|
³×Æ®¿öÅ© °øÀ¯ Æú´õ¿Í, À©µµ¿ì º¸¾ÈÆÐÄ¡ ÇêÁ¡µîÀ» ÀÌ¿ëÇؼ ÀüÆÄ¹× ¼³Ä¡µÈ´Ù.
Backdoor °¡ ½ÇÇà µÇ¸é, ÀϹÝÀûÀ¸·Î À©µµ¿ì ½Ã½ºÅÛ Æú´õ
(win9x: C:\Windows\system, win XP: C:\Windows\system32, win2000, NT : C:\WinNT\system32)
¿¡ OfficeGUI1.exe(96,768 Bytes) ÆÄÀÏÀÌ ¼³Ä¡µÈ´Ù.
À̶§ ÇØ´ç ÆÄÀÏÀÌ µ¿ÀÛÇÏ°Ô µÇ¸é ÀÚ½ÅÀ» ´ÙÀ½°ú °°ÀÌ ·¹Áö½ºÆ®¸®¿¡
µî·ÏµÇ¾î ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛ ÇÑ´Ù.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡
MS Office1 Startup = OfficeGUI1.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡
MS Office1 Startup = OfficeGUI1.exe
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Ç׸ñ¿¡
MS Office1 Startup = OfficeGUI1.exe
HKEY_CURRENT_USER\Software\Microsoft\OLE
Ç׸ñ¿¡
Microsoftf smss Control = smss.pif
À» »ý¼ºÇÑ´Ù.
´ÙÀ½°ú °°Àº Á¤º¸¸¦ ÀÌ¿ëÇÏ¿© ½Ã½ºÅÛ ±ÇÇÑ ¾ò±â¸¦ ½Ãµµ ÇÑ´Ù.
12345
123456
1234567
12345678
123456789
1234567890
access
accounting
accounts
admin
administrador
administrat
administrateur
administrator
admins
backup
bitch
blank
brian
changeme
chris
cisco
compaq
computer
control
database
databasepass
databasepassword
db1234
dbpass
dbpassword
default
domain
domainpass
domainpassword
exchange
george
guest
hello
homeuser
internet
intranet
katie
linux
login
loginpass
nokia
oeminstall
oemuser
office
oracle
orainstall
outlook
owner
pass1234
passwd
password
password1
peter
qwerty
server
siemens
sqlpassoainstall
staff
student
susan
system
teacher
technical
win2000
win2k
win98
windows
winnt
winpass
winxp
wwwadmin
¹éµµ¾î·Î¼ µ¿ÀÛ ÇϰԵǸé, ´ÙÀ½°ú °°Àº ½Ã½ºÅÛ ¿Àµ¿ÀÛÀÌ ÀϾ ¼ö ÀÖ´Ù.
1. ÆÄÀÏ ½ÇÇà
2. IP ÁÖ¼Ò¿Í Æ÷Æ®¸¦ ½ºÄµ
3. Ÿ°Ù ½Ã½ºÅÛ¿¡ ping °ø°Ý
4. ÆÄÀÏ ´Ù¿î·Îµå
5. ÇÁ·Î¼¼½º Á¾·á
6. ÀͽºÇ÷η¯ °Á¦ ½ÇÇà
±×¸®°í ÀÌ ¹éµµ¾î´Â WebDav ¹öÆÛ ¿À¹ö Ç÷οì À§Çè, RPC/DCOM, RPCSS Servie,
LSASS ¿À·ù À§ÇèµîÀ» ÀÌ¿ëÇϹǷÎ, ´ÙÀ½ º¸¾ÈÆÐÄ¡¸¦ ±Ç°íÇÑ´Ù.
*MS03-007 À©µµ¿ì ±¸¼º¿ä¼Ò ¿À·ù
http://www.microsoft.com/korea/technet/security/bulletin/MS03-007.asp
*MS03-026 RPC ¹öÆÛ ¿À¹ö·± ¿À·ù
http://www.microsoft.com/korea/technet/security/bulletin/MS03-026.asp
*MS03-039 RPCSS ¼ºñ½º ¹öÆÛ ¿À¹ö·± ¿À·ù
http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp
*MS04-011 RPCSS ¿ø°ÝÄÚµå ½ÇÇà
http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp |
|
|