|
|
|
|
|
 |
 |
 |
| ÃֽŠ¾÷µ¥ÀÌÆ® ÇöȲ
document.write("2018.07.06.0");
|
|
 |
|
 |
 |
  |
|
| W32/Ratos.27136@mm |
| ¹ÙÀÌ·¯½º Á¾·ù |
Worm |
½ÇÇàȯ°æ |
Windows |
| ¹ß°ßÀÏ |
2004³â08¿ù16ÀÏ |
Á¦ÀÛÁö |
ºÒºÐ¸í |
| À§Çèµî±Þ |
|
È®»ê¹æ¹ý |
|
| ¹ÙÀÌ·¯½º Å©±â |
27,136 byte |
÷ºÎÆÄÀÏ |
photos_arc.exe |
| ¸ÞÀÏÁ¦¸ñ |
photos |
| Áõ»ó¿ä¾à |
|
| Ä¡·á¹æ¹ý |
Åͺ¸¹é½Å Ai, Åͺ¸¹é½Å 2001 ¶Ç´Â Åͺ¸¹é½Å OnlineÀ¸·Î Ä¡·á
°¡´É ÇÕ´Ï´Ù.
  |
 |
ÀÌ ¿úÀº ºñÁÖ¾ó C++ ·Î ÀÛ¼ºµÇ¾ú°í, UPX ·Î ¾ÐÃàµÇ ÀÖÀ¸¸ç À̸ÞÀÏ·Î ÀüÆĵȴÙ.
[¸ÞÀÏ Á¦¸ñ]
photos
[¸ÞÀÏ ³»¿ë]
LOL!;))))
[÷ºÎÆÄÀÏ]
photos_arc.exe
[Ư¡]
¿úÀÌ ½ÇÇà µÇ¸é À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Winnt\system32, Win XP : c;\windows\sytem32))¿¡
winpsd.exe(27,136 byte), dx32hhec.sys(4,096 byte), dx32hhlp.exe(139,776 byte), dx32hhconf.ini(1,345 byte) ¿Í
À©µµ¿ì Æú´õ((win 2000, NT : c:\Winnt, Win XP : c;\windows) rasor38a.dll(27,136 byte), winvpn32.exe (139,776 byte) ¸¦ »ý¼ºÇÑ´Ù.
¿úÀº ÀÚü SMTP¸¦ ÀÌ¿ëÇÏ¿© °¨¿°µÈ ÆÄÀÏÀÌ Ã·ºÎµÈ À̸ÞÀÏÀ» Àü¼ÛÇÑ´Ù.
¸ÞÀÏÁÖ¼Ò´Â ´ÙÀ½°ú °°Àº È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ¿¡¼ ÃßÃâÇÑ´Ù.
adb
asp
dbx
htm
php
pl
sht
tbb
txt
wab
±×¸®°í À©µµ¿ìÀÇ hosts ÆÄÀÏÀ» ´ÙÀ½°ú °°ÀÌ º¯°æÇÏ¿© ÇØ´ç À¥¼¹ö·ÎÀÇ Á¢±ÙÀ» Â÷´ÜÇÑ´Ù.
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com
¶ÇÇÑ ´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run
Ç׸ñ¿¡
(win2000, NTÀÇ °æ¿ì)
winpsd = C:\WINNT\System32\winpsd.exe
(WinXPÀÇ °æ¿ì)
winpsd = C:\Windows\System32\winpsd.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dx32hhec
Ç׸ñ¿¡
ImagePath = system32\dx32hhec.sys
ƯÈ÷ dx32hhec.sys¿Í dx32help.exe ÆÄÀÏÀº ÀºÆó±â¹ýÀ» »ç¿ëÇÏ¿©
ÇØ´ç ÆÄÀÏÀ» À©µµ¿ì Ž»ö±âµîÀ¸·Î È®ÀÎ ÇÒ ¼ö ¾ø´Ù.
|
 |
|
|
 |
| ¹«´ÜÀüÀç¤ý¹èÆ÷±ÝÁö |
- ¿¡ºê¸®Á¸¿¡¼ Á¦°øÇÏ´Â ¸ðµç ÄÁÅÙÃ÷ Á¤º¸¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¿¡ºê¸®Á¸ÀÇ ¼ÒÀ¯ÀÌ¸ç °ü·Ã¹ýÀÇ º¸È£¸¦ ¹Þ½À´Ï´Ù.
- ¿¡ºê¸®Á¸ÀÇ »çÀü Çã°¡ ¾øÀÌ ¿¡ºê¸®Á¸ ÄÁÅÙÃ÷¸¦ ¹«´ÜÀ¸·Î ÀüÀç, ¹èÆ÷¸¦ ±ÝÁöµÇ¾î ÀÖ½À´Ï´Ù.
- À̸¦ À§¹ÝÇÏ´Â °æ¿ì ¼ÕÇعè»óÀÇ ´ë»ó ¶Ç´Â ¹Î.Çü»ç»óÀÇ ¹ýÀû ¼Ò¼Û ´ë»óÀÌ µÉ ¼ö ÀÖ½À´Ï´Ù.
* ¿¡ºê¸®Á¸ Á¤º¸ ÀÌ¿ë ¹®ÀÇ : greenking@everyzone.com |
|
|
