¿¡ºê¸®Á¸¼Ò°³ | Á¦Ç°¼Ò°³ | °í°´¼¾ÅÍ | »çÀÌÆ®¸Ê | Home
°³ÀÎ°í°´ ¿©¼º°í°´ eº¸¾È¸¶ÄÏ À̺¥Æ®
°³ÀÎ°í°´±â¾÷°í°´
º¸¾ÈÁ¢¼Ó IDÀúÀå
AD ¹«·á·Î Ã¥¹Þ¾Æ°¡¼¼¿ä!


 ¸ñ·Ï |  À­±Û |  ¾Æ·§±Û  
W32/PiBi@mm
 ¹ÙÀÌ·¯½º Á¾·ù
Worm
 ½ÇÇàȯ°æ
Win9x, Win2000, NT
 ¹ß°ßÀÏ
2002³â11¿ù03ÀÏ
 Á¦ÀÛÁö
ºÒºÐ¸í
 À§Çèµî±Þ
 È®»ê¹æ¹ý
 ¹ÙÀÌ·¯½º Å©±â
32,256 Bytes
 Ã·ºÎÆÄÀÏ
setup.exe
 ¸ÞÀÏÁ¦¸ñ
  Internet Explorer vulnerability patch
 Áõ»ó¿ä¾à
  
 Ä¡·á¹æ¹ý

Åͺ¸¹é½Å Ai, Åͺ¸¹é½Å 2001 ¶Ç´Â Åͺ¸¹é½Å OnlineÀ¸ ·Î Ä¡·á°¡´ÉÇÕ´Ï´Ù.

ºÎÁ¤È®ÇÑ MIME Çì´õ¸¦ ÀÌ¿ëÇÏ¿© E-mail÷ºÎÆÄÀÏÀ» ½ÇÇàÇϵµ·Ï ¾ß±âÇÏ´Â º¸ ¾È ¹ö±×¿Í ÷ºÎµÇ´Â HTML ÆÄÀÏÀº Microsoft VM ActiveX ComponentÀÇ ÇãÁ¡ À» ÀÌ¿ë ÇϹǷΠ¸ÞÀÏÀ» Ŭ¸¯ ÇÏ´Â °Í¸¸À¸·Î °¨¿°µÉ ¼ö ÀÖ´Ù.

ÀÌ ¹ö±×¸¦ ¼öÁ¤Çϱâ À§Çؼ­ ¾Æ·¡ »çÀÌÆ®¿¡¼­ ÆÐÄ¡¸¦ ¹Þ¾Æ Àû¿ëÇϱ⠹ٶõ ´Ù.

< Outlook Express >
- http://www.microsoft.com/windows/ie/downloads/critical/q3 23759ie/default.asp

< Outlook 2000 >
- http://office.microsoft.com/korea/downloads/2000/Out2ksec .aspx

< Outlook 2002(Office XP) >
- http://office.microsoft.com/korea/Downloads/2002/oxpsp2.a spx

  
 
»ó¼¼¼³¸í
°¨¿°µÈ À̸ÞÀÏÀÇ Ã·ºÎ ÆÄÀÏ°ú, KazaA, IRC¸¦ ÅëÇØ Àü
ÆÄ µÈ´Ù.
¸¶ÀÌÅ©·Î ¼ÒÇÁÆ® ºñÁÖ¾ó C++·Î ÄÚµùµÇ¾î ÀÖÀ¸¸ç, UPX
¾ÐÃàÇÁ·Î±×·¥À¸·Î ¾ÐÃà
µÇ ÀÖ´Ù.
ºÎÁ¤È®ÇÑ MIME Çì´õ¸¦ ÀÌ¿ëÇÏ¿© E-mail÷ºÎÆÄÀÏÀ» ½Ç
ÇàÇϵµ·Ï ¾ß±âÇÏ´Â º¸
¾È ¹ö±×¸¦ ÀÌ¿ë ÇϹǷΠ¸ÞÀÏÀ» Ŭ¸¯ ÇÏ´Â °Í¸¸À¸·Î °¨
¿°µÉ ¼ö ÀÖ´Ù.

¸ÞÀÏ º»¹®Àº ´ÙÀ½°ú °°´Ù.

You will find all you need in the attachment.

