|
°¨¿°µÈ À̸ÞÀÏÀÇ Ã·ºÎ ÆÄÀÏ°ú, KazaA, IRC¸¦ ÅëÇØ Àü
ÆÄ µÈ´Ù.
¸¶ÀÌÅ©·Î ¼ÒÇÁÆ® ºñÁÖ¾ó C++·Î ÄÚµùµÇ¾î ÀÖÀ¸¸ç, UPX
¾ÐÃàÇÁ·Î±×·¥À¸·Î ¾ÐÃà
µÇ ÀÖ´Ù.
ºÎÁ¤È®ÇÑ MIME Çì´õ¸¦ ÀÌ¿ëÇÏ¿© E-mail÷ºÎÆÄÀÏÀ» ½Ç
ÇàÇϵµ·Ï ¾ß±âÇÏ´Â º¸
¾È ¹ö±×¸¦ ÀÌ¿ë ÇϹǷΠ¸ÞÀÏÀ» Ŭ¸¯ ÇÏ´Â °Í¸¸À¸·Î °¨
¿°µÉ ¼ö ÀÖ´Ù.
¸ÞÀÏ º»¹®Àº ´ÙÀ½°ú °°´Ù.
You will find all you need in the attachment.
ÆÄÀÏÀÌ ½ÇÇàµÇ¸é À©µµ¿ìÀÇ ½Ã½ºÅÛ Æú´õ(win9x :
c:\windows\system,
Win2000 : c:\Winnt\system32)¿¡ winsysXXX.exeÆÄÀÏ
°ú win32sysXXX.zipÆÄÀÏ
À» »ý¼ºÇÑ´Ù.(XXX : ·£´ýÇÑ ¼ýÀÚ)
¶ÇÇÑ ´ÙÀ½°ú °°ÀÌ ·¹Áö½ºÆ®¸®¸¦ Á¶ÀÛÇÑ´Ù.
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Run
Ç׸ñ¿¡
Win9x ÀÎ °æ¿ì : Windows task32 sys =
c:\windows\system\winsysXXX.exe
Win2000 Àΰæ¿ì: Windows task32 sys =
c:\winnt\system32\winsysXXX.exe
(XXX : ·£´ýÇÑ ¼ýÀÚ)
HKEY_LOCAL_MACHINE\Software\RedCell
Ç׸ñÀ» »ý¼º
infected = yes
KaZaA¸¦ ÅëÇÑ °¨¿°ÆÄÀÏÀº ¾Æ·¡ÀÇ À̸§À» ·£´ýÇÏ°Ô ¼±
ÅÃÇÏ¿© ÀüÆĵȴÙ.
icq2002.exe
wincrack.exe
winamp3.exe
mirc6.exe
¶ÇÇÑ IRC ÇÁ·Î±×·¥À» »ç¿ëÇÑ´Ù¸é ÇØ´ç µð·ºÅ丮¿¡
SCRIPT.INI ÆÄÀÏÀ» »ý¼º
ÇÏ°Ô µÇ´Âµ¥, ÀÌÆÄÀÏ¿£ win32sysXXX.zipÀ» Àü¼ÛÇÏ´Â
½ºÅ©¸³Æ®°¡ Æ÷Ç﵂ ÀÖ
´Ù.
÷ºÎµÈ ÆÄÀÏÀ» ½ÇÇà ÇÑÈÄ ´ÙÀ½°ú °°Àº ¿¡·¯ ¸Þ½ÃÁö¸¦
¶ç¿ì¸ç, ½ÇÇàÇÒ¼ö ¾ø
´Â °Íó·³ À§ÀåÇÑ´Ù.
This program has performed an illegal operation
9¿ù 15ÀÏ¿¡ ´ÙÀ½°ú °°Àº ¸Þ½ÃÁö âÀ» ¶ç¿î´Ù.
"Cause nothing ever lasts forever
We''''re like flowers in this vase, together
You and me, it''''s pulling me down
Tearing my down, piece by piece
And you can''''t see
That''''s it''''s like a disease
Killing me now, it''''s so hard to breathe"
-Feeder <Piece by Piece>
¶ÇÇÑ Æ¯Á¤ ¾ÈƼ ¹ÙÀÌ·¯½º ÇÁ·Î¼¼½º¸¦ Á¤Áö ½ÃÅ°´Â ±â
´ÉÀ» °¡Áö°í ÀÖ´Â °ÍÀ¸
·Î º¸ÀδÙ. |
|
|