|
|
 |
|
   |
|
|
|
| |
| Adware/Bestcode.Icon0049 |
|
| Á¾·ù |
|
|
|
°¨¿°°æ·Î
|
|
|
|
| Ä¡·á¹æ¹ý |
|
¿¡ºê¸®Á¸ Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.
 |
|
|
|
|
|
|
|
Adware_Bestcode_Icon0049´Â °í°´ÀÇ µ¿ÀÇ ¾øÀÌ Æ¯Á¤½ÎÀÌÆ®·Î ¹æ¹®À» À¯µµÇÏ´Â ¾ÆÀÌÄÜ »ý¼ºÇÏ´Â ¾Ç¼ºÄÚµåÀÌ´Ù.
[Æú´õ ¹× ÆÄÀÏ]
Adware_Bestcode_Icon0049°¡ »ý¼ºÇÏ´Â Æú´õ ¹× ÆÄÀÏÀº ´ÙÀ½°ú °°´Ù.
C:\windows\system32\icon0049.ocx
C:\windows\Downloaded Program Files\icon0049.inf
[·¹Áö½ºÆ®¸®]
Adware_Bestcode_Icon0049°¡ »ý¼ºÇÏ´Â ·¹Áö½ºÆ®¸®´Â ´ÙÀ½°ú °°´Ù.
HKEY_CLASSES_ROOT\CLSID\{019F392B-5357-4D36-897D-906F8DCB1814}
HKEY_CLASSES_ROOT\CLSID\{D7539129-343F-4438-B200-64239AECDBA9}
HKEY_CLASSES_ROOT\ICON0049.Icon0049Ctrl.1
HKEY_CLASSES_ROOT\Interface\{3490C349-0434-42D1-AA49-4CDD7659B72C}
HKEY_CLASSES_ROOT\Interface\{A95ABB0A-DB42-4229-92F3-9CAFF29DE2D6}
HKEY_CLASSES_ROOT\TypeLib\{E5C02B87-2360-4E1D-BF6D-AC07E5FB7ADE}
Ä¡·á¹æ¹ý
SpyVaccine, PCsaferµîÀ» ÀÌ¿ëÇÑ Ä¡·á°¡ °¡Àå ÁÁÀº ¹æ¹ýÀÌ´Ù.
½ÅÁ¾/º¯Á¾ÀÇ ÀÇÇÑ Ä¡·áÀÇ ¾î·Á¿òÀº ½Å°í󸮿¡ ÀÇÇØ ¼ºñ½º ¹ÞÀ» ¼ö ÀÖ´Ù.
|
|
|
|
| |
| |
| |
| Adware/Toolbar.Cashon |
|
| Á¾·ù |
|
|
|
°¨¿°°æ·Î
|
|
|
|
| Ä¡·á¹æ¹ý |
|
¿¡ºê¸®Á¸ Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.
|
|
|
|
|
|
|
|
Adware/Toolbar.Cashon´Â »ç¿ëÀÚÀÇ µ¿ÀÇ ¾øÀÌ ÁÖ¼ÒÇ¥½ÃÁÙÀ» Àڽŵé Åø¹Ù·Î ´ëü ÇÏ´Â CashonToolbar¶ó´Â ToolbarÇü AdwareÀÌ´Ù.
¼³Ä¡ Æú´õ
%prog%\Cashon À¸·Î »ý¼ºÀÌ µÈ´Ù
¼³Ä¡ ÆÄÀÏ
%prog%\Cashon\bin\cashbho[»ý¼º´ç½Å½Ã°£].dll
%prog%\Cashon\bin\CashOnBand[»ý¼º´ç½Å½Ã°£].dll
%prog%\Cashon\bin\CashOnUpdate.exe
À¸·Î Á¸Àç ÇÑ´Ù.