ÆÄÀÏÀÌ ½ÇÇàµÇ¸é À©µµ¿ìÀÇ ½Ã½ºÅÛ Æú´õ(win9x :
c:\windows\system,
Win2000 : c:\Winnt\system32)¿¡ winsysXXX.exeÆÄÀÏ
°ú win32sysXXX.zipÆÄÀÏ
À» »ý¼ºÇÑ´Ù.(XXX : ·£´ýÇÑ ¼ýÀÚ)

¶ÇÇÑ ´ÙÀ½°ú °°ÀÌ ·¹Áö½ºÆ®¸®¸¦ Á¶ÀÛÇÑ´Ù.

HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre
ntVersion\Run
Ç׸ñ¿¡
Win9x ÀÎ °æ¿ì : Windows task32 sys =
c:\windows\system\winsysXXX.exe
Win2000 Àΰæ¿ì: Windows task32 sys =
c:\winnt\system32\winsysXXX.exe
(XXX : ·£´ýÇÑ ¼ýÀÚ)

HKEY_LOCAL_MACHINE\Software\RedCell
Ç׸ñÀ» »ý¼º
infected = yes

KaZaA¸¦ ÅëÇÑ °¨¿°ÆÄÀÏÀº ¾Æ·¡ÀÇ À̸§À» ·£´ýÇÏ°Ô ¼±
ÅÃÇÏ¿© ÀüÆĵȴÙ.
icq2002.exe
wincrack.exe
winamp3.exe
mirc6.exe

¶ÇÇÑ IRC ÇÁ·Î±×·¥À» »ç¿ëÇÑ´Ù¸é ÇØ´ç µð·ºÅ丮¿¡
SCRIPT.INI ÆÄÀÏÀ» »ý¼º
ÇÏ°Ô µÇ´Âµ¥, ÀÌÆÄÀÏ¿£ win32sysXXX.zipÀ» Àü¼ÛÇÏ´Â
½ºÅ©¸³Æ®°¡ Æ÷Ç﵂ ÀÖ
´Ù.

÷ºÎµÈ ÆÄÀÏÀ» ½ÇÇà ÇÑÈÄ ´ÙÀ½°ú °°Àº ¿¡·¯ ¸Þ½ÃÁö¸¦
¶ç¿ì¸ç, ½ÇÇàÇÒ¼ö ¾ø
´Â °Íó·³ À§ÀåÇÑ´Ù.

This program has performed an illegal operation

9¿ù 15ÀÏ¿¡ ´ÙÀ½°ú °°Àº ¸Þ½ÃÁö âÀ» ¶ç¿î´Ù.

"Cause nothing ever lasts forever
We''''re like flowers in this vase, together
You and me, it''''s pulling me down
Tearing my down, piece by piece
And you can''''t see
That''''s it''''s like a disease
Killing me now, it''''s so hard to breathe"
-Feeder <Piece by Piece>

¶ÇÇÑ Æ¯Á¤ ¾ÈƼ ¹ÙÀÌ·¯½º ÇÁ·Î¼¼½º¸¦ Á¤Áö ½ÃÅ°´Â ±â
´ÉÀ» °¡Áö°í ÀÖ´Â °ÍÀ¸
·Î º¸ÀδÙ.
 
¿¹¹æ ¹× ¼öµ¿Á¶Ä¡¹æ¹ý
¹«´ÜÀüÀç¤ý¹èÆ÷±ÝÁö
¿¡ºê¸®Á¸¿¡¼­ Á¦°øÇÏ´Â ¸ðµç ÄÁÅÙÃ÷ Á¤º¸¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¿¡ºê¸®Á¸ÀÇ ¼ÒÀ¯ÀÌ¸ç °ü·Ã¹ýÀÇ º¸È£¸¦ ¹Þ½À´Ï´Ù.
¿¡ºê¸®Á¸ÀÇ »çÀü Çã°¡ ¾øÀÌ ¿¡ºê¸®Á¸ ÄÁÅÙÃ÷¸¦ ¹«´ÜÀ¸·Î ÀüÀç, ¹èÆ÷¸¦ ±ÝÁöµÇ¾î ÀÖ½À´Ï´Ù.
À̸¦ À§¹ÝÇÏ´Â °æ¿ì ¼ÕÇعè»óÀÇ ´ë»ó ¶Ç´Â ¹Î.Çü»ç»óÀÇ ¹ýÀû ¼Ò¼Û ´ë»óÀÌ µÉ ¼ö ÀÖ½À´Ï´Ù.
                                                                 * ¿¡ºê¸®Á¸ Á¤º¸ ÀÌ¿ë ¹®ÀÇ : greenking@everyzone.com
 ¸ñ·Ï