|
|
|
|
¹ÙÀÌ·¯½º
À̸§ |
W32/Mytob.53374@mm |
¹ÙÀÌ·¯½º
Á¾·ù |
Worm |
½ÇÇà
ȯ°æ |
Windows |
Á¦ÀÛÁö |
ºÒºÐ¸í |
¹ß°ßÀÏ |
20050605 |
¹ÙÀÌ·¯½ºÅ©±â |
53,374 Byte |
¸ÞÀÏ
Á¦¸ñ |
Account Alert ¿Ü ´Ù¼ö |
÷ºÎÆÄÀÏ |
email-info.zip ¿Ü ´Ù¼ö |
¹ÙÀÌ·¯½º Áõ»ó |
ÀÌ ¿úÀº À̸ÞÀÏÀ» ÅëÇÏ¿© ÀüÆĵǸç, ÀÚü SMTP ¿£ÁøÀ» ÀÌ¿ëÇÑ´Ù.
[¸ÞÀÏ Á¦¸ñ]
´ÙÀ½ Áß¿¡¼ ¼±ÅõȴÙ.
*DETECTED* Online User Violation
*WARNING* Your Email Account Will Be Closed
:Notice: **Last Warning**
Account Alert
Email Account Suspension
Important Notification
Notice of account limitation
Security measures
Your Email Account is Suspended For Security Reasons
[¸ÞÀÏ ³»¿ë]
´ÙÀ½ Áß¿¡¼ ¼±ÅõȴÙ.
Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.
Please read the attached document and follow it''s instructions.
The original message has been included as an attachment.
We attached some important information regarding your account.
We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.
[÷ºÎÆÄÀÏ]
À̸§ Àº ´ÙÀ½ ¸®½ºÆ®¿¡¼ ¼±Åà µÈ´Ù.
account-details
document
email-doc
email-info
information
info-text
instructions
body
doc
text
È®ÀåÀÚ´Â ´ÙÀ½°ú °°´Ù.
BAT
CMD
EXE
PIF
SCR
ZIP
[Ư¡]
¿úÀÌ ½ÇÇàµÇ¸é ´ÙÀ½°ú °°ÀÌ À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Wint\system32, win XP : c:\windows\system32)
¿¡ Lien Van de Kelder.exe ÆÄÀÏÀ» »ý¼ºÇÑ´Ù.
¶ÇÇÑ, ´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡
http://www.lienvandekelder.be = "We Love Lien Van de Kelder.exe"
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Ç׸ñ¿¡
http://www.lienvandekelder.be = "We Love Lien Van de Kelder.exe"
¸¦ ±â·ÏÇÑ´Ù.
windows xp ¿¡¼´Â firwall ¼³Á¤¿¡ °ü°èµÈ ´ÙÀ½ ·¹Áö½ºÆ®¸®¸¦ ¼öÁ¤ÇÑ´Ù.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess
Start = "4"
¸¦ ±â·ÏÇÑ´Ù.
À̸ÞÀÏ ÁÖ¼Ò´Â ´ÙÀ½ È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ¿¡¼ ÃßÃâ ÇÑ´Ù.
ADB
ASP
DBX
HTM
PHP
SHT
TBB
WAB
´ÙÀ½ ¹®ÀÚ¿À» Æ÷ÇÔÇÑ ¸ÞÀÏÁּҷδ °¨¿°µÈ ¸ÞÀÏÀ» º¸³»Áö ¾Ê´Â´Ù.
acketst
arin.
be_loyal:
berkeley
borlan
example
google
hotmail
ibm.com
icrosof
inpris
isc.o
isi.e
kernel
linux
mit.e
mozilla
mydomai
nodomai
panda
postmaster
rfc-ed
ripe.
ruslis
samples
secur
sendmail
sopho
tanford.e
usenet
utgers.ed
webmaster
¸¶Áö¸·À¸·Î Hosts ÆÄÀÏÀ» ¼öÁ¤ÇÏ¿© ƯÁ¤ ÁÖ¼Ò·Î Á¢¼ÓÀ» ¹æÇØ ÇÑ´Ù.
³»¿ëÀº ´ÙÀ½°ú °°´Ù.
127.0.0.1 avp.com
127.0.0.1 ca.com
127.0.0.1 customer.symantec.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mast.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 nai.com
127.0.0.1 networkassociates.com
127.0.0.1 rads.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 sophos.com
127.0.0.1 symantec.com
127.0.0.1 trendmicro.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 viruslist.com
127.0.0.1 www.avp.com
127.0.0.1 www.ca.com
127.0.0.1 www.f-secure.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.mcafee.com
127.0.0.1 www.microsoft.com
127.0.0.1 www.my-etrust.com
127.0.0.1 www.nai.com
127.0.0.1 www.networkassociates.com
127.0.0.1 www.sophos.com
127.0.0.1 www.symantec.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.viruslist.com |
Ä¡·á ¹æ¹ý |
Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.
¸¶ÀÌÅ©·Î ¼ÒÇÁÆ® MS04-011 º¸¾ÈÆÐÄ¡¿Í MS04-026°¡ ¾ÈµÈ »ç¿ëÀÚ´Â
´ÙÀ½ ¸µÅ©¿¡¼ ÇØ´ç ¿î¿µÃ¼Á¦¿¡ ¸Â´Â º¸¾ÈÆÐÄ¡¸¦ ¹Þ¾Æ ¼³Ä¡ ÇØ¾ß ÇÑ´Ù.
MS04-011 º¸¾ÈÆÐÄ¡ ÆäÀÌÁö ¼³¸í(ÇѱÛ)
MS03-039 º¸¾ÈÆÐÄ¡ ÆäÀÌÁö ¼³¸í(ÇѱÛ)
|
Á÷Á¢Ä¡·á¹æ¹ý |
|
|
|
|
|