¿¡ºê¸®Á¸¼Ò°³ | Á¦Ç°¼Ò°³ | °í°´¼¾ÅÍ | »çÀÌÆ®¸Ê | Home
°³ÀÎ°í°´ ¿©¼º°í°´ eº¸¾È¸¶ÄÏ À̺¥Æ®
°³ÀÎ°í°´±â¾÷°í°´
º¸¾ÈÁ¢¼Ó IDÀúÀå
AD ¹«·á·Î Ã¥¹Þ¾Æ°¡¼¼¿ä!


 ¸ñ·Ï |  À­±Û |  ¾Æ·§±Û  
Backdoor-W32/RBot.96768
 ¹ÙÀÌ·¯½º Á¾·ù
Backdoor
 ½ÇÇàȯ°æ
Windows
 ¹ß°ßÀÏ
2005³â06¿ù25ÀÏ
 Á¦ÀÛÁö
ºÒºÐ¸í
 À§Çèµî±Þ
º¸Åë
 È®»ê¹æ¹ý
³×Æ®¿öÅ©, º¸¾ÈÃë¾à¼º
 ¹ÙÀÌ·¯½º Å©±â
96,768 Bytes
 Ã·ºÎÆÄÀÏ
 ¸ÞÀÏÁ¦¸ñ
  
 Áõ»ó¿ä¾à
  Å¸ÄÏÀÌ µÇ´Â ½Ã½ºÅÛÀÇ Á¤º¸¿­¶÷, ¼­ºñ½º °ÅºÎ °ø°Ý, ÇÁ·Î¼¼½º Á¾·á
 Ä¡·á¹æ¹ý

Åͺ¸¹é½Å Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.



  
 
»ó¼¼¼³¸í
³×Æ®¿öÅ© °øÀ¯ Æú´õ¿Í, À©µµ¿ì º¸¾ÈÆÐÄ¡ ÇêÁ¡µîÀ» ÀÌ¿ëÇؼ­ ÀüÆÄ¹× ¼³Ä¡µÈ´Ù.

Backdoor °¡ ½ÇÇà µÇ¸é, ÀϹÝÀûÀ¸·Î À©µµ¿ì ½Ã½ºÅÛ Æú´õ
(win9x: C:\Windows\system, win XP: C:\Windows\system32, win2000, NT : C:\WinNT\system32)
¿¡ OfficeGUI1.exe(96,768 Bytes) ÆÄÀÏÀÌ ¼³Ä¡µÈ´Ù.

À̶§ ÇØ´ç ÆÄÀÏÀÌ µ¿ÀÛÇÏ°Ô µÇ¸é ÀÚ½ÅÀ» ´ÙÀ½°ú °°ÀÌ ·¹Áö½ºÆ®¸®¿¡
µî·ÏµÇ¾î ´ÙÀ½ ºÎÆýà ½ÇÇàµÇµµ·Ï Á¶ÀÛ ÇÑ´Ù.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡

MS Office1 Startup = OfficeGUI1.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Ç׸ñ¿¡

MS Office1 Startup = OfficeGUI1.exe

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
Ç׸ñ¿¡

MS Office1 Startup = OfficeGUI1.exe

HKEY_CURRENT_USER\Software\Microsoft\OLE
Ç׸ñ¿¡

Microsoftf smss Control = smss.pif

À» »ý¼ºÇÑ´Ù.


´ÙÀ½°ú °°Àº Á¤º¸¸¦ ÀÌ¿ëÇÏ¿© ½Ã½ºÅÛ ±ÇÇÑ ¾ò±â¸¦ ½Ãµµ ÇÑ´Ù.

12345
123456
1234567
12345678
123456789
1234567890
access
accounting
accounts
admin
administrador
administrat
administrateur
administrator
admins
backup
bitch
blank
brian
changeme
chris
cisco
compaq
computer
control
database
databasepass
databasepassword
db1234
dbpass
dbpassword
default
domain
domainpass
domainpassword
exchange
george
guest
hello
homeuser
internet
intranet
katie
linux
login
loginpass
nokia
oeminstall
oemuser
office
oracle
orainstall
outlook
owner
pass1234
passwd
password
password1
peter
qwerty
server
siemens
sqlpassoainstall
staff
student
susan
system
teacher
technical
win2000
win2k
win98
windows
winnt
winpass
winxp
wwwadmin


¹éµµ¾î·Î¼­ µ¿ÀÛ ÇϰԵǸé, ´ÙÀ½°ú °°Àº ½Ã½ºÅÛ ¿Àµ¿ÀÛÀÌ ÀϾ ¼ö ÀÖ´Ù.

1. ÆÄÀÏ ½ÇÇà
2. IP ÁÖ¼Ò¿Í Æ÷Æ®¸¦ ½ºÄµ
3. Ÿ°Ù ½Ã½ºÅÛ¿¡ ping °ø°Ý
4. ÆÄÀÏ ´Ù¿î·Îµå
5. ÇÁ·Î¼¼½º Á¾·á
6. ÀͽºÇ÷η¯ °­Á¦ ½ÇÇà

±×¸®°í ÀÌ ¹éµµ¾î´Â WebDav ¹öÆÛ ¿À¹ö Ç÷οì À§Çè, RPC/DCOM, RPCSS Servie,

LSASS ¿À·ù À§ÇèµîÀ» ÀÌ¿ëÇϹǷÎ, ´ÙÀ½ º¸¾ÈÆÐÄ¡¸¦ ±Ç°íÇÑ´Ù.

*MS03-007 À©µµ¿ì ±¸¼º¿ä¼Ò ¿À·ù
http://www.microsoft.com/korea/technet/security/bulletin/MS03-007.asp

*MS03-026 RPC ¹öÆÛ ¿À¹ö·± ¿À·ù
http://www.microsoft.com/korea/technet/security/bulletin/MS03-026.asp

*MS03-039 RPCSS ¼­ºñ½º ¹öÆÛ ¿À¹ö·± ¿À·ù
http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp

*MS04-011 RPCSS ¿ø°ÝÄÚµå ½ÇÇà
http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp
 
¿¹¹æ ¹× ¼öµ¿Á¶Ä¡¹æ¹ý
¹«´ÜÀüÀç¤ý¹èÆ÷±ÝÁö
¿¡ºê¸®Á¸¿¡¼­ Á¦°øÇÏ´Â ¸ðµç ÄÁÅÙÃ÷ Á¤º¸¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¿¡ºê¸®Á¸ÀÇ ¼ÒÀ¯ÀÌ¸ç °ü·Ã¹ýÀÇ º¸È£¸¦ ¹Þ½À´Ï´Ù.
¿¡ºê¸®Á¸ÀÇ »çÀü Çã°¡ ¾øÀÌ ¿¡ºê¸®Á¸ ÄÁÅÙÃ÷¸¦ ¹«´ÜÀ¸·Î ÀüÀç, ¹èÆ÷¸¦ ±ÝÁöµÇ¾î ÀÖ½À´Ï´Ù.
À̸¦ À§¹ÝÇÏ´Â °æ¿ì ¼ÕÇعè»óÀÇ ´ë»ó ¶Ç´Â ¹Î.Çü»ç»óÀÇ ¹ýÀû ¼Ò¼Û ´ë»óÀÌ µÉ ¼ö ÀÖ½À´Ï´Ù.
                                                                 * ¿¡ºê¸®Á¸ Á¤º¸ ÀÌ¿ë ¹®ÀÇ : greenking@everyzone.com
 ¸ñ·Ï