¿¡ºê¸®Á¸¼Ò°³ | Á¦Ç°¼Ò°³ | °í°´¼¾ÅÍ | »çÀÌÆ®¸Ê | Home
°³ÀÎ°í°´ ¿©¼º°í°´ eº¸¾È¸¶ÄÏ À̺¥Æ®
°³ÀÎ°í°´±â¾÷°í°´
º¸¾ÈÁ¢¼Ó IDÀúÀå
AD ¹«·á·Î Ã¥¹Þ¾Æ°¡¼¼¿ä!


 ¸ñ·Ï |  À­±Û |  ¾Æ·§±Û  
W32/Mytob.74350@mm
 ¹ÙÀÌ·¯½º Á¾·ù
Worm
 ½ÇÇàȯ°æ
Windows
 ¹ß°ßÀÏ
2005³â06¿ù02ÀÏ
 Á¦ÀÛÁö
ºÒºÐ¸í
 À§Çèµî±Þ
³ôÀ½
 È®»ê¹æ¹ý
³×Æ®¿öÅ©, º¸¾ÈÃë¾à¼º
 ¹ÙÀÌ·¯½º Å©±â
74,350 Byte
 Ã·ºÎÆÄÀÏ
document.scr ¿Ü ´Ù¼ö
 ¸ÞÀÏÁ¦¸ñ
  Good day ¿Ü ´Ù¼ö
 Áõ»ó¿ä¾à
  ÀÌ ¿úÀº À̸ÞÀÏÀ» ÅëÇÏ¿© ÀüÆĵǸç, ÀÚü SMTP ¿£ÁøÀ» ÀÌ¿ëÇÑ´Ù.
 Ä¡·á¹æ¹ý

Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.


¸¶ÀÌÅ©·Î ¼ÒÇÁÆ® MS04-011 º¸¾ÈÆÐÄ¡¿Í MS04-026°¡ ¾ÈµÈ »ç¿ëÀÚ´Â ´ÙÀ½ ¸µÅ©¿¡¼­ ÇØ´ç ¿î¿µÃ¼Á¦¿¡ ¸Â´Â º¸¾ÈÆÐÄ¡¸¦ ¹Þ¾Æ ¼³Ä¡ ÇØ¾ß ÇÑ´Ù.
MS04-011 º¸¾ÈÆÐÄ¡ ÆäÀÌÁö ¼³¸í(ÇѱÛ)

MS03-039 º¸¾ÈÆÐÄ¡ ÆäÀÌÁö ¼³¸í(ÇѱÛ)

Åͺ¸¹é½Å Ai¸¦ »ç¿ëÇÏ½Ã°í ¾Æ¿ô·èÀ» »ç¿ëÇϽŠ´Ù¸é ¹Ýµå½Ã À̸ÞÀÏ °¨½Ã±â¸¦ ½ÇÇàÇϽñ⠹ٶø´Ï´Ù.

  
 
»ó¼¼¼³¸í
[¸ÞÀÏ Á¦¸ñ]

´ÙÀ½Áß¿¡ ¼±ÅõȴÙ.

Good day

hello

Mail Delivery System

Mail Transaction Failed

Server Report

Status


[¸ÞÀÏ ³»¿ë]

´ÙÀ½Áß¿¡ ¼±Åà µÈ´Ù.

Here are your banks documents.

Mail transaction failed. Partial message is available.

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

The message contains Unicode characters and has been sent as a binary attachment.

The original message was included as an attachment.


[÷ºÎÆÄÀÏ]

À̸§ Àº ´ÙÀ½ ¸®½ºÆ®¿¡¼­ ¼±Åà µÈ´Ù.

data
doc
document
file
message
readme
test
text

È®ÀåÀÚ´Â ´ÙÀ½°ú °°´Ù.
BAT
CMD
EXE
PIF
SCR


[Ư¡]

¿úÀÌ ½ÇÇàµÇ¸é ´ÙÀ½°ú °°ÀÌ À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Winnt\system32, win XP : c:\windows\system32)
¿¡ ehshell.exe ÆÄÀÏÀ» »ý¼ºÇÏ°í, À©µµ¿ì Æú´õ (win 2000, NT : c:\winnt, win XP, 98, ME : c:\windows)
¿¡ my_photo2005.scr, funny pic.scr, see_this!!.scr, hellmsn.exe ÆÄÀÏÀ» »ý¼ºÇÑ´Ù.

¶ÇÇÑ, ´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡

WIN = "ehshell.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡

WIN = ¡°ehshell.exe¡±

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Ç׸ñ¿¡

WIN = "ehshell.exe"

¸¦ ±â·ÏÇÑ´Ù.

