바이러스 DB - 터보백신

바이러스 정보
터보백신에서 분석한 바이러스 위협 정보, 보안 통계를 확인할 수 있습니다.

이름: Backdoor-W32/SdBot.134144

바이러스 종류: Backdoor

실행환경: Windows

증상요약: 타켓이 되는 시스템의 정보수집

위험등급: 위험

확산방법: 네트워크, 보안취약점

치료방법: 터보백신 제품군으로 진단/치료 가능합니다.

※ 상세 설명: <?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /><o:p> </o:p> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left>*감염 경로 네트워크 공유 폴더와, 윈도우 보안패치 헛점등을 이용해서 전파및 설치된다. <o:p></o:p> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left> *증상 <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><o:p></o:p>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-INDENT: 9pt; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-char-indent-count: 1.0" align=left>-파일 생성<o:p></o:p> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-INDENT: 9pt; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-char-indent-count: 1.0" align=left>Backdoor 가 실행 되면, 일반적으로 윈도우 폴더에 drvsig.exe파일이 설치 된다    윈도우 시스템 폴더에는 rdriv.sys 라는 파일을 생성한다. <o:p></o:p> <TABLE class=MsoTableGrid style="BORDER-RIGHT: medium none; BORDER-TOP: medium none; MARGIN: auto auto auto 55.25pt; BORDER-LEFT: medium none; BORDER-BOTTOM: medium none; BORDER-COLLAPSE: collapse; mso-border-alt: solid windowtext .5pt; mso-yfti-tbllook: 480; mso-padding-alt: 0cm 5.4pt 0cm 5.4pt; mso-border-insideh: .5pt solid windowtext; mso-border-insidev: .5pt solid windowtext" cellSpacing=0 cellPadding=0 border=1> <TBODY> <TR style="HEIGHT: 28.6pt; mso-yfti-irow: 0; mso-yfti-firstrow: yes"> <TD style="BORDER-RIGHT: windowtext 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: windowtext 1pt solid; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: windowtext 1pt solid; WIDTH: 196.5pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; HEIGHT: 28.6pt; BACKGROUND-COLOR: transparent; mso-border-alt: solid windowtext .5pt" vAlign=top width=262 colSpan=2> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-line-height-alt: 13.0pt" align=center>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-line-height-alt: 13.0pt" align=center>윈도우 시스템 폴더<o:p></o:p></TD> <TD style="BORDER-RIGHT: windowtext 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: windowtext 1pt solid; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: #ece9d8; WIDTH: 145.15pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; HEIGHT: 28.6pt; BACKGROUND-COLOR: transparent; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt" vAlign=top width=194> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-line-height-alt: 13.0pt" align=center>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-line-height-alt: 13.0pt" align=center>윈도우 폴더<o:p></o:p></TD></TR> <TR style="HEIGHT: 31.7pt; mso-yfti-irow: 1"> <TD style="BORDER-RIGHT: windowtext 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: windowtext 1pt solid; WIDTH: 61.5pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; HEIGHT: 31.7pt; BACKGROUND-COLOR: transparent; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt" vAlign=top width=82> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>95/98/ME<o:p></o:p></TD> <TD style="BORDER-RIGHT: windowtext 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: #ece9d8; WIDTH: 135pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; HEIGHT: 31.7pt; BACKGROUND-COLOR: transparent; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt" vAlign=top width=180> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>C:\Windows\System<o:p></o:p></TD> <TD style="BORDER-RIGHT: windowtext 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: #ece9d8; WIDTH: 145.15pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; HEIGHT: 31.7pt; BACKGROUND-COLOR: transparent; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt" vAlign=top width=194> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>C:\Windows<o:p></o:p></TD></TR> <TR style="HEIGHT: 38.1pt; mso-yfti-irow: 2"> <TD style="BORDER-RIGHT: windowtext 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: windowtext 1pt solid; WIDTH: 61.5pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; HEIGHT: 38.1pt; BACKGROUND-COLOR: transparent; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt" vAlign=top width=82>   NT/2000<o:p></o:p></TD> <TD style="BORDER-RIGHT: windowtext 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: #ece9d8; WIDTH: 135pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; HEIGHT: 38.1pt; BACKGROUND-COLOR: