·Î±×ÀÎ Çϼ¼¿ä!
¹ÙÀÌ·¯½º °Ë»ö    
 
Home > º¸¾È/¹ÙÀÌ·¯½º Á¤º¸ > ¹ÙÀÌ·¯½º ã±â
[ ¸®½ºÆ®·Î ]
¹ÙÀÌ·¯½º À̸§ Trojan-W32/Kates.18432 ¹ÙÀÌ·¯½º Á¾·ù Trojan
½ÇÇà ȯ°æ Windows Á¦ÀÛÁö ºÒºÐ¸í
¹ß°ßÀÏ 20091019 ¹ÙÀÌ·¯½ºÅ©±â 18432
¸ÞÀÏ Á¦¸ñ ¾øÀ½
÷ºÎÆÄÀÏ

Áõ»ó

- ÆÄÀÏ»ý¼º

±âÁ¸ ÆÄÀÏ¿¡¼­ »óÀ§ Æú´õ¿¡ ·£´ýÆÄÀÏ.(dat, bak, tmp, old) È®ÀåÀÚÀÇ ÆÄÀÏÀ» »ý¼ºÇÕ´Ï´Ù.

- ·¹Áö½ºÆ®¸® »ý¼º

   HKEY_LOCAL_MACHINE

        \SOFTWARE

              \MICROSOFT

                    \WINDOWS NT

                           \CurrentVersion

                                \DRIVERS32

   "MIDI9 = »ý¼º°æ·Î ¹× ÆÄÀϸíÀº ·£´ý, ·£´ýÇÑ ÆĶó¹ÌÅÍ

 

 À§¿¡ ÀÛ¼ºÇÑ Å°°ªÀ¸·Î ÀÎÇØ ºÎÆà ½Ã ¾Ç¼ºÄڵ忡 ÀÇÇØ »ý¼ºµÈ DLLÆÄÀÏÀ» ·ÎµåÇÏ¿© ÇØ´ç ÆÄÀÏÀÌ

  Á¤»óÀûÀ¸·Î  ·ÎµùµÇÁö ¾Ê¾Æ¼­ ¹ß»ýÇÏ´Â ¹®Á¦ÀÔ´Ï´Ù.

   HKEY_LOCAL_MACHINE

       \SOFTWARE

             \MICROSOFT

                   \WINDOWS NT

                         \CurrentVersion

                               \Windows

     AppInit_DLLs="winmm.dll"¿Í LoadAppInit_DLLs = 0x1

     À» »ý¼ºÇÕ´Ï´Ù.

Ä¡·á ¹æ¹ý

 Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.


Á÷Á¢Ä¡·á¹æ¹ý


< ¿¹¹æ >


1. Åͺ¸¹é½ÅAi, Åͺ¸¹é½Å Online, Åͺ¸¹é½Å 2001, , Åͺ¸¹é½ÅIS Á¦Ç°±ºÀ¸·Î Ä¡·á ¹× ¿¹¹æ°¡´ÉÇÕ´Ï´Ù.


2. À©µµ¿ì º¸¾È ÆÐÄ¡¸¦ Ç×»ó ÃֽŹöÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÕ´Ï´Ù.


¾Æ·¡ÀÇ ¾÷µ¥ÀÌÆ® ¸ñ·ÏÀº ÇØ´ç ¾Ç¼ºÄڵ尡 »ðÀÔµÈ À¥ÆäÀÌÁö¿¡¼­ ÀÌ¿ëÇÑ Ãë¾àÁ¡ ¸®½ºÆ® ÀÔ´Ï´Ù.


- MS Internet Explorer 7 Video ActiveX Remote Buffer Overflow Exploit (MS09-032)
(http://www.microsoft.com/korea/technet/security/bulletin/MS06-014.mspx)


- Internet Explorer Uninitialized Memory Corruption Vulnerability (MS09-002)
(http://www.microsoft.com/korea/technet/security/bulletin/MS09-002.mspx)


- Internet Explorer (MDAC) Remote Code Execution Exploit (MS06-014)
(http://www.microsoft.com/korea/technet/security/bulletin/MS06-014.mspx)


- Microsoft Office Web Components (Spreadsheet) ActiveX BOF (MS09-043)
(http://www.microsoft.com/korea/technet/security/bulletin/ms09-043.mspx)


 



 


¼öµ¿Á¶Ä¡¹æ¹ý >


1. °¨¿°µÈ ½Ã½ºÅÛÀÇ Çϵåµð½ºÅ©¸¦ ´Ù¸¥ Á¤»ó ½Ã½ºÅÛÀÇ Slave·Î ¿¬°áÇÑ ÈÄ ºÎÆÃÇÑ´Ù.


