PC¼¼ÀÌÆÛ ºü¸¥ ¸Þ´º


 PC¼¼ÀÌÆÛ ¸Þ´º ¾È³»
PC¼¼ÀÌÆÛ È¨
·Î±×ÀÎ (À¯·á»ç¿ëÀÚ)
ÇÁ·Î±×·¥ ¼Ò°³
ÇÁ·Î±×·¥ °¡À̵å
 - ±¸¸Å¹æ¹ý
 - »óÇ°±Ç°áÁ¦
 - ÀÚµ¿°áÁ¦ Ãë¼Ò
 - °Ë»ç¤ýÄ¡·á¹æ¹ý
 - ȯ°æ¼³Á¤
 - ÆÄÀϺ¹¿ø
¾Ç¼ºÄÚµå? ¹ÙÀÌ·¯½º?
 - ¾Ç¼ºÄÚµå¶õ?
 - ¹ÙÀÌ·¯½º¶õ?
 - ºÒÇÊ¿äÇÑ Á¤º¸¶õ?
º¸¾ÈÁ¤º¸
 - º¸¾ÈÄ®·³
 - MSº¸¾È±Ç°í¹®
°í°´Áö¿ø
 - °øÁö»çÇ×
 - ÀǽɵǴ ÆÄÀϽŰí
 - ÀæÀº Áú¹®¤ý´äº¯
 - 1:1»ó´ã

¹ÙÀÌ·¯½º À̸§ Worm-W32/Welchia.12800.B ¹ÙÀÌ·¯½º Á¾·ù Worm
½ÇÇà ȯ°æ Win9x, Win2000, NT Á¦ÀÛÁö ºÒºÐ¸í
¹ß°ßÀÏ 20040213 ¹ÙÀÌ·¯½ºÅ©±â 12,800 Bytes
¸ÞÀÏ Á¦¸ñ
÷ºÎÆÄÀÏ
¹ÙÀÌ·¯½º Áõ»ó
Worm-W32/Blaster ¿Í °°Àº NT °è¿­ÀÇ
DCOM RPC º¸¾ÈÀÇ Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© °¨¿° ÀüÆĵȴÙ.

±×·¯³ª À©µµ¿ìÁî ¾÷µ¥ÀÌÆ® »çÀÌÆ®¿¡¼­ ÇØ´ç OS ¾ð¾îº° DCOM RPC ÆÐÄ¡¸¦
´Ù¿î¹Þ¾Æ ¼³Ä¡ÇÑ ÈÄ¿¡ ÀçºÎÆÃÈÄ W32/Mydoom@mmÀÌ »ý¼ºÇÑ ´ÙÀ½°ú °°Àº ÆÄÀÏÀÌ
Á¸ÀçÇÏ¸é »èÁ¦½Ãµµ¸¦ ÇÑ´Ù.

ctfmon.dll
Explorer.exe
shimgapi.dll
TaskMon.exe

HEKY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡

windows xpÀÇ °æ¿ì : TaskMon = c:\windows\system32\taskmon.exe
window 2000ÀÇ °æ¿ì : TaskMon = c:\winnt\system32\taskmon.exe


¿úÀÌ ½ÇÇà µÇ¸é À©µµ¿ì ½Ã½ºÅÛ ÇÏÀ§ driversÆú´õ(win 2000, NT : c:\winnt\system32\drivers
Windows Xp : c:\windows\system32\drivers)¿¡
svchost.exe(12,800 byte)¸¦ »ý¼ºÇÑ´Ù.

svchost.exe ÆÄÀÏÀº ½Ã½ºÅÛ Æú´õ(c:\winnt\system32)ÀÇ svchost.exe¿Í ´Ù¸¥ ÆÄÀÏÀÌ´Ù.

¶ÇÇÑ ÀÚ½ÅÀ» ¼­ºñ½º·Î µî·Ï µÇ¾î ½ÇÇàÇÒ¼ö ÀÖ°Ô ¾Æ·¡ÀÇ ³»¿ëÀÌ ·¹Áö½ºÆ®¸®¿¡ Ãß°¡ µÈ´Ù.