transparent; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt" vAlign=top width=180> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>C\WinNT\System32<o:p></o:p></TD> <TD style="BORDER-RIGHT: windowtext 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: #ece9d8; WIDTH: 145.15pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; HEIGHT: 38.1pt; BACKGROUND-COLOR: transparent; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt" vAlign=top width=194> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>C:\WinNT<o:p></o:p></TD></TR> <TR style="HEIGHT: 33.95pt; mso-yfti-irow: 3; mso-yfti-lastrow: yes"> <TD style="BORDER-RIGHT: windowtext 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: windowtext 1pt solid; WIDTH: 61.5pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; HEIGHT: 33.95pt; BACKGROUND-COLOR: transparent; mso-border-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt" vAlign=top width=82> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>XP<o:p></o:p></TD> <TD style="BORDER-RIGHT: windowtext 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: #ece9d8; WIDTH: 135pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; HEIGHT: 33.95pt; BACKGROUND-COLOR: transparent; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt" vAlign=top width=180> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>Windows\System32<o:p></o:p></TD> <TD style="BORDER-RIGHT: windowtext 1pt solid; PADDING-RIGHT: 5.4pt; BORDER-TOP: #ece9d8; PADDING-LEFT: 5.4pt; PADDING-BOTTOM: 0cm; BORDER-LEFT: #ece9d8; WIDTH: 145.15pt; PADDING-TOP: 0cm; BORDER-BOTTOM: windowtext 1pt solid; HEIGHT: 33.95pt; BACKGROUND-COLOR: transparent; mso-border-alt: solid windowtext .5pt; mso-border-left-alt: solid windowtext .5pt; mso-border-top-alt: solid windowtext .5pt" vAlign=top width=194> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: center; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=center>C:\Windows<o:p></o:p></TD></TR></TBODY></TABLE> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left><o:p> </o:p> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; TEXT-INDENT: 94.5pt; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto; mso-char-indent-count: 10.5" align=left><o:p> </o:p> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left>-레지스트리 등록. <o:p></o:p> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left> 감염된 시스템은 자신을 다음과 같이 레지스트리에 등록해 다음 부팅시 실행되도록 조작 한다. <o:p></o:p> <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left> HKEY_LOCAL_MACHINE\ SYSTEM\CurrentControlSet\Services\Driver Signature Services <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left> ImagePath = 윈도우 폴더\drvsig.exe <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left>  <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left>HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv <P class=MsoNormal style="MARGIN: 0cm 0cm 0pt; WORD-BREAK: keep-all; LINE-HEIGHT: 13pt; TEXT-AUTOSPACE: ideograph-numeric; TEXT-ALIGN: left; mso-pagination: widow-orphan; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto" align=left> ImagePath = 윈도우 시스템 폴더\rdriv.sys <o:p></o:p> 백도어로서 동작 하게되면, 다음과 같은 시스템 오동작이 일어날 수 있다. 1. 파일 실행및 삭제 2. 포트감시 3. 키보드 타이핑 내용 저장 4. 파일 다운로드 5. ftp및 IRC 서버로 동작가능 6. 시스템 하드웨어 정보 수집 그리고 이 백도어는 LSASS 보안헛점 등  윈도우 보안 취약점을 이용하므로, 다음 보안패치를 권고한다. MS03-039 RPC DCOM2 취약점                                                                                                   -http://www.microsoft.com/korea/technet/security/bulletin/MS03-039.asp <SPAN lang=EN-US style="FONT-SIZE: 9pt; COLOR: #608533; FONT-FAMILY: 바탕; mso-bidi-font-family: ''Times New Roman''; mso-font-kerning: 1.0pt; mso-hansi-font-family: ''Times New Roman''; mso-ansi-language: EN-US; mso-fareast-language: KO; mso-bidi-language: AR-SA"> MS04-011 Microsoft Windows<SPAN style="FONT-SIZE: 9pt; COLOR: #608533; FONT-FAMILY: 바탕; mso-bidi-font-family: ''Times New Roman''; mso-font-kerning: 1.0pt; mso-hansi-font-family: ''Times New Roman''; mso-ansi-language: EN-US; mso-fareast-language: KO; mso-bidi-language: AR-SA">용 보안 업데이트 중 LSASS 취약점 - http://www.microsoft.com/korea/technet/security/bulletin/ms04-011.asp MS05-039 플러그 앤 플레이의 취약점으로 인한 원격 코드 실행 및 권한 상승 문제점 - http://www.microsoft.com/korea/technet/security/bulletin/MS05-039.mspx

※ 예방 및 수동 조치 방법

본 컨텐츠에 대한 이용 문의는 '에브리존'으로 문의하여 주십시요

이전글: Backdoor-W32/IRCBot.25020

다음글: Trojan-W32/Agent.258049

터보백신 개인용 TurboVaccine Introduce

터보백신 개인용
TurboVaccine Introduce