|
|
|
|
¹ÙÀÌ·¯½º
À̸§ |
W32/Mytob.83489@mm |
¹ÙÀÌ·¯½º
Á¾·ù |
Worm |
½ÇÇà
ȯ°æ |
Windows |
Á¦ÀÛÁö |
ºÒºÐ¸í |
¹ß°ßÀÏ |
20050731 |
¹ÙÀÌ·¯½ºÅ©±â |
83,489 Byte |
¸ÞÀÏ
Á¦¸ñ |
Notice of account limitation ¿Ü ´Ù¼ö |
÷ºÎÆÄÀÏ |
information.zip ¿Ü ´Ù¼ö |
¹ÙÀÌ·¯½º Áõ»ó |
ÀÌ ¿úÀº À̸ÞÀÏÀ» ÅëÇÏ¿© ÀüÆĵǸç,
°¨¿°µÈ ¸ÞÀϹ߼Û, TCP 6667 ¹ø Æ÷Æ®¸¦ ¿ÀÇ ÇÏ¿© irc ¼¹ö·ÎÀÇ ¿¬°áÀ» ½Ãµµ ÇÑ´Ù.
[¸ÞÀÏ Á¦¸ñ]
´ÙÀ½ Áß¿¡¼ ¼±ÅõȴÙ.
*DETECTED* Online User Violation
*WARNING* Your email account is suspended
Email Account Suspension
Important Notification
Members Support
Notice of account limitation
Security measures
Warning Message: Your services near to be closed.
We have suspended your account
You are banned!!!
Your Account is Suspended
Your Account is Suspended For Security Reasons
[¸ÞÀÏ ³»¿ë]
Dear {µµ¸ÞÀÎ ÁÖ¼Ò} Member,
Your e-mail account was used to send a huge amount of unsolicited
spam messages during the recent week.
If you could please take 5-10 minutes out of your online experience
and confirm the attached document so you will not run into
any future problems with the online service.
Virtually yours,
The {µµ¸ÞÀÎ ÁÖ¼Ò} Support Team
-----------------------------------
Dear {µµ¸ÞÀÎ} Member,
We have temporarily suspended your email account {¸ÞÀÏÁÖ¼Ò}.
This might be due to either of the following reasons:
1. A recent change in your personal information (i.e. change of address).
2. Submiting invalid information during the initial sign up process.
3. An innability to accurately verify your selected option of subscription due to an internal error within our processors.
See the attached details to reactivate your {µµ¸ÞÀÎ} account.
Sincerely,The {µµ¸ÞÀÎ} Support Team
----------------------------------------
Some information about your {µµ¸ÞÀÎ} account is attached.
The {µµ¸ÞÀÎ} Support Team
[÷ºÎÆÄÀÏ]
À̸§ Àº ´ÙÀ½ ¸®½ºÆ®¿¡¼ ¼±Åà µÈ´Ù.
account-details.zip
account-info.zip
account-report.zip
document.zip
email-details.zip
important-details.zip
information.zip
readme.zip
¾ÐÃàÆÄÀÏÀ» Ç®¸é ±ä °ø¹é»çÀÌ·Î ´ÙÀ½°ú °°Àº È®ÀåÀÚ°¡ ºÙ´Â´Ù.
ù¹ø° È®ÀåÀÚ
doc, htm, tmp, txt
µÎ¹ø° ÆÄÀÏ È®ÀåÀÚ
bat, cmd, exe, pif, scr
[Ư¡]
¿úÀÌ ½ÇÇàµÇ¸é ´ÙÀ½°ú °°ÀÌ À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Wint\system32, win XP : c:\windows\system32)
¿¡ wrmana32.exe ÆÄÀÏÀ» »ý¼ºÇÑ´Ù.
¶ÇÇÑ, ´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡
"Windows NetDDe" = "wrmana32.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Ç׸ñ¿¡
"Windows NetDDe" = "wrmana32.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Ç׸ñ¿¡
"Windows NetDDe" = "wrmana32.exe"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce
Ç׸ñ¿¡
"Windows NetDDe" = "wrmana32.exe"
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡
"Windows NetDDe" = "wrmana32.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce
Ç׸ñ¿¡
"Windows NetDDe" = "wrmana32.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡
"Windows NetDDe" = "wrmana32.exe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHIT\0000\Control
Ç׸ñ¿¡
"*NewlyCreated*" = "0x00000000"
"ActiveService" = "shit"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHIT\0000
Ç׸ñ¿¡
"Service" = "shit"
"Legacy" = "0x00000001"
"ConfigFlags" = "0x00000000"
"Class" = "LegacyDriver"
"ClassGUID" = "{8ECC055D-047F-11D1-A537-0000F8753ED1}"
"DeviceDesc" = "Windows NetDDe"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHIT
Ç׸ñ¿¡
"NextInstance" = "0x00000001"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\shit\Enum
Ç׸ñ¿¡
"0" = "Root\LEGACY_SHIT\0000"
"Count" = "0x00000001"
"NextInstance" = "0x00000001"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\shit
Ç׸ñ¿¡
"Type" = "0x00000020"
"Start" = "00000004"
"ErrorControl" = "0x00000001"
"ImagePath" = "C:\WINNT\System32\wrmana32.exe" -netsvcs"
"DisplayName" = "Windows NetDDe"
"ObjectName" = "LocalSystem"
"FailureActions" = "FF FF FF FF 00 00 00 00 00 00 00 00 01 00 00 00 00 07 09 00 01 00 00 00 01 00 00 00"
"DeleteFlag" = "0x00000001"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\shit\Security
Ç׸ñ¿¡
"Security" = "01 00 14 80 A0 00 00 00 AC 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 70 00 04 00 00 00 00 00 18 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 A5 4E 00 0C 00 00 1C 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 29 6B 99 DE 00 00 18 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 20 02 00 00 00 00 1C 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 29 6B 99 DE 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00"
¸¦ ±â·ÏÇÑ´Ù.
