¿¡ºê¸®Á¸¼Ò°³ | Á¦Ç°¼Ò°³ | °í°´¼¾ÅÍ | »çÀÌÆ®¸Ê | Home
°³ÀÎ°í°´ ¿©¼º°í°´ eº¸¾È¸¶ÄÏ À̺¥Æ®
°³ÀÎ°í°´±â¾÷°í°´
º¸¾ÈÁ¢¼Ó IDÀúÀå
AD ¹«·á·Î Ã¥¹Þ¾Æ°¡¼¼¿ä!


 ¸ñ·Ï |  À­±Û |  ¾Æ·§±Û  
Backdoor-W32/RBot.113076
 ¹ÙÀÌ·¯½º Á¾·ù
Backdoor
 ½ÇÇàȯ°æ
Windows
 ¹ß°ßÀÏ
2006³â02¿ù01ÀÏ
 Á¦ÀÛÁö
ºÒºÐ¸í
 À§Çèµî±Þ
À§Çè
 È®»ê¹æ¹ý
³×Æ®¿öÅ©, º¸¾ÈÃë¾àÁ¡
 ¹ÙÀÌ·¯½º Å©±â
113,076 Byte
 Ã·ºÎÆÄÀÏ
 ¸ÞÀÏÁ¦¸ñ
  
 Áõ»ó¿ä¾à
  ÀÌ Backdoor´Â À©µµ¿ì Ãë¾àÁ¡°ú À©µµ¿ì »ç¿ëÀÚ °èÁ¤ÀÇ Ãë¾àÇÑ ¾ÏÈ£¸¦ ÅëÇØ ÀüÆĵȴÙ. ÇØ´ç Backdoor °¡ ½ÇÇàµÇ¸é À©µµ¿ì ½Ã½ºÅÛ Æú´õ¿¡ plscdksx.exe ÆÄÀÏÀ» »ý¼ºÇÏ°í ÀÚ½ÅÀ» ·¹Áö½ºÆ®¸®¿¡ µî·ÏÇÏ¿© À©µµ¿ì ½ÃÀ۽à ÀÚµ¿À¸·Î ½ÇÇàµÇ°Ô ¸¸µç´Ù. ±×¸®°í ƯÁ¤ IRC ¼­¹öÀÇ Ã¤³Î¿¡ Á¢¼ÓÇÏ¿© ¿ÀÆÛ(¹æÀå)°¡ ³»¸®´Â ¸í·É¿¡ µû¶ó ¿©·¯°¡Áö ¾ÇÀÇÀûÀÎ ÀÏÀ» ¼öÇàÇÏ°Ô µÈ´Ù.
 Ä¡·á¹æ¹ý

Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.



  
 
»ó¼¼¼³¸í

*°¨¿° °æ·Î

³×Æ®¿öÅ© °øÀ¯ Æú´õ¿Í, À©µµ¿ì º¸¾ÈÆÐÄ¡ ÇêÁ¡µîÀ» ÀÌ¿ëÇؼ­ ÀüÆÄ¹× ¼³Ä¡µÈ´Ù.

 

MS03-039 RPC DCOM2 Ãë¾àÁ¡ 

 http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp



MS04-011 Microsoft Windows
¿ë º¸¾È ¾÷µ¥ÀÌÆ® Áß LSASS Ãë¾àÁ¡ http://www.microsoft.com/korea/technet/security/bulletin/ms04-011.asp

 

»ç¿ëÀÚ °èÁ¤ÀÇ Ãë¾àÇÑ ¾ÏÈ£¿¡ ÀÇÇØ °¨¿°

 

À©µµ¿ì NT°è¿­(À©µµ¿ì NT,2000,XP)ÀÇ °ü¸® ¸ñÀû °øÀ¯Æú´õ¿¡ ´ëÇÑ »ç¿ëÀÚ ·Î±×ÀÎ °èÁ¤ÀÇ ¾ÏÈ£°¡ Ãë¾àÇÑ °æ¿ì ½Ã½ºÅÛ¿¡ Á¢¼Ó ÈÄ ½ÇÇà. »ç¿ëÀÚ ·Î±×ÀÎ °èÁ¤¿¡ ´ëÀÔÇÏ´Â ¾ÏÈ£ ¸®½ºÆ®´Â ¾Æ·¡¿Í °°´Ù.

