PC¼¼ÀÌÆÛ ºü¸¥ ¸Þ´º


 PC¼¼ÀÌÆÛ ¸Þ´º ¾È³»
PC¼¼ÀÌÆÛ È¨
·Î±×ÀÎ (À¯·á»ç¿ëÀÚ)
ÇÁ·Î±×·¥ ¼Ò°³
ÇÁ·Î±×·¥ °¡À̵å
 - ±¸¸Å¹æ¹ý
 - »óÇ°±Ç°áÁ¦
 - ÀÚµ¿°áÁ¦ Ãë¼Ò
 - °Ë»ç¤ýÄ¡·á¹æ¹ý
 - ȯ°æ¼³Á¤
 - ÆÄÀϺ¹¿ø
¾Ç¼ºÄÚµå? ¹ÙÀÌ·¯½º?
 - ¾Ç¼ºÄÚµå¶õ?
 - ¹ÙÀÌ·¯½º¶õ?
 - ºÒÇÊ¿äÇÑ Á¤º¸¶õ?
º¸¾ÈÁ¤º¸
 - º¸¾ÈÄ®·³
 - MSº¸¾È±Ç°í¹®
°í°´Áö¿ø
 - °øÁö»çÇ×
 - ÀǽɵǴ ÆÄÀϽŰí
 - ÀæÀº Áú¹®¤ý´äº¯
 - 1:1»ó´ã

¹ÙÀÌ·¯½º À̸§ W32/Mytob.53374@mm ¹ÙÀÌ·¯½º Á¾·ù Worm
½ÇÇà ȯ°æ Windows Á¦ÀÛÁö ºÒºÐ¸í
¹ß°ßÀÏ 20050605 ¹ÙÀÌ·¯½ºÅ©±â 53,374 Byte
¸ÞÀÏ Á¦¸ñ Account Alert ¿Ü ´Ù¼ö
÷ºÎÆÄÀÏ email-info.zip ¿Ü ´Ù¼ö
¹ÙÀÌ·¯½º Áõ»ó
ÀÌ ¿úÀº À̸ÞÀÏÀ» ÅëÇÏ¿© ÀüÆĵǸç, ÀÚü SMTP ¿£ÁøÀ» ÀÌ¿ëÇÑ´Ù.


[¸ÞÀÏ Á¦¸ñ]

´ÙÀ½ Áß¿¡¼­ ¼±ÅõȴÙ.

*DETECTED* Online User Violation

*WARNING* Your Email Account Will Be Closed

:Notice: **Last Warning**

Account Alert

Email Account Suspension

Important Notification

Notice of account limitation

Security measures

Your Email Account is Suspended For Security Reasons

[¸ÞÀÏ ³»¿ë]

´ÙÀ½ Áß¿¡¼­ ¼±ÅõȴÙ.

Once you have completed the form in the attached file , your account records will not be interrupted and will continue as normal.

Please read the attached document and follow it''s instructions.

The original message has been included as an attachment.

We attached some important information regarding your account.

We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.

[÷ºÎÆÄÀÏ]

À̸§ Àº ´ÙÀ½ ¸®½ºÆ®¿¡¼­ ¼±Åà µÈ´Ù.

account-details
document
email-doc
email-info
information
info-text
instructions
body
doc
text

È®ÀåÀÚ´Â ´ÙÀ½°ú °°´Ù.
BAT
CMD
EXE
PIF
SCR
ZIP


[Ư¡]

¿úÀÌ ½ÇÇàµÇ¸é ´ÙÀ½°ú °°ÀÌ À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Wint\system32, win XP : c:\windows\system32)
¿¡ Lien Van de Kelder.exe ÆÄÀÏÀ» »ý¼ºÇÑ´Ù.

¶ÇÇÑ, ´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡

http://www.lienvandekelder.be = "We Love Lien Van de Kelder.exe"


HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Ç׸ñ¿¡

http://www.lienvandekelder.be = "We Love Lien Van de Kelder.exe"

¸¦ ±â·ÏÇÑ´Ù.

windows xp ¿¡¼­´Â firwall ¼³Á¤¿¡ °ü°èµÈ ´ÙÀ½ ·¹Áö½ºÆ®¸®¸¦ ¼öÁ¤ÇÑ´Ù.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess

Start = "4"

¸¦ ±â·ÏÇÑ´Ù.

À̸ÞÀÏ ÁÖ¼Ò´Â ´ÙÀ½ È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ¿¡¼­ ÃßÃâ ÇÑ´Ù.

ADB
ASP
DBX
HTM
PHP
SHT
TBB
WAB

´ÙÀ½ ¹®ÀÚ¿­À» Æ÷ÇÔÇÑ ¸ÞÀÏÁּҷδ °¨¿°µÈ ¸ÞÀÏÀ» º¸³»Áö ¾Ê´Â´Ù.

acketst
arin.
be_loyal:
berkeley
borlan
example
google
hotmail
ibm.com
icrosof
inpris
isc.o
isi.e
kernel
linux
mit.e
mozilla
mydomai
nodomai
panda
postmaster
rfc-ed
ripe.
ruslis
samples
secur
sendmail
sopho
tanford.e
usenet
utgers.ed
webmaster


¸¶Áö¸·À¸·Î Hosts ÆÄÀÏÀ» ¼öÁ¤ÇÏ¿© ƯÁ¤ ÁÖ¼Ò·Î Á¢¼ÓÀ» ¹æÇØ ÇÑ´Ù.
³»¿ëÀº ´ÙÀ½°ú °°´Ù.

127.0.0.1 avp.com
127.0.0.1 ca.com
127.0.0.1 customer.symantec.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 mast.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 nai.com
127.0.0.1 networkassociates.com
127.0.0.1 rads.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 sophos.com
127.0.0.1 symantec.com
127.0.0.1 trendmicro.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 viruslist.com
127.0.0.1 www.avp.com
127.0.0.1 www.ca.com
127.0.0.1 www.f-secure.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.mcafee.com
127.0.0.1 www.microsoft.com
127.0.0.1 www.my-etrust.com
127.0.0.1 www.nai.com
127.0.0.1 www.networkassociates.com
127.0.0.1 www.sophos.com
127.0.0.1 www.symantec.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.viruslist.com
Ä¡·á ¹æ¹ý Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.


¸¶ÀÌÅ©·Î ¼ÒÇÁÆ® MS04-011 º¸¾ÈÆÐÄ¡¿Í MS04-026°¡ ¾ÈµÈ »ç¿ëÀÚ´Â ´ÙÀ½ ¸µÅ©¿¡¼­ ÇØ´ç ¿î¿µÃ¼Á¦¿¡ ¸Â´Â º¸¾ÈÆÐÄ¡¸¦ ¹Þ¾Æ ¼³Ä¡ ÇØ¾ß ÇÑ´Ù.
MS04-011 º¸¾ÈÆÐÄ¡ ÆäÀÌÁö ¼³¸í(ÇѱÛ)

MS03-039 º¸¾ÈÆÐÄ¡ ÆäÀÌÁö ¼³¸í(ÇѱÛ)

Á÷Á¢Ä¡·á¹æ¹ý