¿¡ºê¸®Á¸¼Ò°³ | Á¦Ç°¼Ò°³ | °í°´¼¾ÅÍ | »çÀÌÆ®¸Ê | Home
°³ÀÎ°í°´ ¿©¼º°í°´ eº¸¾È¸¶ÄÏ À̺¥Æ®
°³ÀÎ°í°´±â¾÷°í°´
º¸¾ÈÁ¢¼Ó IDÀúÀå
AD ¹«·á·Î Ã¥¹Þ¾Æ°¡¼¼¿ä!


 ¸ñ·Ï |  À­±Û |  ¾Æ·§±Û  
Worm-W32/Zotob.15386
 ¹ÙÀÌ·¯½º Á¾·ù
Worm
 ½ÇÇàȯ°æ
Windows
 ¹ß°ßÀÏ
2005³â08¿ù15ÀÏ
 Á¦ÀÛÁö
ºÒºÐ¸í
 À§Çèµî±Þ
³ôÀ½
 È®»ê¹æ¹ý
³×Æ®¿öÅ©, º¸¾ÈÃë¾à¼º
 ¹ÙÀÌ·¯½º Å©±â
15,386 Byte
 Ã·ºÎÆÄÀÏ
 ¸ÞÀÏÁ¦¸ñ
  
 Áõ»ó¿ä¾à
  ·¹Áö½ºÆ®¸® º¯°æ, ƯÁ¤ Æ÷Æ® ¿ÀÇÂ, ÆÄÀÏ»ý¼º, À©µµ¿ì ½Ã½ºÅÛÁ¾·á, ƯÁ¤ IRC¼­¹ö Á¢¼Ó
 Ä¡·á¹æ¹ý

Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.


¸¶ÀÌÅ©·Î ¼ÒÇÁÆ® MS05-039 º¸¾ÈÆÐÄ¡°¡ ¾ÈµÈ »ç¿ëÀÚ´Â ´ÙÀ½ ¸µÅ©¿¡¼­ ÇØ´ç ¿î¿µÃ¼Á¦¿¡ ¸Â´Â º¸¾ÈÆÐÄ¡¸¦ ¹Þ¾Æ ¼³Ä¡ ÇØ¾ß ÇÑ´Ù.
MS05-039 º¸¾ÈÆÐÄ¡ ÆäÀÌÁö ¼³¸í(ÇѱÛ)


¸¶ÀÌÅ©·Î ¼ÒÇÁÆ® MS04-011 º¸¾ÈÆÐÄ¡¿Í MS04-026°¡ ¾ÈµÈ »ç¿ëÀÚ´Â ´ÙÀ½ ¸µÅ©¿¡¼­ ÇØ´ç ¿î¿µÃ¼Á¦¿¡ ¸Â´Â º¸¾ÈÆÐÄ¡¸¦ ¹Þ¾Æ ¼³Ä¡ ÇØ¾ß ÇÑ´Ù.
MS04-011 º¸¾ÈÆÐÄ¡ ÆäÀÌÁö ¼³¸í(ÇѱÛ)

MS03-039 º¸¾ÈÆÐÄ¡ ÆäÀÌÁö ¼³¸í(ÇѱÛ)


¸¶ÀÌÅ©·Î ¼ÒÇÁÆ® 8¿ù Áß¿ä º¸¾È ÆÐÄ¡ º¸±â

Åͺ¸¹é½Å Ai¸¦ »ç¿ëÇÏ½Ã°í ¾Æ¿ô·èÀ» »ç¿ëÇϽŠ´Ù¸é ¹Ýµå½Ã À̸ÞÀÏ °¨½Ã±â¸¦ ½ÇÇàÇϽñ⠹ٶø´Ï´Ù.

  
 
»ó¼¼¼³¸í
ÀÌ ¿úÀº Worm-W32/Zotob.22528 ÀÇ º¯Á¾À¸·Î À©µµ¿ì º¸¾È ÇêÁ¡À» ÀÌ¿ëÇÏ¿© ÀüÆĵǸç,

·¹Áö½ºÆ®¸® °ªº¯°æ¹×, Services.exe ¿À·ù¸¦ ¹ß»ý½ÃÄÑ ½Ã½ºÅÛ ÀçºÎÆÃ,

ƯÁ¤ Æ÷Æ®¸¦ ¿ÀÇ ÇÏ¿© irc ¼­¹ö·ÎÀÇ ¿¬°áÀ» ½Ãµµ ÇÑ´Ù.



[Ư¡]

¿úÀÌ ½ÇÇàµÇ¸é ´ÙÀ½°ú °°ÀÌ À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Wint\system32, win XP : c:\windows\system32)
¿¡ Botzor.exe(22,528byte) ÆÄÀÏÀ» »ý¼ºÇÑ´Ù.