±×¸®°í ´ÙÀ½°ú °°Àº Å°°ªÀ» »ý¼ºÇÑ´Ù.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHIT
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\shit
¼ºñ½º Ç׸ñ¿¡ µî·ÏµÉ ¶§¿¡´Â Shit¸¦ µð½ºÇ÷¹À̳×ÀÓÀº Windows NetDDe¸¦ »ç¿ëÇÑ´Ù.
À̸ÞÀÏ ÁÖ¼Ò´Â ´ÙÀ½ È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ¿¡¼ ÃßÃâ ÇÑ´Ù.
ADB
ASP
CGI
DBX
HTM
HTML
JSP
PHP
SHT
TBB
XML
´ÙÀ½ ¹®ÀÚ¿À» Æ÷ÇÔÇÑ ¸ÞÀÏÁּҷδ °¨¿°µÈ ¸ÞÀÏÀ» º¸³»Áö ¾Ê´Â´Ù.
abuse
accoun
acketst
admin
anyone
arin
avp
berkeley
borlan
bugs
ca
certific
contact
example
feste
fido
foo
gold-certs
google
gov
gov
help
hotmail
iana
ibm.com
icrosof
icrosoft
ietf
info
inpris
isc.o
isi.e
kernel
linux
listserv
math
me
mil
mozilla
msn
mydomai
no
nobody
nodomai
noone
not
nothing
ntivi
page
panda
pgp
postmaster
privacy
rating
rfc-ed
ripe
root
ruslis
samples
secur
sendmail
service
site
soft
somebody
someone
sopho
spam
spm
submit
support
syma
tanford.e
the.bat
unix
usenet
utgers.ed
webmaster
you
your
´ÙÀ½ ¹®ÀÚ¸¦ Æ÷ÇÔÇÑ ¸ÞÀÏÁּҷδ °¨¿°µÈ ¸ÞÀÏÀ» Àü¼ÛÇÏÁö ¾Ê´Â´Ù.
abuse
accoun
acketst
admin
administrator
anyone
arin.
be_loyal:
berkeley
borlan
certific
contact
example
feste
gold-certs
google
hotmail
ibm.com
icrosof
icrosoft
inpris
isc.o
isi.e
kernel
linux
linux
listserv
mit.e
mozilla
mydomai
nobody
nodomai
noone
nothing
ntivi
panda
postmaster
privacy
rating
register
rfc-ed
ripe.
ruslis
samples
secur
secur
sendmail
service
service
somebody
someone
sopho
submit
support
system
tanford.e
the.bat
usenet
utgers.ed
virusalert
webmaster
¸¶Áö¸·À¸·Î TCP TCP 6667 Æ÷Æ®¸¦ ÀÌ¿ëÇÏ¿© ƯÁ¤ ¼¹ö¿¡ Á¢¼ÓÀ» ½ÃµµÇÑ´Ù.
|
Ä¡·á ¹æ¹ý |
Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.
¸¶ÀÌÅ©·Î ¼ÒÇÁÆ® MS04-011 º¸¾ÈÆÐÄ¡¿Í MS04-026°¡ ¾ÈµÈ »ç¿ëÀÚ´Â
´ÙÀ½ ¸µÅ©¿¡¼ ÇØ´ç ¿î¿µÃ¼Á¦¿¡ ¸Â´Â º¸¾ÈÆÐÄ¡¸¦ ¹Þ¾Æ ¼³Ä¡ ÇØ¾ß ÇÑ´Ù.
MS04-011 º¸¾ÈÆÐÄ¡ ÆäÀÌÁö ¼³¸í(ÇѱÛ)
MS03-039 º¸¾ÈÆÐÄ¡ ÆäÀÌÁö ¼³¸í(ÇѱÛ)
|
Á÷Á¢Ä¡·á¹æ¹ý |
|
|
|
|
|