·¹Áö½ºÆ®¸®
Adware/Toolbar.Cashon°¡ »ý¼ºÇÏ´Â ´ëÇ¥ÀûÀÎ ·¹Áö½ºÆ®¸® °ªÀº ´ÙÀ½°ú °°´Ù.
HKEY_CLASSES_ROOT\CLSID\\{B5D6A850-B262-4ABE-8935-72AA9DE5A6D0}^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\CashOnBand08181737.CashOn^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\CashOnBand08181737.CashOn.1^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\CashOn.CashOnA^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\CashOn.CashOnA.1^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\CashOnA Control^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\CashOnA Control.1^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\CashonButton08070248.TCashonButton^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\CashonButton08070248.TCashonButton.1^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\cashbho08181737.Cashon-bho^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\cashbho08181737.Cashon-bho.1^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\TypeLib\\{37800503-C608-4753-B140-4ECB0F88C210}^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\Interface\\{348BBC5B-C6ED-4AD1-BC73-2C28078BDB99}^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
HKEY_CLASSES_ROOT\Interface\\{6698CB48-CB59-41C8-A7DF-2F1B520BC534}^^", Key, REG_SZ, REG_NORMAL, BCT_ADWARE, TYPE_CRK },
Ä¡·á¹æ¹ý
SpyVaccine, PCsaferµîÀ» ÀÌ¿ëÇÑ Ä¡·á°¡ °¡Àå ÁÁÀº ¹æ¹ýÀÌ´Ù.
%prog%\Cashon\bin\cashbho[»ý¼º´ç½Å½Ã°£].dll
%prog%\Cashon\bin\CashOnBand[»ý¼º´ç½Å½Ã°£].dll
ÀÌ µÎÆÄÀÏÀº explorer¿¡ Á¢±Ù ÇØ Àֱ⠶§¹®¿¡ ÀçºÎÆÃÀÌ ÈÄ »èÁ¦°¡ µÉ °ÍÀÌ´Ù.
Á¦°ÅÅø·Î Ä¡·á °Ë»ç ÈÄ ÀçºÎÆýà °°Àº À̸§ÀÇ °Ë»ç°á°ú°¡ ³ª¿Ã°ÍÀε¥,
ÀÌ´Â ÆÄÀÏ »èÁ¦ ÈÄ Æú´õ°¡ »èÁ¦ ¾ÈµÈ °ÍÀÌ´Ï, ´Ù½Ã Çѹø °Ë»ç Ä¡·á ÇÏ°Ô µÇ¸é ±ú²ýÇÏ°Ô Ä¡·á°¡ µÉ°ÍÀÌ´Ù.
½ÅÁ¾/º¯Á¾ÀÇ ÀÇÇÑ Ä¡·áÀÇ ¾î·Á¿òÀº ½Å°í󸮿¡ ÀÇÇØ ¼ºñ½º ¹ÞÀ» ¼ö ÀÖ´Ù.
|
|
|
|
| |
| |
| |
| Adware/Vundo |
|
| Á¾·ù |
|
|
|
°¨¿°°æ·Î
|
|
|
|
| Ä¡·á¹æ¹ý |
|
¿¡ºê¸®Á¸ Á¦Ç°±ºÀ¸·Î Áø´Ü/Ä¡·á °¡´ÉÇÕ´Ï´Ù.
|
|
|
|
|
|
|
|
ÀÎÅÍ³Ý ÀͽºÇ÷η¯¸¦ ÅëÇØ Æ¯Á¤ »çÀÌÆ®¸¦ ¹æ¹®Çϸé Æ˾÷ ±¤°í¸¦ ¶ç¿ì´Â ¿ªÈ°À» ÇÑ´Ù.
