*°¨¿°
°æ·Î
³×Æ®¿öÅ©
°øÀ¯
Æú´õ¿Í,
À©µµ¿ì
º¸¾ÈÆÐÄ¡
ÇêÁ¡µîÀ»
ÀÌ¿ëÇؼ
ÀüÆĹ×
¼³Ä¡µÈ´Ù.
*Áõ»ó
-ÆÄÀÏ
»ý¼º
Backdoor
°¡
½ÇÇà
µÇ¸é,
ÀϹÝÀûÀ¸·Î
À©µµ¿ì
Æú´õ¿¡
drvsig.exeÆÄÀÏÀÌ
¼³Ä¡
µÈ´Ù
À©µµ¿ì
½Ã½ºÅÛ
Æú´õ¿¡´Â
rdriv.sys
¶ó´Â
ÆÄÀÏÀ»
»ý¼ºÇÑ´Ù.
À©µµ¿ì
½Ã½ºÅÛ
Æú´õ |
À©µµ¿ì
Æú´õ |
95/98/ME |
C:\Windows\System |
C:\Windows |
NT/2000 |
C\WinNT\System32 |
C:\WinNT |
XP |
Windows\System32 |
C:\Windows |
-·¹Áö½ºÆ®¸®
µî·Ï.
°¨¿°µÈ
½Ã½ºÅÛÀº
ÀÚ½ÅÀ»
´ÙÀ½°ú
°°ÀÌ
·¹Áö½ºÆ®¸®¿¡
µî·ÏÇØ
´ÙÀ½
ºÎÆýÃ
½ÇÇàµÇµµ·Ï
Á¶ÀÛ
ÇÑ´Ù.
HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\Services\Driver Signature Services
ImagePath = À©µµ¿ì Æú´õ\drvsig.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv
ImagePath = À©µµ¿ì ½Ã½ºÅÛ
Æú´õ\rdriv.sys
¹éµµ¾î·Î¼
µ¿ÀÛ
ÇϰԵǸé,
´ÙÀ½°ú
°°Àº
½Ã½ºÅÛ
¿Àµ¿ÀÛÀÌ
ÀϾ
¼ö
ÀÖ´Ù.
1. ÆÄÀÏ
½ÇÇà¹×
»èÁ¦
2. Æ÷Æ®°¨½Ã
3. Å°º¸µå
ŸÀÌÇÎ
³»¿ë
ÀúÀå
4. ÆÄÀÏ
´Ù¿î·Îµå
5. ftp¹×
IRC ¼¹ö·Î
µ¿ÀÛ°¡´É
6. ½Ã½ºÅÛ
Çϵå¿þ¾î
Á¤º¸
¼öÁý
±×¸®°í
ÀÌ
¹éµµ¾î´Â
LSASS º¸¾ÈÇêÁ¡
µî À©µµ¿ì
º¸¾È
Ãë¾àÁ¡À»
ÀÌ¿ëÇϹǷÎ,
´ÙÀ½
º¸¾ÈÆÐÄ¡¸¦
±Ç°íÇÑ´Ù.
MS03-039
RPC DCOM2 Ãë¾àÁ¡
-http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp
MS04-011 Microsoft Windows¿ë º¸¾È ¾÷µ¥ÀÌÆ® Áß LSASS Ãë¾àÁ¡ -
http://www.microsoft.com/korea/technet/security/bulletin/ms04-011.asp
MS05-039 Ç÷¯±× ¾Ø Ç÷¹ÀÌÀÇ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¿ø°Ý ÄÚµå ½ÇÇà ¹× ±ÇÇÑ
»ó½Â ¹®Á¦Á¡ -
http://www.microsoft.com/korea/technet/security/bulletin/MS05-039.mspx
|