¿¡ºê¸®Á¸¼Ò°³ | Á¦Ç°¼Ò°³ | °í°´¼¾ÅÍ | »çÀÌÆ®¸Ê | Home
°³ÀÎ°í°´ ¿©¼º°í°´ eº¸¾È¸¶ÄÏ À̺¥Æ®
°³ÀÎ°í°´±â¾÷°í°´
º¸¾ÈÁ¢¼Ó IDÀúÀå
AD ¹«·á·Î Ã¥¹Þ¾Æ°¡¼¼¿ä!


 ¸ñ·Ï |  À­±Û |  ¾Æ·§±Û  
Worm-W32/IRCBot.103832
 ¹ÙÀÌ·¯½º Á¾·ù
Worm
 ½ÇÇàȯ°æ
Windows
 ¹ß°ßÀÏ
2004³â11¿ù08ÀÏ
 Á¦ÀÛÁö
ºÒºÐ¸í
 À§Çèµî±Þ
 È®»ê¹æ¹ý
 ¹ÙÀÌ·¯½º Å©±â
103,832 byte
 Ã·ºÎÆÄÀÏ
 ¸ÞÀÏÁ¦¸ñ
  
 Áõ»ó¿ä¾à
  
 Ä¡·á¹æ¹ý

Åͺ¸¹é½ÅAi, Åͺ¸¹é½Å Online, Åͺ¸¹é½Å 2001 Á¦Ç°±ºÀ¸·Î Ä¡·á°¡´É.

Ä¡·á ÈÄ [½ÃÀÛ]->Windows Update ¸Þ´º¸¦ ÀÌ¿ëÇÏ¿©

À©µµ¿ì ¿î¿µÃ¼Á¦ ÀÚüÀÇ º¸¾ÈÆÐÄ¡¸¦ ÇØ Áֽñ⠹ٶø´Ï´Ù.

*Lsass Vulnerability MS04-011
--> http://www.microsoft.com/korea/technet/security/bulletin/MS04-011.asp *RPC DCOM2 Vulnerability MS03-039
--> http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp

*RPC DCOM Vulnerability MS03-026
--> http://www.microsoft.com/korea/technet/security/bulletin/MS03-026.asp

*RPC Locator Vulnerability MS03-001
--> http://www.microsoft.com/korea/technet/security/bulletin/MS03-001.asp

*UPnP (Universal Plug and Play) Vulnerability MS01-054
--> http://www.microsoft.com/korea/technet/security/bulletin/MS01-054.asp


°£ÆíÇÑ ÆÐÄ¡¿¡ ´ëÇÑ ¼³¸íÀº ´ÙÀ½ ¹ÙÀÌ·¯½ºÄ®·³À» È®ÀÎÇØ Áֽñ⠹ٶø´Ï´Ù.
http://www.everyzone.com/service/info/content.asp?part=tbl_viruscolumn&id=20&GotoPage=1&block=&number=

º¸´Ù ÀÚ¼¼ÇÑ ¼³¸íÀº ´ÙÀ½ ¸µÅ©¸¦ È®ÀÎÇØ Áֽʽÿä.
http://www.everyzone.com/service/bbs/faq/content.asp?part=everyzone_faq&menu=0&id=22&GotoPage=3&block=0&number=



  
 
»ó¼¼¼³¸í
ºñÁÖ¾ó C++·Î ÀÛ¼ºµÈ ÀÌ ¿úÀº À©µµ¿ì º¸¾È º¸¾ÈÃë¾àÁ¡°ú À©µµ¿ì °øÀ¯ Æú´õ, ±×¸®°í ¾ÏÈ£°¡ ¼³Á¤µÇÁö ¾ÊÀº NT Ä¿³Î À©µµ¿ì¸¦ ÅëÇØ ÀüÆĵȴÙ.

Ư¡À¸·Î´Â ÇØ¿Ü À¯¸íÇÑ º¸¾È¾÷ü ½ÎÀÌÆ®¿Í ¾÷µ¥ÀÌÆ® ½ÎÀÌÆ®ÀÇ Á¢¼ÓÀ» ¹æÇØ Çϸç, ¹é½Å ¼ÒÇÁÆ®¿þ¾îÀÇ

ÇÁ·Î¼¼½º¸¦ °­Á¦·Î Á¾·á ÇÏ´Â ±â´ÉÀ» žÀçÇÏ°í ÀÖ´Ù.

[Ư¡]

½ÇÇà½Ã ƯÁ¤ IRC ¼­¹ö·Î ¿¬°áµÇ°Ô µÇ´Âµ¥ À̶§ À©µµ¿ì CD key, ½Ã½ºÅÛ Á¤º¸, ³×Æ®¿÷ Á¤º¸ ¹×

ÀϹÝÀûÀÎ ÇØÅ· È°µ¿ÀÎ CD-Rom ¿­°í ´Ý±â, ÇÁ·Î¼¼½º °­Á¦ Á¾·á, ¸ÞÀÏÁÖ¼Ò ¼öÁý, ÆÄÀÏ ½ÇÇà¹× »èÁ¦ µîµîÀ»

ÇÒ¼ö ÀÖ´Ù.

