|
|
|
|
¹ÙÀÌ·¯½º
À̸§ |
Worm-W32/IRCBot.103832 |
¹ÙÀÌ·¯½º
Á¾·ù |
Worm |
½ÇÇà
ȯ°æ |
Windows |
Á¦ÀÛÁö |
ºÒºÐ¸í |
¹ß°ßÀÏ |
20041108 |
¹ÙÀÌ·¯½ºÅ©±â |
103,832 byte |
¸ÞÀÏ
Á¦¸ñ |
|
÷ºÎÆÄÀÏ |
|
¹ÙÀÌ·¯½º Áõ»ó |
ºñÁÖ¾ó C++·Î ÀÛ¼ºµÈ ÀÌ ¿úÀº À©µµ¿ì º¸¾È º¸¾ÈÃë¾àÁ¡°ú À©µµ¿ì °øÀ¯ Æú´õ, ±×¸®°í ¾ÏÈ£°¡ ¼³Á¤µÇÁö ¾ÊÀº NT Ä¿³Î À©µµ¿ì¸¦ ÅëÇØ ÀüÆĵȴÙ.
Ư¡À¸·Î´Â ÇØ¿Ü À¯¸íÇÑ º¸¾È¾÷ü ½ÎÀÌÆ®¿Í ¾÷µ¥ÀÌÆ® ½ÎÀÌÆ®ÀÇ Á¢¼ÓÀ» ¹æÇØ Çϸç, ¹é½Å ¼ÒÇÁÆ®¿þ¾îÀÇ
ÇÁ·Î¼¼½º¸¦ °Á¦·Î Á¾·á ÇÏ´Â ±â´ÉÀ» žÀçÇÏ°í ÀÖ´Ù.
[Ư¡]
½ÇÇà½Ã ƯÁ¤ IRC ¼¹ö·Î ¿¬°áµÇ°Ô µÇ´Âµ¥ À̶§ À©µµ¿ì CD key, ½Ã½ºÅÛ Á¤º¸, ³×Æ®¿÷ Á¤º¸ ¹×
ÀϹÝÀûÀÎ ÇØÅ· È°µ¿ÀÎ CD-Rom ¿°í ´Ý±â, ÇÁ·Î¼¼½º °Á¦ Á¾·á, ¸ÞÀÏÁÖ¼Ò ¼öÁý, ÆÄÀÏ ½ÇÇà¹× »èÁ¦ µîµîÀ»
ÇÒ¼ö ÀÖ´Ù.
±×¸®°í À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Winnt\system32, win XP : c:\windows\system32, win 95/98/me : c:\windows\system)¿¡
bcvsrv32.exe (103,832 byte) ¸¦ »ý¼º ÇÏ°í
´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡
Bcvsrv32 = bcvsrv32.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run \RunServices\
Ç׸ñ¿¡
Bcvsrv32 = bcvsrv32.exe
ƯÈ÷ ¾ÈƼ ¹ÙÀÌ·¯½º¹× º¸¾È ½ÎÀÌÆ®¿¡ Á¢¼ÓÀ» ¹æÇØÇÏ´Â ¹æ½ÄÀ¸·Î À©µµ¿ìÀÇ hosts ÆÄÀÏÀ» Á¶ÀÛÇÏ°Ô µÈ´Ù.
(Á¤»óÀûÀÎ hostsÀÇ ¿¹)
# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ''#'' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
(¿úÀÌ ¹Ù²Û hosts ÆÄÀÏÀÇ ¿¹)
127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.fastclick.net
127.0.0.1 ads.fastclick.net
127.0.0.1 ar.atwola.com
127.0.0.1 atdmt.com
127.0.0.1 avp.ch
127.0.0.1 avp.com
127.0.0.1 avp.ru
127.0.0.1 awaps.net
127.0.0.1 banner.fastclick.net
127.0.0.1 banners.fastclick.net
127.0.0.1 ca.com
127.0.0.1 click.atdmt.com
127.0.0.1 clicks.atdmt.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 download.microsoft.com
127.0.0.1 downloads.microsoft.com
127.0.0.1 engine.awaps.net
127.0.0.1 fastclick.net
127.0.0.1 f-secure.com
127.0.0.1 ftp.f-secure.com
127.0.0.1 ftp.sophos.com
127.0.0.1 go.microsoft.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 mast.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 media.fastclick.net
127.0.0.1 msdn.microsoft.com
127.0.0.1 my-etrust.com
127.0.0.1 nai.com
127.0.0.1 networkassociates.com
127.0.0.1 office.microsoft.com
127.0.0.1 phx.corporate-ir.net
127.0.0.1 secure.nai.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 service1.symantec.com
127.0.0.1 sophos.com
127.0.0.1 spd.atdmt.com
127.0.0.1 support.microsoft.com
127.0.0.1 symantec.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 vil.nai.com
127.0.0.1 viruslist.ru
127.0.0.1 windowsupdate.microsoft.com
127.0.0.1 www.avp.ch
127.0.0.1 www.avp.com
127.0.0.1 www.avp.ru
127.0.0.1 www.awaps.net
127.0.0.1 www.ca.com
127.0.0.1 www.fastclick.net
127.0.0.1 www.f-secure.com
127.0.0.1 www.kaspersky.ru
127.0.0.1 www.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 www.nai.com
127.0.0.1 www.networkassociates.com
127.0.0.1 www.sophos.com
127.0.0.1 www.symantec.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.viruslist.ru
127.0.0.1 www3.ca.com
|
Ä¡·á ¹æ¹ý |
Åͺ¸¹é½ÅAi, Åͺ¸¹é½Å Online, Åͺ¸¹é½Å 2001 Á¦Ç°±ºÀ¸·Î Ä¡·á°¡´É.
Ä¡·á ÈÄ [½ÃÀÛ]->Windows Update ¸Þ´º¸¦ ÀÌ¿ëÇÏ¿©
À©µµ¿ì ¿î¿µÃ¼Á¦ ÀÚüÀÇ º¸¾ÈÆÐÄ¡¸¦ ÇØ Áֽñ⠹ٶø´Ï´Ù.
*Lsass Vulnerability MS04-011
--> http://www.microsoft.com/korea/technet/security/bulletin/MS04-011.asp
*RPC DCOM2 Vulnerability MS03-039
--> http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp
*RPC DCOM Vulnerability MS03-026
--> http://www.microsoft.com/korea/technet/security/bulletin/MS03-026.asp
*RPC Locator Vulnerability MS03-001
--> http://www.microsoft.com/korea/technet/security/bulletin/MS03-001.asp
*UPnP (Universal Plug and Play) Vulnerability MS01-054
--> http://www.microsoft.com/korea/technet/security/bulletin/MS01-054.asp
°£ÆíÇÑ ÆÐÄ¡¿¡ ´ëÇÑ ¼³¸íÀº ´ÙÀ½ ¹ÙÀÌ·¯½ºÄ®·³À» È®ÀÎÇØ Áֽñ⠹ٶø´Ï´Ù.
http://www.everyzone.com/service/info/content.asp?part=tbl_viruscolumn&id=20&GotoPage=1&block=&number=
º¸´Ù ÀÚ¼¼ÇÑ ¼³¸íÀº ´ÙÀ½ ¸µÅ©¸¦ È®ÀÎÇØ Áֽʽÿä.
http://www.everyzone.com/service/bbs/faq/content.asp?part=everyzone_faq&menu=0&id=22&GotoPage=3&block=0&number=
|
Á÷Á¢Ä¡·á¹æ¹ý |
|
|
|
|
|