 

intranet
winpass
blank
office
control
nokia
siemens
compaq
cisco
orainstall
sqlpassoainstall
db1234
databasepassword
databasepass
dbpassword
dbpass
access
domainpassword
domainpass
domain
hello
bitch
exchange
backup
technical
loginpass
login
katie
george
chris
brian
susan
peter
win2000
winnt
winxp
win2k
win98
windows
oeminstall
oemuser
homeuser
accounting
accounts
internet
outlook
qwerty
server
system
changeme
linux
1234567890
123456789
12345678
1234567
123456
12345
pass1234
passwd
password
password1
oracle
database
default
guest
wwwadmin
teacher
student
owner
computer
staff
admins
administrat
administrateur
administrador
administrator


*Áõ»ó


À©µµ¿ì ½Ã½ºÅÛ Æú´õ¿¡ plscdksx.exe ¶ó´Â ÆÄÀÏÀ» »ý¼ºÇÑ´Ù.

À©µµ¿ì ½Ã½ºÅÛ Æú´õ

 

95/98/ME

 

C:\Windows\System

 

NT/2000

 

C\WinNT\System32

 

XP

 

Windows\System32

 

.


±×¸®°í ·¹Áö½ºÆ®¸®¿¡ ´ÙÀ½ value¸¦ µî·ÏÇØ À©µµ¿ì ±¸µ¿½Ã ÀÚµ¿ ½ÇÇàµÇµµ·Ï ¸¸µç´Ù.



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
¡°program access ¡° = plscdksx.exe



HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
¡°program access ¡° = plscdksx.exe



°¨¿°µÈ ½Ã½ºÅÛÀº TCP ÀÓÀÇÀÇ Æ÷Æ®¸¦ LISTENING »óÅ·Π¿­¾îµÐ´Ù. (»ó´ë·ÎºÎÅÍ Á¢¼ÓÀ» ±â´Ù¸®´Â »óÅÂ)

±× ÈÄ »ç¿ëÀÚ ¸ô·¡ Á¢¼Ó ÇØ ½ºÆÔ ¸ÞÀÏ ¹ß¼Û, ¾Öµå¿þ¾î ¼³Ä¡, µ¥ÀÌÅÍ »èÁ¦, ±×¸®°í °³ÀÎÀÇ ÄÄÇ»ÅÍ »ç¿ë ³»¿ªÀ» ÈÉÃĺ¸°Å³ª °¢Á¾ ÆÄÀÏ(°³ÀÎ ¹®¼­, ±â¹Ð ¹®¼­ µî)À» ¿ÜºÎ·Î »©°¡´Â º¸¾È»ó ¹®Á¦µµ ¹ß»ýÇÒ ¼ö ÀÖÀ½

-¹ÂÅؽº »ý¼º

´ÙÀ½ ¹ÂÅؽº(Mutex)¸¦ »ý¼ºÇØ Áߺ¹ ½ÇÇàÀ» ¹æÁöÇÑ´Ù.

 -
idksx


- °¨¿°µÈ ½Ã½ºÅÛÀº ½ÇÇàÁßÀΠƯÁ¤ ÇÁ·Î¼¼½º¸¦ °­Á¦ Á¾·ù ½ÃŲ´Ù.

ssate.exe
winsys.exe
winupd.exe
SysMonXP.exe
bbeagle.exe
Penis32.exe
mscvb32.exe
sysinfo.exe

µîµî..

 
¿¹¹æ ¹× ¼öµ¿Á¶Ä¡¹æ¹ý
¹«´ÜÀüÀç¤ý¹èÆ÷±ÝÁö
¿¡ºê¸®Á¸¿¡¼­ Á¦°øÇÏ´Â ¸ðµç ÄÁÅÙÃ÷ Á¤º¸¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¿¡ºê¸®Á¸ÀÇ ¼ÒÀ¯ÀÌ¸ç °ü·Ã¹ýÀÇ º¸È£¸¦ ¹Þ½À´Ï´Ù.
¿¡ºê¸®Á¸ÀÇ »çÀü Çã°¡ ¾øÀÌ ¿¡ºê¸®Á¸ ÄÁÅÙÃ÷¸¦ ¹«´ÜÀ¸·Î ÀüÀç, ¹èÆ÷¸¦ ±ÝÁöµÇ¾î ÀÖ½À´Ï´Ù.
À̸¦ À§¹ÝÇÏ´Â °æ¿ì ¼ÕÇعè»óÀÇ ´ë»ó ¶Ç´Â ¹Î.Çü»ç»óÀÇ ¹ýÀû ¼Ò¼Û ´ë»óÀÌ µÉ ¼ö ÀÖ½À´Ï´Ù.
                                                                 * ¿¡ºê¸®Á¸ Á¤º¸ ÀÌ¿ë ¹®ÀÇ : greenking@everyzone.com
 ¸ñ·Ï