¿¡ºê¸®Á¸¼Ò°³ | Á¦Ç°¼Ò°³ | °í°´¼¾ÅÍ | »çÀÌÆ®¸Ê | Home
°³ÀÎ°í°´ ¿©¼º°í°´ eº¸¾È¸¶ÄÏ À̺¥Æ®
°³ÀÎ°í°´±â¾÷°í°´
º¸¾ÈÁ¢¼Ó IDÀúÀå
AD ¹«·á·Î Ã¥¹Þ¾Æ°¡¼¼¿ä!


 ¸ñ·Ï |  À­±Û |  ¾Æ·§±Û  
Backdoor-W32/SdBot.197632
 ¹ÙÀÌ·¯½º Á¾·ù
Backdoor
 ½ÇÇàȯ°æ
Windows
 ¹ß°ßÀÏ
2005³â09¿ù06ÀÏ
 Á¦ÀÛÁö
ºÒºÐ¸í
 À§Çèµî±Þ
º¸Åë
 È®»ê¹æ¹ý
³×Æ®¿öÅ©, º¸¾ÈÃë¾à¼º
 ¹ÙÀÌ·¯½º Å©±â
197,632 Bytes
 Ã·ºÎÆÄÀÏ
 ¸ÞÀÏÁ¦¸ñ
  
 Áõ»ó¿ä¾à
  Å¸ÄÏÀÌ µÇ´Â ½Ã½ºÅÛÀÇ Á¤º¸¼öÁý
 Ä¡·á¹æ¹ý

Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.



  
 
»ó¼¼¼³¸í
³×Æ®¿öÅ© °øÀ¯ Æú´õ¿Í, À©µµ¿ì º¸¾ÈÆÐÄ¡ ÇêÁ¡µîÀ» ÀÌ¿ëÇؼ­ ÀüÆÄ¹× ¼³Ä¡µÈ´Ù.

Backdoor °¡ ½ÇÇà µÇ¸é, ÀϹÝÀûÀ¸·Î À©µµ¿ì ½Ã½ºÅÛ Æú´õ
(win9x: C:\Windows\system, win XP: C:\Windows\system32, win2000, NT : C:\WinNT\system32)
¿¡ iexplore.exe(197,632 Bytes) ÆÄÀÏÀÌ ¼³Ä¡µÈ´Ù.

ÆÄÀϸíÀº ·£´ýÇÏ°Ô º¯ÇϹǷΠ´Ù¸¥ ¸íÀϼö ÀÖ´Ù.

À̶§ ÇØ´ç ÆÄÀÏÀÌ µ¿ÀÛÇÏ°Ô µÇ¸é ÀÚ½ÅÀ» ´ÙÀ½°ú °°ÀÌ ·¹Áö½ºÆ®¸®¿¡
µî·ÏµÇ¾î ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛ ÇÑ´Ù.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡

(windows 9x)
·£´ý °ª = c\windows\system\·£´ýÆÄÀϸí

(windows xp)
·£´ý °ª = c\windows\system32\·£´ýÆÄÀϸí

(windows 2000, NT)
·£´ý °ª = c\windows\system32\·£´ýÆÄÀϸí

À» »ý¼ºÇÑ´Ù.


´ÙÀ½°ú °°Àº Á¤º¸¸¦ ÀÌ¿ëÇÏ¿© ½Ã½ºÅÛ ±ÇÇÑ ¾ò±â¸¦ ½Ãµµ ÇÑ´Ù.

12345
123456
1234567
12345678
123456789
1234567890
access
accounting
accounts
admin
administrador
administrat
administrateur
administrator
admins
backup
bitch
blank
brian
changeme
chris
cisco
compaq
computer
control
database
databasepass
databasepassword
db1234
dbpass
dbpassword
default
domain
domainpass
domainpassword
exchange
george
guest
hello
homeuser
internet
intranet
katie
linux
login
loginpass
nokia
oeminstall
oemuser
office
oracle
orainstall
outlook
owner
pass1234
passwd
password
password1
peter
qwerty
server
siemens
sqlpassoainstall
staff
student
susan
system
teacher
technical
win2000
win2k
win98
windows
winnt
winpass
winxp
wwwadmin

¹éµµ¾î·Î¼­ µ¿ÀÛ ÇϰԵǸé, ´ÙÀ½°ú °°Àº ½Ã½ºÅÛ ¿Àµ¿ÀÛÀÌ ÀϾ ¼ö ÀÖ´Ù.

1. ÆÄÀÏ ½ÇÇà¹× »èÁ¦
2. Æ÷Æ®°¨½Ã
3. Å°º¸µå ŸÀÌÇÎ ³»¿ë ÀúÀå
4. ÆÄÀÏ ´Ù¿î·Îµå
5. ftp¹× IRC ¼­¹ö·Î µ¿ÀÛ°¡´É
6. ½Ã½ºÅÛ Çϵå¿þ¾î Á¤º¸ ¼öÁý

±×¸®°í ÀÌ ¹éµµ¾î´Â WebDav ¹öÆÛ ¿À¹ö Ç÷οì À§Çè, LSASS º¸¾ÈÇêÁ¡ µîÀ»

ÀÌ¿ëÇϹǷÎ, ´ÙÀ½ º¸¾ÈÆÐÄ¡¸¦ ±Ç°íÇÑ´Ù.

*MS03-007 À©µµ¿ì ±¸¼º¿ä¼Ò ¿À·ù
http://www.microsoft.com/korea/technet/security/bulletin/MS03-007.asp

*MS04-011 RPCSS ¿ø°ÝÄÚµå ½ÇÇà
http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp
 
¿¹¹æ ¹× ¼öµ¿Á¶Ä¡¹æ¹ý
¹«´ÜÀüÀç¤ý¹èÆ÷±ÝÁö
¿¡ºê¸®Á¸¿¡¼­ Á¦°øÇÏ´Â ¸ðµç ÄÁÅÙÃ÷ Á¤º¸¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¿¡ºê¸®Á¸ÀÇ ¼ÒÀ¯ÀÌ¸ç °ü·Ã¹ýÀÇ º¸È£¸¦ ¹Þ½À´Ï´Ù.
¿¡ºê¸®Á¸ÀÇ »çÀü Çã°¡ ¾øÀÌ ¿¡ºê¸®Á¸ ÄÁÅÙÃ÷¸¦ ¹«´ÜÀ¸·Î ÀüÀç, ¹èÆ÷¸¦ ±ÝÁöµÇ¾î ÀÖ½À´Ï´Ù.
À̸¦ À§¹ÝÇÏ´Â °æ¿ì ¼ÕÇعè»óÀÇ ´ë»ó ¶Ç´Â ¹Î.Çü»ç»óÀÇ ¹ýÀû ¼Ò¼Û ´ë»óÀÌ µÉ ¼ö ÀÖ½À´Ï´Ù.
                                                                 * ¿¡ºê¸®Á¸ Á¤º¸ ÀÌ¿ë ¹®ÀÇ : greenking@everyzone.com
 ¸ñ·Ï