¶ÇÇÑ, ´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡

csm Win Updates = "csm.exe"



HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Ç׸ñ¿¡

csm Win Updates = "csm.exe"

¸¦ ±â·ÏÇÑ´Ù.

windows xp ¿¡¼­´Â firwall ¼³Á¤¿¡ °ü°èµÈ ´ÙÀ½ ·¹Áö½ºÆ®¸®¸¦ ¼öÁ¤ÇÑ´Ù.

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess

Start = "4"


±×¸®°í TCP 445 Æ÷Æ®¸¦ ÀÌ¿ëÇÏ¿© ¿ø°Ý ½© ½ºÅ©¸³Æ®

2PAC.txt ¸¦ Æ÷ÇÔÇÑ haha.exe ¸¦ ´Ù¿î·Îµå ¹Þ¾Æ

ƯÁ¤ IRC ¼­¹ö¿¡ Á¢¼ÓÀ» ½ÃµµÇÑ´Ù.

(ÀÌ ¶§¹®¿¡ °úµµÇÑ Æ®·¡ÇÈ ¹ß»ýÀ¸·Î ÀÎÇÏ¿© ³×Æ®¿öÅ©¿¡ ºÎÇÏ°¡ °É·Á
ÁÖÀ§ ³×Æ®¿öÅ©»óÀÇ PC µéµµ ³×Æ®¿öÅ© ÀÛ¾÷ÀÌ µ¿ÀÛÇÏÁö ¾ÊÀ» ¼ö ÀÖ´Ù.)

Á¢¼ÓµÈ ½Ã½ºÅÛÀº ´ÙÀ½°ú °°Àº µ¿ÀÛÀÌ ¼öÇàµÉ¼ö ÀÖ´Ù.

1. ƯÁ¤ ½ÎÀÌÆ® ¿¬°á
2. ½Ã½ºÅÛ Á¤º¸ Àü´Þ
3. ÇÁ·Î¼¼½º °­Á¦ Á¾·á
4. ¸ÞÀÏÁÖ¼Ò ¼öÁý
5. ÆÄÀÏ ½ÇÇà¹× »èÁ¦

¸¶Áö¸·À¸·Î MS04-011 º¸¾ÈÆÐÄ¡¿Í MS04-026ÀÇ ÇêÁ¡À» ÀÌ¿ëÇÑ

W32/Mytob.33485@mm¿Í µ¿ÀÏ ÇÏ°Ô Hosts ÆÄÀÏÀ» ¼öÁ¤ÇÏ¿©

ƯÁ¤ ÁÖ¼Ò·Î Á¢¼ÓÀ» ¹æÇØ ÇÑ´Ù.

³»¿ëÀº ´ÙÀ½°ú °°´Ù.

127.0.0.1 avp.com
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 kaspersky-labs.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 pandasoftware.com
127.0.0.1 www.pandasoftware.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.grisoft.com
127.0.0.1 www.microsoft.com
127.0.0.1 microsoft.com
127.0.0.1 www.virustotal.com
127.0.0.1 virustotal.com
127.0.0.1 www.amazon.com
127.0.0.1 www.amazon.co.uk
127.0.0.1 www.amazon.ca
127.0.0.1 www.amazon.fr
127.0.0.1 www.paypal.com
127.0.0.1 paypal.com
127.0.0.1 moneybookers.com
127.0.0.1 www.moneybookers.com
127.0.0.1 www.ebay.com
127.0.0.1 ebay.com

Botzor2005 Made By .... Greetz to good friend Coder. Based On HellBot3

MSG to avs: the first av who detect this worm will be the first killed in the next 24hours!!!

 
¿¹¹æ ¹× ¼öµ¿Á¶Ä¡¹æ¹ý
¹«´ÜÀüÀç¤ý¹èÆ÷±ÝÁö
¿¡ºê¸®Á¸¿¡¼­ Á¦°øÇÏ´Â ¸ðµç ÄÁÅÙÃ÷ Á¤º¸¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¿¡ºê¸®Á¸ÀÇ ¼ÒÀ¯ÀÌ¸ç °ü·Ã¹ýÀÇ º¸È£¸¦ ¹Þ½À´Ï´Ù.
¿¡ºê¸®Á¸ÀÇ »çÀü Çã°¡ ¾øÀÌ ¿¡ºê¸®Á¸ ÄÁÅÙÃ÷¸¦ ¹«´ÜÀ¸·Î ÀüÀç, ¹èÆ÷¸¦ ±ÝÁöµÇ¾î ÀÖ½À´Ï´Ù.
À̸¦ À§¹ÝÇÏ´Â °æ¿ì ¼ÕÇعè»óÀÇ ´ë»ó ¶Ç´Â ¹Î.Çü»ç»óÀÇ ¹ýÀû ¼Ò¼Û ´ë»óÀÌ µÉ ¼ö ÀÖ½À´Ï´Ù.
                                                                 * ¿¡ºê¸®Á¸ Á¤º¸ ÀÌ¿ë ¹®ÀÇ : greenking@everyzone.com
 ¸ñ·Ï