessica
Looking for the report
Maria
Melissa
Monthly incomings summary
New Price-list
Price
Price list
Price-list
Pricelist
Proclivity to servitude
Registration confirmation
The account
The employee
The summary
USA government abolishes the capital punishment
Weekly activity report
Well...
You are dismissed
You really love me? he he
[¸ÞÀÏ ³»¿ë]
+++ Attachment: No Virus found
+++ F-Secure AntiVirus - You are protected
+++ Norman AntiVirus - You are protected
+++ Norton AntiVirus - You are protected
+++ Panda AntiVirus - You are protected
+++ www.f-secure.com
+++ www.norman.com
+++ www.pandasoftware.com
+++ www.symantec.com
Account Information Are Attached!
Attached some pics that i found
Check this out :-)
Cya
Empty
Everything inside the attach
Follow the instructions in the attachment.
Hello,
I was going through my album, and look what I found..
Long time! Check this out!
Look it through
Mail transaction failed. Partial message is available.
Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.
Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.
Osama Bin Laden Captured.
Please read the attached document and follow it''''''''s instructions.
Remember this?
Request
Response
Saddam Hussein - Attempted Escape, Shot dead
Secret!
Subj
Testing
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
The message contains Unicode characters and has been sent as a binary attachment.
The original message has been included as an attachment.
To safeguard your email account from possible termination, please see the attached file.
To unblock your email account acces, please see the attachment.
We attached some important information regarding your account.
We have suspended some of your email services, to resolve the problem you should read the attached document.
please look at attached document.
We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.
[÷ºÎÆÄÀÏ]
ÆÄÀÏ À̸§ Àº ´ÙÀ½ ¸®½ºÆ®¿¡¼ ¼±Åà µÈ´Ù.
INFO
accepted-password
account-details
account-info
account-password
account-report
account/-details
approved-password
attachment
body
bush
data
doc
document
document/_full
email-details
email-doc
email-info
email-password
email/-doc
email/-info
file
funny
important-details
info
info-text
info/-text
information
instruction
instructions
joke
letter
mail
message
new-password
password
pics
readme
secret
test
text
transcript
updated-password
your/-details
È®ÀåÀÚ´Â ´ÙÀ½ µÎ°¡ÁöÁß¿¡¼ ¼±Åà µÈ´Ù.
EXE
INFO
DOC
PIF
SCR
TMP
zip ÆÄÀÏ Çü½ÄÀº À§ÀÇ È®ÀåÀÚ ÆÄÀÏÀ» 1:1ÀÏ ¾ÐÃàÇÑ °æ¿ì´Ù.
[Ư¡]
¿úÀÌ ½ÇÇàµÇ¸é À©µµ¿ìÆú´õ(win 2000, NT : c:\Winnt, Win XP, 9x : c:\windows)¿¡
Msdefr.exe, Nb32ext2.exe, Csrss.exe, Services.exe, Smss.exe, Winlogon.exeÆÄÀÏÀ»
»ý¼ºÇÑ´Ù.
¶ÇÇÑ, ´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡
(win2000, NTÀÇ °æ¿ì)
RPCserv32g = c:\winnt\(·£´ý ÆÄÀϸí).exe
(WinXPÀÇ °æ¿ì)
RPCserv32g = c:\windows\(·£´ý ÆÄÀϸí).exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Ç׸ñ¿¡
Helloworld = Nb32ext2.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Ç׸ñ¿¡
(win2000, NTÀÇ °æ¿ì)
Userinit = c:\winnt\system32\userinit.exe,c:\winnt\services.exe
(WinXPÀÇ °æ¿ì)
Userinit = c:\windows\system32\userinit.exe,c:\windows\services.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess
Ç׸ñ¿¡
Start = "00000004"
(±âº»°ªÀº 00000003 ÀÌ´Ù)
±×¸®°í ´ÙÀ½°ú °°Àº ·¹Áö½ºÆ®¸® °ªÀ» »ý¼ºÇÑ´Ù.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy
Ç׸ñ¿¡
Enable Firewall = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\StandardProfile
Ç׸ñ¿¡
Enable Firewall = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\DomainProfile
Ç׸ñ¿¡
Enable Firewall = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List
Ç׸ñ¿¡
Enable Firewall = "0"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\
Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List
Ç׸ñ¿¡
Enable Firewall = "0"
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer
Ç׸ñ¿¡
IEPsdgxc = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer
Ç׸ñ¿¡
Fdfg = "{°ª}"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies
Ç׸ñ¿¡
DisableRegistryTools = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies
Ç׸ñ¿¡
DisableRegistryTools = "0"
±×¸®°í ´ÙÀ½Ã³·³ ÀϺΠº¸¾ÈÁ¦Ç°ÀÇ ÇÁ·Î¼¼½º¸¦ ¹ß°ßÇϸé Á¾·á½ÃÅ°°Ô µÈ´Ù.