¾ó¸¶Àü ±îÁö ÆÄÀÏÀº À©µµ¿ì ½Ã½ºÅÛ Æú´õ(win9x: C:\Windows\System, win XP: C:\Windows\System32, win2000, NT : C:\WinNT\System32)¿¡ »ý¼ºÀÌ µÇ¸é,
jkklk.dll, awvtr.dll, pmkhf.dll¿Í °°ÀÌ ÀÚ¸®¼ö ¾ø´Â ºÒ ƯÁ¤ 5ÀÚ¸® ¹®ÀÚ Á¶ÇÕÀ¸·Î Çü¼ºµÈ¾îÁ® ¿Ô´Ù.
ÇÏÁö¸¸, Ãֽſ¡ µé¾î, ÀÚ¸® ¼ö¿Í, ÆÄÀÏ Çü½ÄÀÌ Á¶±Ý¾¿ º¯Çü µÇ¾îÁö°í ÀÖ´Â ½ÇÁ¤ÀÌ´Ù.
·¹Áö°ªÀ¸·Î´Â
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\\indowsNT\CurrentVersion\Winlogon\Notify ¿¡ µî·Ï µÇ¾î Áö¸ç,
BHO(Browser Helper Objects)¿¡ µî·ÏµÇ¾î Á¸ÀçÇÏ´Â °æ¿ìµµ ÀÖ´Ù.
-- Look2me Sample --
C:\WINDOWS\System32\jkklk.dll
C:\WINDOWS\System32\awvtr.dll
C:\WINDOWS\System32\awvtt.dll
C:\WINDOWS\System32\ddabb.dll
C:\WINDOWS\System32\vtstr.dll
C:\WINDOWS\System32\ssqrr.dll
C:\WINDOWS\System32\pmkhf.dll
C:\WINDOWS\System32\sstqn.dll
C:\WINDOWS\System32\vturq.dll
-- Ä¡ ·á ¹æ ¹ý --
Vundo´Â º¯Á¾/½ÅÁ¾ÀÌ °è¼ÓÇؼ ³ª¿À°í ÀÖ´Â »óȲÀÌ´Ù.
Vundo·Î ÀǽÉÀÌ µÈ´Ù »ý°¢À̵Ǹé,
SpyVaccine, PCsaferµîÀ» ÀÌ¿ëÇÑ Ä¡·á°¡ °¡Àå ÁÁÀº ¹æ¹ýÀÌ´Ù.
½ÅÁ¾/º¯Á¾ÀÇ ÀÇÇÑ Ä¡·áÀÇ ¾î·Á¿òÀº ½Å°í󸮿¡ ÀÇÇØ ¼ºñ½º ¹ÞÀ»¼ö ÀÖ´Ù. |
|
|
|
| |
| |
| |
| ¹«´ÜÀüÀç¤ý¹èÆ÷±ÝÁö |
|
¿¡ºê¸®Á¸¿¡¼ Á¦°øÇÏ´Â ¸ðµç ÄÁÅÙÃ÷ Á¤º¸¿¡ ´ëÇÑ ÀúÀÛ±ÇÀº ¿¡ºê¸®Á¸ÀÇ ¼ÒÀ¯ÀÌ¸ç °ü·Ã¹ýÀÇ º¸È£¸¦ ¹Þ½À´Ï´Ù.
¿¡ºê¸®Á¸ÀÇ »çÀü Çã°¡ ¾øÀÌ ¿¡ºê¸®Á¸ ÄÁÅÙÃ÷¸¦ ¹«´ÜÀ¸·Î ÀüÀç, ¹èÆ÷¸¦ ±ÝÁöµÇ¾î ÀÖ½À´Ï´Ù.
À̸¦ À§¹ÝÇÏ´Â °æ¿ì ¼ÕÇعè»óÀÇ ´ë»ó ¶Ç´Â ¹Î.Çü»ç»óÀÇ ¹ýÀû ¼Ò¼Û ´ë»óÀÌ µÉ ¼ö ÀÖ½À´Ï´Ù.
* ¿¡ºê¸®Á¸ Á¤º¸ ÀÌ¿ë ¹®ÀÇ : greenking@everyzone.com |
|
|
|
|
|
|
|
|
|
|
Home 