±×¸®°í ´ÙÀ½ ·¹Áö½ºÆ®¸® °ªÀ» »ý¼ºÇÑ´Ù.

HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
Ç׸ñ¿¡

WIN = ¡°ehshell.exe¡±

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa
Ç׸ñ¿¡

WIN = ¡°ehshell.exe¡±

HKEY_CURRENT_USER\Software\Microsoft\Ole
Ç׸ñ¿¡

WIN = ¡°ehshell.exe¡±

HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa
Ç׸ñ¿¡

WIN = ¡°ehshell.exe¡±


À̸ÞÀÏ ÁÖ¼Ò´Â ´ÙÀ½ È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ¿¡¼­ ÃßÃâ ÇÑ´Ù.

ADB
ASP
DBX
HTM
PHP
SHT
TBB
WAB

´ÙÀ½°ú °°Àº Çϵå ÄÚµùµÈ ¸ÞÀÏÁÖ¼Ò¸¦ °¡Áö°í ÀÖ´Ù.

aol.com
cia.gov
fbi.gov
hotmail.com
juno.com
msn.com
yahoo.com

´ÙÀ½ ¹®ÀÚ¿­À» Æ÷ÇÔÇÑ ¸ÞÀÏÁּҷδ °¨¿°µÈ ¸ÞÀÏÀ» º¸³»Áö ¾Ê´Â´Ù.

accoun
acketst
admin
anyone
arin.
avp
be_loyal:
berkeley
borlan
bsd
bugs
certific
contact
edu
example
feste
fido
foo.
fsf.
gnu
gold-certs
google
gov
gov.
help
iana
ibm.com
icrosof
icrosoft
ietf
info
inpris
isc.o
isi.e
kernel
linux
listserv
math
mil
mit.e
mozilla
mydomai
nobody
nodomai
noone
not
nothing
ntivi
page
panda
pgp
postmaster
privacy
rating
rfc-ed
ripe.
root
ruslis
samples
secur
sendmail
service
site
soft
somebody
someone
sopho
submit
support
syma
tanford.e
the.bat
unix
usenet
utgers.ed
webmaster
you
your



¸¶Áö¸·À¸·Î Hosts ÆÄÀÏÀ» ¼öÁ¤ÇÏ¿© ƯÁ¤ ÁÖ¼Ò·Î Á¢¼ÓÀ» ¹æÇØ ÇÑ´Ù.
±× ÁÖ¼Ò´Â ´ÙÀ½°ú °°´Ù.

avp.com
ca.com
customer.symantec.com
dispatch.mcafee.com
download.mcafee.com
f-secure.com
kaspersky.com
liveupdate.symantec.com
liveupdate.symantecliveupdate.com
mast.mcafee.com
mcafee.com
my-etrust.com
nai.com
networkassociates.com
rads.mcafee.com
secure.nai.com
securityresponse.symantec.com
sophos.com
symantec.com
trendmicro.com
update.symantec.com
updates.symantec.com
us.mcafee.com
viruslist.com
www.avp.com
www.ca.com
www.f-secure.com
www.kaspersky.com
www.mcafee.com
www.microsoft.com
www.my-etrust.com
www.nai.com
www.networkassociates.com
www.sophos.com
www.symantec.com
www.trendmicro.com
www.viruslist.com
 
¿¹¹æ ¹× ¼öµ¿Á¶Ä¡¹æ¹ý
¹«´ÜÀüÀç¤ý¹èÆ÷±ÝÁö
¿¡ºê¸®Á¸¿¡¼­ Á¦°øÇÏ´Â ¸ðµç ÄÁÅÙÃ÷ Á¤º¸¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¿¡ºê¸®Á¸ÀÇ ¼ÒÀ¯ÀÌ¸ç °ü·Ã¹ýÀÇ º¸È£¸¦ ¹Þ½À´Ï´Ù.
¿¡ºê¸®Á¸ÀÇ »çÀü Çã°¡ ¾øÀÌ ¿¡ºê¸®Á¸ ÄÁÅÙÃ÷¸¦ ¹«´ÜÀ¸·Î ÀüÀç, ¹èÆ÷¸¦ ±ÝÁöµÇ¾î ÀÖ½À´Ï´Ù.
À̸¦ À§¹ÝÇÏ´Â °æ¿ì ¼ÕÇعè»óÀÇ ´ë»ó ¶Ç´Â ¹Î.Çü»ç»óÀÇ ¹ýÀû ¼Ò¼Û ´ë»óÀÌ µÉ ¼ö ÀÖ½À´Ï´Ù.
                                                                 * ¿¡ºê¸®Á¸ Á¤º¸ ÀÌ¿ë ¹®ÀÇ : greenking@everyzone.com
 ¸ñ·Ï