±×¸®°í À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win 2000, NT : c:\Winnt\system32, win XP : c:\windows\system32, win 95/98/me : c:\windows\system)¿¡

bcvsrv32.exe (103,832 byte) ¸¦ »ý¼º ÇÏ°í

´ÙÀ½Ã³·³ ·¹Áö½ºÆ®¸¦ ¼öÁ¤ÇÏ¿© ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛÇÑ´Ù.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡

Bcvsrv32 = bcvsrv32.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run \RunServices\
Ç׸ñ¿¡

Bcvsrv32 = bcvsrv32.exe

ƯÈ÷ ¾ÈƼ ¹ÙÀÌ·¯½º¹× º¸¾È ½ÎÀÌÆ®¿¡ Á¢¼ÓÀ» ¹æÇØÇÏ´Â ¹æ½ÄÀ¸·Î À©µµ¿ìÀÇ hosts ÆÄÀÏÀ» Á¶ÀÛÇÏ°Ô µÈ´Ù.

(Á¤»óÀûÀÎ hostsÀÇ ¿¹)

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a ''#'' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

(¿úÀÌ ¹Ù²Û hosts ÆÄÀÏÀÇ ¿¹)

127.0.0.1 ad.doubleclick.net
127.0.0.1 ad.fastclick.net
127.0.0.1 ads.fastclick.net
127.0.0.1 ar.atwola.com
127.0.0.1 atdmt.com
127.0.0.1 avp.ch
127.0.0.1 avp.com
127.0.0.1 avp.ru
127.0.0.1 awaps.net
127.0.0.1 banner.fastclick.net
127.0.0.1 banners.fastclick.net
127.0.0.1 ca.com
127.0.0.1 click.atdmt.com
127.0.0.1 clicks.atdmt.com
127.0.0.1 dispatch.mcafee.com
127.0.0.1 download.mcafee.com
127.0.0.1 download.microsoft.com
127.0.0.1 downloads.microsoft.com
127.0.0.1 engine.awaps.net
127.0.0.1 fastclick.net
127.0.0.1 f-secure.com
127.0.0.1 ftp.f-secure.com
127.0.0.1 ftp.sophos.com
127.0.0.1 go.microsoft.com
127.0.0.1 liveupdate.symantec.com
127.0.0.1 mast.mcafee.com
127.0.0.1 mcafee.com
127.0.0.1 media.fastclick.net
127.0.0.1 msdn.microsoft.com
127.0.0.1 my-etrust.com
127.0.0.1 nai.com
127.0.0.1 networkassociates.com
127.0.0.1 office.microsoft.com
127.0.0.1 phx.corporate-ir.net
127.0.0.1 secure.nai.com
127.0.0.1 securityresponse.symantec.com
127.0.0.1 service1.symantec.com
127.0.0.1 sophos.com
127.0.0.1 spd.atdmt.com
127.0.0.1 support.microsoft.com
127.0.0.1 symantec.com
127.0.0.1 update.symantec.com
127.0.0.1 updates.symantec.com
127.0.0.1 us.mcafee.com
127.0.0.1 vil.nai.com
127.0.0.1 viruslist.ru
127.0.0.1 windowsupdate.microsoft.com
127.0.0.1 www.avp.ch
127.0.0.1 www.avp.com
127.0.0.1 www.avp.ru
127.0.0.1 www.awaps.net
127.0.0.1 www.ca.com
127.0.0.1 www.fastclick.net
127.0.0.1 www.f-secure.com
127.0.0.1 www.kaspersky.ru
127.0.0.1 www.mcafee.com
127.0.0.1 www.my-etrust.com
127.0.0.1 www.nai.com
127.0.0.1 www.networkassociates.com
127.0.0.1 www.sophos.com
127.0.0.1 www.symantec.com
127.0.0.1 www.trendmicro.com
127.0.0.1 www.viruslist.ru
127.0.0.1 www3.ca.com
 
¿¹¹æ ¹× ¼öµ¿Á¶Ä¡¹æ¹ý
¹«´ÜÀüÀç¤ý¹èÆ÷±ÝÁö
¿¡ºê¸®Á¸¿¡¼­ Á¦°øÇÏ´Â ¸ðµç ÄÁÅÙÃ÷ Á¤º¸¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¿¡ºê¸®Á¸ÀÇ ¼ÒÀ¯ÀÌ¸ç °ü·Ã¹ýÀÇ º¸È£¸¦ ¹Þ½À´Ï´Ù.
¿¡ºê¸®Á¸ÀÇ »çÀü Çã°¡ ¾øÀÌ ¿¡ºê¸®Á¸ ÄÁÅÙÃ÷¸¦ ¹«´ÜÀ¸·Î ÀüÀç, ¹èÆ÷¸¦ ±ÝÁöµÇ¾î ÀÖ½À´Ï´Ù.
À̸¦ À§¹ÝÇÏ´Â °æ¿ì ¼ÕÇعè»óÀÇ ´ë»ó ¶Ç´Â ¹Î.Çü»ç»óÀÇ ¹ýÀû ¼Ò¼Û ´ë»óÀÌ µÉ ¼ö ÀÖ½À´Ï´Ù.
                                                                 * ¿¡ºê¸®Á¸ Á¤º¸ ÀÌ¿ë ¹®ÀÇ : greenking@everyzone.com
 ¸ñ·Ï