2. Á¤»ó½Ã½ºÅÛ¿¡¼­ ·¹Áö½ºÆ®¸® ÆíÁý±â(regedit.exe)¸¦ ½ÇÇàÇÏ¿© HKEY_LOCAL_MACHINE


Å°¸¦ ¼±ÅÃÇÑ´Ù. 



 


3. ÆÄÀÏ(F) -> ÇÏÀÌºê ·Îµå(L)À» ¼±ÅÃÇϸé ÇÏÀÌºê ·ÎµåÇÒ ¼ö ÀÖ´Â À©µµ¿ì âÀÌ ¶á´Ù. 

 


4. °¨¿°µÈ ÇϵåÀÇ WINDOWS\system32\config ¿¡¼­ software ÆÄÀÏÀ» ¼±ÅÃÇÏ°í ¿­±â¸¦ Ŭ¸¯ÇÑ´Ù. 

 


5. Å° À̸§¿¡ ÀÓÀÇÀÇ Å°¸¦ ÀÔ·ÂÇÕ´Ï´Ù. 

 





  6. À§ÀÇ °úÁ¤À» ¸¶Ä¡¸é ºÎÆÃÀÌ ¾ÈµÇ´Â ½Ã½ºÅÛÀÇ ·¹Áö½ºÆ®¸® Á¤º¸°¡ ·ÎµùµÇ¾î Áø´Ù.


  ·ÎµùÀÌ µÇ¸é ¾Æ·¡ ·¹Áö½ºÆ®¸® °ªÀ» »èÁ¦ÇÑ´Ù. 
   HKEY_LOCAL_MACHINE\[À§¿¡¼­ ÁöÁ¤ÇÑ ÀÓÀÇÀÇ À̸§]
       \MICROSOFT


\WINDOWS NT


      \CurrentVersion


           \DRIVERS32\
    "MIDI9 = »ý¼º°æ·Î ¹× ÆÄÀϸíÀº ·£´ý"


 
   7. ÇÏÀÌºê ·Îµå½Ã ÀÔ·ÂÇÑ ÀÓÀÇÀÇ Å°(HKEY_LOCAL_MACHINE\Å° À̸§)¸¦ ¼±ÅÃÇÑ ÈÄ ÇÏÀÌºê ¾ð·Îµå


(ÆÄÀÏ¡æÇÏÀÌºê ¾ð·Îµå)¸¦ ÇÑ´Ù.


 


8. ¾ð·Îµå°¡ ¿Ï·áµÇ¸é ºÎÆÃÀÌ ¾ÈµÇ¾ú´ø ÄÄÇ»ÅÍ¿¡ Çϵåµð½ºÅ©¸¦ ¿¬°á ÇϽŠÈÄ Åͺ¸¹é½Å Á¦Ç°À» ÃֽŹöÀüÀ¸·Î


    ¾÷µ¥ÀÌÆ® ÇϽŠÈÄ °Ë»ç ¹× Ä¡·á¸¦ ÇÑ´Ù.


 


 


 


 


 


 
  ȸ»ç¼Ò°³ ÀÌ¿ë¾à°ü °³ÀÎÁ¤º¸º¸È£Á¤Ã¥ ±¤°í¾È³» ÄÁÅÙÃ÷ Á¦ÈÞ  

ÁÖ¼Ò : ¼­¿ïƯº°½Ã ¸¶Æ÷±¸ °ø´öµ¿ 253-42È£ Áö¹æÀçÁ¤È¸°ü 11Ãþ | »ç¾÷ÀÚ µî·Ï¹øÈ£ : 220-81-67981
°³ÀÎÁ¤º¸°ü¸® Ã¥ÀÓÀÚ : ´ëÇ¥ÀÌ»ç ÀÓÇüÅà | Åë½ÅÆǸž÷ ½Å°í¹øÈ£ Á¦ ¸¶Æ÷-2419È£
e-mail : webmaster@everyzone.com(°í°´Áö¿ø) | vaccine@everyzone.com(¹ÙÀÌ·¯½º)