|
ºñÁÖ¾ó º£ÀÌÁ÷À¸·Î ¸¸µé¾î Á³À¸¸ç ÷ºÎÆÄÀÏÀÌ ¾ø´Â ¸ÞÀÏÀ» ÅëÇØ ÀüÆĵȴÙ.
C:\Program Files\Common Files\Microsoft Shared\Stationery Æú´õ¿¡
blank.htm ¹ÙÀÌ·¯½º ÆÄÀÏÀ» »ý¼º ÇÏ¿©, À̸¦ ÀÌ¿ëÇÑ ¸ÞÀÏÀÇ HTMLÄڵ带
ÅëÇØ Microsoft VM ActiveX component vulnerability ÀÇ Ãë¾à¼ºÀ» ÀÌ¿ëÇÏ
¿© ÀÚµ¿À¸·Î .html, .htm, .asp, .php, .jsp, and .vbs ÆÄÀÏÀ» °¨¿°½ÃŲ´Ù.
¹ÙÀÌ·¯½º°¡ ½ÇÇà µÇ¸é °¨¿°½Ã ½Ã½ºÅÛ Æú´õ(Win9x : C:\windows\system,
Win2000, NT, XP : C:\Winnt\system32)¿¡
¿¡ kernel.dll¶Ç´Â Kernel32.dll¸¦ »ý¼º ÇÏ°Ô µÇ´Âµ¥ ÀÌ´Â À©µµ¿ì Æú´õ¿¡
WSCRIP.exeÆÄÀÏÀÇ Á¸Àç ¿©ºÎ¿¡ µû¶ó ¼±Åà µÇ¾î Áø´Ù.
´ÙÀ½À¸·Î HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run Ç׸ñ¿¡ Kernel32¸¦ »ý¼ºÇÏ°í ´ÙÀ½°ú °°Àº °ªÀ» Ãß°¡ ÇÑ´Ù.
c:\window\SYSTEM\Kernel32.dll ¶Ç´Â c:\window\SYSTEM\Kernel.dll
¶ÇÇÑ ´ÙÀ½ÀÇ ·¹Áö½ºÆ®¸® °ªÀ» ¼³Á¤ÇÑ´Ù.
HKEY_CLASSES_ROOT\.dll\
(±âº»°ª) dllfile
Content Type application/x-msdownload ·Î ¼ÂÆÃ(´ëºÎºÐ ½Ã½ºÅÛÀÇ µðÆúÆ®
°ª)
HKEY_CLASSES_ROOT\dllfile\
DefaultIcon À» HKEY_CLASSES_ROOT\vxdfile\DefaultIcon °ªÀ¸·Î º¯°æ
ScriptEngine À» VBScript·Î º¯°æ
ShellEx\PropertySheetHandlers\WSHProps\ {60254CA5-953B-11CF-8C96-
00AA00B8708C}·Î ¼³Á¤
ScriptHostEncode À» {85131631-480C-11D2-B1F9-00C04F86C324} ·Î ¼³Á¤
HKEY_CLASSES_ROOT\dllFile\Shell\Open\Command\
WScript.exe ÆÄÀÏÀÌ Á¸ÀçÇÏ´Â °æ¿ì
(±âº»°ª) c:\Windows\WScript.exe "%1" %*
¾ø´Â °æ¿ì
(±âº»°ª) c:\Windows\system32\WScript.exe "%1" %* °ª º¯°æ
|
|
|