|
[Áõ»ó]
ÀÌ ¿úÀº 2005³â 1¿ù 16ÀÏ ¹ß°ßµÇ¾úÀ¸¸ç ±¹³»¿¡´Â 1¿ù 16ÀÏ ºÎÅÍ È®»ê µÇ±â ½ÃÀÛ ÇÏ¿´´Ù.
UPX ½ÇÇà ÆÄÀÏ ¾ÐÃàµÇ ÀÖÀ¸¸ç, Hosts ÆÄÀÏÀ» ¼öÁ¤ÇÏ¿© ƯÁ¤ º¸¾È¾÷üÀÇ Á¢¼ÓÀ» ¹æÇØ ÇÑ´Ù.
¶ÇÇÑ ÀÚü SMTP¸¦ ³»ÀåÇÏ¿© ÀÌ ¸ÞÀÏÀ» ÅëÇØ ÀüÆĵȴÙ.
[¸ÞÀÏ Á¦¸ñ]
Attention!!!
Do not reply to this email
Error
Good day
hello
Mail Delivery System
Mail Transaction Failed
Server Report
Status
[÷ºÎÆÄÀÏ À̸§]
body
message
docs
data
file
rules
doc
readme
document
[È®ÀåÀÚ]
EXE, ZIP, PIF, SCR, BAT, CMD
[Ư¡]
¸ÞÀÏÀ» ÅëÇÑ °¨¿°½Ã ´ÙÀ½ ÆÄÀÏ¿¡¼ ¸ÞÀÏ ÁÖ¼Ò¸¦ ÃßÃâ ÇÑ´Ù.
.adb
.asa
.asc
.asm
.asp
.cgi
.con
.csp
.dbx
.dlt
.dwt
.edm
.hta
.htc
.htm
.inc
.jsp
.jst
.lbi
.php
.rdf
.rss
.sht
.ssi
.stm
.tbb
.tpl
.txt
.vbp
.vbs
.wab
.wml
.xht
.xml
.xsd
.xst
¿úÀÌ ½ÇÇà µÇ¸é À©µµ¿ì ½Ã½ºÅÛ Æú´õ
(Win9x- c:\windows\system, Win2000, NT - c:\Winnt\system32, win XP - c:\windows\system32)
¿¡ lsasrv.exe, version.ini, hserv.sys ÆÄÀϸ¦ »ý¼ºÇÑ´Ù.
´ÙÀ½À¸·Î ·¹Áö½ºÆ®¸®¸¦ Á¶ÀÛÇÏ¿© À©µµ¿ì¸¦ ½ÇÇà ÇÒ °æ¿ì ¸ÕÀú ¿úÀ» ½ÇÇà ½ÃÅ°µµ·Ï ÇÑ´Ù.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡
win2000,nt ÀÇ °æ¿ì : lsass : c:\winnt\system32\lsasrv.exe
win xp ÀÇ °æ¿ì : lsass : c:\windows\system32\lsasrv.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Ç׸ñ¿¡
win2000,nt ÀÇ °æ¿ì : Shell : explorer.exe c:\winnt\system32\lsasrv.exe
win xp ÀÇ °æ¿ì : Shell : explorer.exe c:\windows\system32\lsasrv.exe
±×¸®°í ´ÙÀ½°ú °°Àº ¹®ÀÚ¿À» °¡Áø ÇÁ·Î¼¼½º°¡ ½ÇÇàµÇ¸é Á¾·á ½ÃŲ´Ù.
MSBLAST.exe
PandaAVEngine.exe
Penis32.exe
SysMonXP.exe
bbeagle.exe
d3dupdate.exe
i11r54n4.exe
irun4.exe
msblast.exe
mscvb32.exe
navapw32.exe
navw32.exe
netstat.exe
outpost.exe
rate.exe
ssate.exe
sysinfo.exe
taskmon.exe
teekids.exe
wincfg32.exe
winsys.exe
winupd.exe
zapro.exe
zonealarm.exe
p2p ÇÁ·Î±×·¥À» ÅëÇؼµµ °¨¿°µÈ ÆÄÀÏÀ» ÀüÆÄÇÒ ¼ö ÀÖÀ¸¸ç, ´ÙÀ½Àº p2p ÇÁ·Î±×·¥ ÀÌ¿ë½Ã
°øÀ¯ Æú´õ¿¡ ¿úÀÇ º¹»çº»À¸·Î »ý¼ºµÇ´Â ÆÄÀϵéÀÌ´Ù.
¿úÀÇ º¹»çº» È®ÀåÀÚ´Â bat, pif, scr, exe ¿¡¼ ·£´ýÇÏ°Ô Àû¿ëµÈ´Ù.
porno.scr
NeroBROM6.3.1.27.exe
avpprokey.exe
Ad-awareref01R349.exe
winxp_patch.exe
adultpasswds.exe
dcom_patches.bat
K-LiteCodecPack2.34a.exe
activation_crack.exe
icq2004-final.exe
winamp5.exe
¶ÇÇÑ hosts(windows98, me : c:\windows\hosts, windows 2000, NT : c:\winnt\system32\drivers\etc,
windows XP : c:\windows\system32\drivers\etc) ÆÄÀÏÀ» ´ÙÀ½°ú °°ÀÌ Á¶ÀÛ ÇÏ¿© À¥½ÎÀÌÆ®ÀÇ Á¢¼ÓÀ» ¹æÇØ ÇÑ´Ù.
Á¤»óÀûÀÎ hosts ÆÄÀÏÀº "127.0.0.1 localhosts" ÀÌ´Ù.
127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 www.f-secure.com
127.0.0.1 f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 kaspersky-labs.com
127.0.0.1 www.avp.com
127.0.0.1 avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 www.nai.com
127.0.0.1 nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 www.trendmicro.com
127.0.0.1 trendmicro.com
127.0.0.1 www.grisoft.com
127.0.0.1 grisoft.com
±×¸®°í http://nerma(xx)eno.com/com.txt ¶Ç´Â http://www.ops(xx)ed.com/com.txt
ÆÄÀÏÀ» ¹Þ¾Æ ¿Â´Ù.(xx Á¦°ÅµÊ)
|
|
|