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WksPatch

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WksPatch

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WksPatch


±×¸®°í °¨¿° ´ë»ó ½Ã½ºÅÛÀ» ã±â À§ÇØ ICMP ¶Ç´Â, PING ½ÅÈ£¸¦ º¸³»°Ô µÇ¸ç,
ÀÌ °úÁ¤¿¡¼­ ³×Æ®¿÷ Æ®·¡ÇÈÀÌ Áõ°¡ÇÏ°Ô µÈ´Ù.

ÀÌ¿úÀº 3°¡Áö Ãë¾àÁ¡°ú ³×°¡Áö Æ÷Æ®¸¦ ÀÌ¿ëÇÏ¿© ½Ã½ºÅÛ ÀÌ»óÀ» ÀÏÀ¸Å°´Âµ¥, ´ÙÀ½°ú °°´Ù.

1. 135¹ø Æ÷Æ®¸¦ ÅëÇؼ­´Â DCOM RPC Ãë¾àÁ¡(http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp)
2. 80¹ø Æ÷Æ®¸¦ ÅëÇؼ­´Â WebDav Ãë¾àÁ¡(http://www.microsoft.com/korea/technet/security/bulletin/MS03-007.asp)
3. TCP 139¹ø°ú 445 Æ÷Æ®¸¦ ÅëÇؼ­´Â Workstation service buffer overrun Ãë¾àÁ¡(http://www.microsoft.com/korea/technet/security/bulletin/MS03-049.asp

¿úÀº À̵é Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© IIS 5.0 ½Ã½ºÅÛÀ» °ø°ÝÇÑ´Ù.

±×¸®°í À©µµ¿ìÁîÀÇ ÄÚµåÆäÀÌÁö¸¦ È®ÀÎ ÇÏ¿© ÀϺ»¾î ÆäÀÌÁö¶ó¸é

IIS Help ¿Í Virtual Roots Æú´õ¿¡ .shtml,.shtm,.stm,.cgi,.php,.html,.htm,.asp

ÆÄÀÏÀ» ´ÙÀ½ÀÇ HTML ÅؽºÆ®·Î °ãÃľ´´Ù.

LET HISTORY TELL FUTURE !

1931.9.18
1937.7.7
1937.12.13 300,000 !

1941.12.7
1945.8.6 Little boy
1945.8.9 Fatso

1945.8.15
Let history tell future !

¶ÇÇÑ ½Ã½ºÅÛ³¯Â¥¸¦ üũÇÏ¿© 2004³â 6¿ù1ÀÏ ÀÌÈÄ¿¡ ½ÇÇàµÇ¸é ÀÚ½ÅÀ» »èÁ¦ÇÑ´Ù.
Ä¡·á ¹æ¹ý Åͺ¸¹é½Å Ai, Åͺ¸¹é½Å 2001 ¶Ç´Â Åͺ¸¹é½Å OnlineÀ¸·Î Ä¡·á
°¡´É ÇÕ´Ï´Ù.

Ä¡·á ÈÄ windows 2000 Server À̻󿡼­ IIS ¼­¹ö¸¦ »ç¿ëÇϽô À¯Àú´Â
±Ùº»ÀûÀÎ ÇØ°áÀ» À§ÇØ ´ÙÀ½ÀÇ À©µµ¿ìÁî º¸¾ÈÆÐÄ¡¸¦ ¼öÇà ÇϽñ⠹ٶø´Ï´Ù.

*WebDAV ÆÐÄ¡
http://www.microsoft.com/korea/technet/security/bulletin/MS03-013.asp

*RPC-DCOM º¸¾ÈÆÐÄ¡ ´Ù¿î·Îµå ¾È³»
http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp

*¿öÅ©½ºÅ×ÀÌ¼Ç ¼­ºñ½ºÀÇ ¹öÆÛ ¿À¹ö·± º¸¾ÈÆÐÄ¡ ´Ù¿î·Îµå ¾È³»
http://www.microsoft.com/korea/technet/security/bulletin/MS03-049.asp
Á÷Á¢Ä¡·á¹æ¹ý