¿¡ºê¸®Á¸¼Ò°³ | Á¦Ç°¼Ò°³ | °í°´¼¾ÅÍ | »çÀÌÆ®¸Ê | Home
°³ÀÎ°í°´ ¿©¼º°í°´ eº¸¾È¸¶ÄÏ À̺¥Æ®
°³ÀÎ°í°´±â¾÷°í°´
º¸¾ÈÁ¢¼Ó IDÀúÀå
AD ¹«·á·Î Ã¥¹Þ¾Æ°¡¼¼¿ä!


 ¸ñ·Ï |  À­±Û |  ¾Æ·§±Û  
W32/Ratos.27136@mm
 ¹ÙÀÌ·¯½º Á¾·ù
Worm
 ½ÇÇàȯ°æ
Windows
 ¹ß°ßÀÏ
2004³â08¿ù16ÀÏ
 Á¦ÀÛÁö
ºÒºÐ¸í
 À§Çèµî±Þ
 È®»ê¹æ¹ý
 ¹ÙÀÌ·¯½º Å©±â
27,136 byte
 Ã·ºÎÆÄÀÏ
photos_arc.exe
 ¸ÞÀÏÁ¦¸ñ
  photos
 Áõ»ó¿ä¾à
  
 Ä¡·á¹æ¹ý

Åͺ¸¹é½Å Ai, Åͺ¸¹é½Å 2001 ¶Ç´Â Åͺ¸¹é½Å OnlineÀ¸·Î Ä¡·á
°¡´É ÇÕ´Ï´Ù.


  
 
»ó¼¼¼³¸í
ÀÌ ¿úÀº ºñÁÖ¾ó C++ ·Î ÀÛ¼ºµÇ¾ú°í, UPX ·Î ¾ÐÃàµÇ ÀÖÀ¸¸ç À̸ÞÀÏ·Î ÀüÆĵȴÙ.

[¸ÞÀÏ Á¦¸ñ]

photos


[¸ÞÀÏ ³»¿ë]

LOL!;))))

[÷ºÎÆÄÀÏ]

photos_arc.exe


[Ư¡]

¿úÀÌ ½ÇÇà µÇ¸é À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Winnt\system32, Win XP : c;\windows\sytem32))¿¡
winpsd.exe(27,136 byte), dx32hhec.sys(4,096 byte), dx32hhlp.exe(139,776 byte), dx32hhconf.ini(1,345 byte) ¿Í
À©µµ¿ì Æú´õ((win 2000, NT : c:\Winnt, Win XP : c;\windows) rasor38a.dll(27,136 byte), winvpn32.exe (139,776 byte) ¸¦ »ý¼ºÇÑ´Ù.

¿úÀº ÀÚü SMTP¸¦ ÀÌ¿ëÇÏ¿© °¨¿°µÈ ÆÄÀÏÀÌ Ã·ºÎµÈ À̸ÞÀÏÀ» Àü¼ÛÇÑ´Ù.

¸ÞÀÏÁÖ¼Ò´Â ´ÙÀ½°ú °°Àº È®ÀåÀÚ¸¦ °¡Áø ÆÄÀÏ¿¡¼­ ÃßÃâÇÑ´Ù.

adb
asp
dbx
htm
php
pl
sht
tbb
txt
wab

±×¸®°í À©µµ¿ìÀÇ hosts ÆÄÀÏÀ» ´ÙÀ½°ú °°ÀÌ º¯°æÇÏ¿© ÇØ´ç À¥¼­¹ö·ÎÀÇ Á¢±ÙÀ» Â÷´ÜÇÑ´Ù.

127.0.0.1 www.symantec.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 symantec.com
127.0.0.1 www.sophos.com
127.0.0.1 sophos.com
127.0.0.1 www.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 liveupdate.symantecliveupdate.com
127.0.0.1 www.viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 viruslist.com
127.0.0.1 f-secure.com
127.0.0.1 www.f-secure.com
127.0.0.1 kaspersky.com
127.0.0.1 www.avp.com
127.0.0.1 www.kaspersky.com
127.0.0.1 avp.com
127.0.0.1 www.networkassociates.com
127.0.0.1 networkassociates.com
127.0.0.1 www.ca.com
127.0.0.1 ca.com
127.0.0.1 mast.mcafee.com
127.0.0.1 my-etrust.com
127.0.0.1 www.my-etrust.com
127.0.0.1 download.mcafee.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 secure.nai.com
127.0.0.1 nai.com
127.0.0.1 www.nai.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 customer.symantec.com
127.0.0.1 rads.mcafee.com
127.0.0.1 trendmicro.com
127.0.0.1 www.trendmicro.com

¶ÇÇÑ ´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\run
Ç׸ñ¿¡

(win2000, NTÀÇ °æ¿ì)
winpsd = C:\WINNT\System32\winpsd.exe

(WinXPÀÇ °æ¿ì)
winpsd = C:\Windows\System32\winpsd.exe


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dx32hhec
Ç׸ñ¿¡

ImagePath = system32\dx32hhec.sys

ƯÈ÷ dx32hhec.sys¿Í dx32help.exe ÆÄÀÏÀº ÀºÆó±â¹ýÀ» »ç¿ëÇÏ¿©

ÇØ´ç ÆÄÀÏÀ» À©µµ¿ì Ž»ö±âµîÀ¸·Î È®ÀÎ ÇÒ ¼ö ¾ø´Ù.
 
¿¹¹æ ¹× ¼öµ¿Á¶Ä¡¹æ¹ý
¹«´ÜÀüÀç¤ý¹èÆ÷±ÝÁö
¿¡ºê¸®Á¸¿¡¼­ Á¦°øÇÏ´Â ¸ðµç ÄÁÅÙÃ÷ Á¤º¸¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¿¡ºê¸®Á¸ÀÇ ¼ÒÀ¯ÀÌ¸ç °ü·Ã¹ýÀÇ º¸È£¸¦ ¹Þ½À´Ï´Ù.
¿¡ºê¸®Á¸ÀÇ »çÀü Çã°¡ ¾øÀÌ ¿¡ºê¸®Á¸ ÄÁÅÙÃ÷¸¦ ¹«´ÜÀ¸·Î ÀüÀç, ¹èÆ÷¸¦ ±ÝÁöµÇ¾î ÀÖ½À´Ï´Ù.
À̸¦ À§¹ÝÇÏ´Â °æ¿ì ¼ÕÇعè»óÀÇ ´ë»ó ¶Ç´Â ¹Î.Çü»ç»óÀÇ ¹ýÀû ¼Ò¼Û ´ë»óÀÌ µÉ ¼ö ÀÖ½À´Ï´Ù.
                                                                 * ¿¡ºê¸®Á¸ Á¤º¸ ÀÌ¿ë ¹®ÀÇ : greenking@everyzone.com
 ¸ñ·Ï