PC¼¼ÀÌÆÛ ºü¸¥ ¸Þ´º


 PC¼¼ÀÌÆÛ ¸Þ´º ¾È³»
PC¼¼ÀÌÆÛ È¨
·Î±×ÀÎ (À¯·á»ç¿ëÀÚ)
ÇÁ·Î±×·¥ ¼Ò°³
ÇÁ·Î±×·¥ °¡À̵å
 - ±¸¸Å¹æ¹ý
 - »óÇ°±Ç°áÁ¦
 - ÀÚµ¿°áÁ¦ Ãë¼Ò
 - °Ë»ç¤ýÄ¡·á¹æ¹ý
 - ȯ°æ¼³Á¤
 - ÆÄÀϺ¹¿ø
¾Ç¼ºÄÚµå? ¹ÙÀÌ·¯½º?
 - ¾Ç¼ºÄÚµå¶õ?
 - ¹ÙÀÌ·¯½º¶õ?
 - ºÒÇÊ¿äÇÑ Á¤º¸¶õ?
º¸¾ÈÁ¤º¸
 - º¸¾ÈÄ®·³
 - MSº¸¾È±Ç°í¹®
°í°´Áö¿ø
 - °øÁö»çÇ×
 - ÀǽɵǴ ÆÄÀϽŰí
 - ÀæÀº Áú¹®¤ý´äº¯
 - 1:1»ó´ã

¹ÙÀÌ·¯½º À̸§ W32/Ratos.27136@mm ¹ÙÀÌ·¯½º Á¾·ù Worm
½ÇÇà ȯ°æ Windows Á¦ÀÛÁö ºÒºÐ¸í
¹ß°ßÀÏ 20040816 ¹ÙÀÌ·¯½ºÅ©±â 27,136 byte
¸ÞÀÏ Á¦¸ñ photos
÷ºÎÆÄÀÏ photos_arc.exe
¹ÙÀÌ·¯½º Áõ»ó
ÀÌ ¿úÀº ºñÁÖ¾ó C++ ·Î ÀÛ¼ºµÇ¾ú°í, UPX ·Î ¾ÐÃàµÇ ÀÖÀ¸¸ç À̸ÞÀÏ·Î ÀüÆĵȴÙ.

[¸ÞÀÏ Á¦¸ñ]

photos


[¸ÞÀÏ ³»¿ë]

LOL!;))))

[÷ºÎÆÄÀÏ]

photos_arc.exe


[Ư¡]

¿úÀÌ ½ÇÇà µÇ¸é À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Winnt\system32, Win XP : c;\windows\sytem32))¿¡
winpsd.exe(27,136 byte), dx32hhec.sys(4,096 byte), dx32hhlp.exe(139,776 byte), dx32hhconf.ini(1,345 byte) ¿Í
À©µµ¿ì Æú´õ((win 2000, NT : c:\Winnt, Win XP : c;\windows) rasor38a.dll(27,136 byte), winvpn32.exe (139,776 byte) ¸¦ »ý¼ºÇÑ´Ù.

¿úÀº ÀÚü SMTP¸¦ ÀÌ¿ëÇÏ¿© °¨¿°µÈ ÆÄÀÏÀÌ Ã·ºÎµÈ À̸ÞÀÏÀ» Àü¼ÛÇÑ´Ù.

¸ÞÀÏÁÖ¼Ò´Â ´ÙÀ½°ú °°Àº È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ¿¡¼­ ÃßÃâÇÑ´Ù.

adb
asp
dbx
htm
php
pl
sht
tbb
txt
wab

±×¸®°í À©µµ¿ìÀÇ hosts ÆÄÀÏÀ» ´ÙÀ½°ú °°ÀÌ º¯°æÇÏ¿© ÇØ´ç À¥¼­¹ö·ÎÀÇ Á¢±ÙÀ» Â÷´ÜÇÑ´Ù.

127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com

¶ÇÇÑ ´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run
Ç׸ñ¿¡

(win2000, NTÀÇ °æ¿ì)
winpsd = C:\WINNT\System32\winpsd.exe

(WinXPÀÇ °æ¿ì)
winpsd = C:\Windows\System32\winpsd.exe


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dx32hhec
Ç׸ñ¿¡

ImagePath = system32\dx32hhec.sys

ƯÈ÷ dx32hhec.sys¿Í dx32help.exe ÆÄÀÏÀº ÀºÆó±â¹ýÀ» »ç¿ëÇÏ¿©

ÇØ´ç ÆÄÀÏÀ» À©µµ¿ì Ž»ö±âµîÀ¸·Î È®ÀÎ ÇÒ ¼ö ¾ø´Ù.
Ä¡·á ¹æ¹ý Åͺ¸¹é½Å Ai, Åͺ¸¹é½Å 2001 ¶Ç´Â Åͺ¸¹é½Å OnlineÀ¸·Î Ä¡·á
°¡´É ÇÕ´Ï´Ù.
Á÷Á¢Ä¡·á¹æ¹ý