_AVP32.EXE
_AVPCC.EXE
_AVPM.EXE
ATUPDATER.EXE
AUPDATE.EXE
AUTODOWN.EXE
AUTOTRACE.EXE
AUTOUPDATE.EXE
AVPUPD.EXE
AVWUPD32.EXE
AVXQUAR.EXE
B055262C.DLL
BACKDOOR.RBOT.GEN.EXE
BACKDOOR.RBOT.GEN_(17).EXE
CFIAUDIT.EXE
DAILIN.EXE
DRWEBUPW.EXE
F-AGOBOT.EXE
GFXACC.EXE
HIJACKTHIS.EXE
IAOIN.EXE
ICSSUPPNT.EXE
ICSUPP95.EXE
LIEN VAN DE KELDERRR.EXE
LUALL.EXE
MCUPDATE.EXE
MSNMSGR.EXE
MSSSSS.EXE
NUPGRADE.EXE
OUTPOST.EXE
PSAPI.DLL
RASMNGR.EXE
RAVMOND.EXE
RB.EXE
SYSTRA.EXE
TASKMANAGR.EXE
UPDATE.EXE
VISUALGUARD.EXE
WFDMGR.EXE
WIN32.EXE
WIN32US.EXE
WINACTIVE.EXE
WIN-BUGSFIX.EXE
WINDOW.EXE
WINDOWS.EXE
WININETD.EXE
WININIT.EXE
WININITX.EXE
WINLOGIN.EXE
WINMAIN.EXE
WINPPR32.EXE
WINRECON.EXE
WINSHOST.EXE
WINSSK32.EXE
WINSTART.EXE
WINSTART001.EXE
WINTSK32.EXE
WINUPDATE.EXE
WKUFIND.EXE
WNAD.EXE
WNT.EXE
WOWPOS32.EXE
WRADMIN.EXE
WRCTRL.EXE
WUAMGA.EXE
WUAMGRD.EXE
WUPDATER.EXE
WUPDT.EXE
WYVERNWORKSFIREWALL.EXE
XPF202EN.EXE
ZAPRO.EXE
ZAPSETUP3001.EXE
ZATUTOR.EXE
ZONALM2601.EXE
ZONEALARM.EXE
¸¶Áö¸·À¸·Î hosts ÆÄÀÏÀ» ¼öÁ¤ÇÏ¿© º¸¾È½ÎÀÌÆ®ÀÇ Á¢¼ÓÀ» ¹æÇØ ÇÑ´Ù.
avp.com
ca.com
customer.symantec.com
dispatch.mcafee.com
download.mcafee.com
downloads-eu1.kaspersky-labs.com
downloads-us1.kaspersky-labs.com
downloads1.kaspersky-labs.com
downloads2.kaspersky-labs.com
downloads3.kaspersky-labs.com
downloads4.kaspersky-labs.com
f-secure.com
kaspersky-labs.com
kaspersky.com
liveupdate.symantec.com
liveupdate.symantecliveupdate.com
mast.mcafee.com
mcafee.com
microsoft.com
my-etrust.com
nai.com
networkassociates.com
oxyd.fr
pandasoftware.com
rads.mcafee.com
secure.nai.com
securityresponse.symantec.com
sophos.com
symantec.com
t35.com
t35.net
trendmicro.com
update.symantec.com
updates.symantec.com
us.mcafee.com
viruslist.com
virustotal.com
www.avp.com
www.ca.com
www.f-secure.com
www.grisoft.com
www.kaspersky.com
www.mcafee.com
www.microsoft.com
www.my-etrust.com
www.nai.com
www.networkassociates.com
www.oxyd.fr
www.pandasoftware.com
www.sophos.com
www.symantec.com
www.t35.com
www.t35.net
www.trendmicro.com
www.viruslist.com
www.virustotal.com
|
Ä¡·á ¹æ¹ý |
Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.
¸¶ÀÌÅ©·Î ¼ÒÇÁÆ® MS05-039 º¸¾ÈÆÐÄ¡°¡ ¾ÈµÈ »ç¿ëÀÚ´Â
´ÙÀ½ ¸µÅ©¿¡¼ ÇØ´ç ¿î¿µÃ¼Á¦¿¡ ¸Â´Â º¸¾ÈÆÐÄ¡¸¦ ¹Þ¾Æ ¼³Ä¡ ÇØ¾ß ÇÑ´Ù.
MS05-039 º¸¾ÈÆÐÄ¡ ÆäÀÌÁö ¼³¸í(ÇѱÛ)
[Âü°í]
¸¶ÀÌÅ©·Î ¼ÒÇÁÆ® »ç¿¡¼´Â ³×Æ®¿÷ º¸¾È Ãë¾àÁ¡¿¡ ´ëÇÑ °Ë»ç¸¦ ½ÇÇàÇØ ÁÖ´Â MBSA(Microsoft Baseline Security Analyzer)
ÇÁ·Î±×·¥À» Á¦°øÇÏ°í ÀÖÀ¸¹Ç·Î È®ÀÎÇØ º¸±â ¹Ù¶õ´Ù.
http://www.microsoft.com/korea/technet/security/tools/Tools/MBSAhome.asp
|
Á÷Á¢Ä¡·á¹æ¹ý |
|
|
|
|
|