이름

W32/Netsky.25353@mm

바이러스 종류

Worm

실행환경

windows

증상요약

null

위험등급

null

확산방법

null

치료방법

터보백신Ai, 터보백신 Online, 터보백신 2001 제품군으로 치료가능. 터보백신 Ai를 사용하시고 아웃룩을 사용하신 다면 반드시 이메일 감시기를 실행하시기 바랍니다.  

※ 상세 설명

이 웜은 이메일을 통하여 2월 25일 부터 전파되었으며 국내에는 <br> 2월 26일 부터 전파되기 시작한 것으로 추정된다.<br> 웜을 포함한 이메일은 아래와 같은 내용을 가지고 있다.<br> <br> <br> [메일 제목]<br> <br> Delivery Failed <br> Here is it <br> I''m back! <br> Question <br> Re: Re: Re: Re: re: take it error <br> Re: excuse me <br> Re: excuse me <br> Re: hello <br> Re: hey exception <br> Re: hi <br> Re: important <br> Re: information <br> Re: unknown dear <br> Status <br> Yep Re: does it <br> believe me <br> goodmorning <br> hello <br> hey trust me <br> hi read it immediatelly <br> illegal... <br> important <br> info <br> its me <br> last chance!<br> lol <br> moin <br> notice! <br> notification denied! <br> private <br> question <br> report <br> something for you <br> stolen <br> warning fake?<br> what''s up <br> you?<br> <br> <br> [메일 내용] <br> <br> 현재 까지 알려진 것중 다음에서 선택 된다.<br> <br> *lol* <br> ;-) <br> <...> <br> <09580985869gj> <br> Antispam is turned off. See file! <br> Authentification required. Read the att... <br> File is bad. <br> File is damaged. <br> File is self-decryting. <br> I''ve found your bill! <br> I don''t know your document!<br> I have your password! <br> I wait for an answer! <br> Instant patches. <br> Login required! Read the attachment! <br> Microsoft <br> Transaction failed. Show the doc! <br> You are infected. Read the details! <br> Your bill. <br> Your provider will be disabled! <br> a crazy doc about you <br> abuse? <br> account? <br> already? <br> another pic, have fun! ... :-> <br> are you a photographer? <br> are you a teacherin the picture? <br> are you cranky? <br> are you the naked one? <br> are you the naked person! <br> are you the one? <br> attachi# <br> be mad? <br> best? <br> bob the builder <br> child or adult? <br> child porn? <br> classroom test of you? <br> copyright? <br> correct it! <br> did you ask me for that? <br> did you know from this document? <br> did you know that? <br> did you see her already? <br> did you sent it to me? <br> do not give up! <br> do not open the attachment! <br> do not show this anyone! <br> do not use my document! <br> do not visit the pages on the list I se... <br> do you have an orgasm in the picture? <br> do you have sex in the picture? <br> do you have the bug also? <br> do you have? <br> do you know the thief? <br> do you know this???? <br> do you think so? <br> doc about me? <br> doc? <br> docs? <br> does it belong to you? <br> does it belong to you? <br> does it match? <br> does it matter? <br> drugs? ... <br> excellent! <br> explain! <br> fast food... <br> feel free to use it. <br> forgotten? <br> from the chatter (my photo!) <br> from your lover ;-) <br> gonna? <br> good work! <br> great job! <br> great xxx! <br> great! <br> greetings <br> help attached <br> her. <br> here is it. <br> here is my advice. <br> here is my photo! <br> here is the $%%454$ <br> here is the <censored> <br> here is the document. <br> here is the next one! <br> here is yours! <br> here, the cheats <br> here, the introduction <br> here, the serials <br> how? <br> i am desperate <br> i am speachless about your document! <br> i don''t think so. <br> i don''t want your xxx pics! <br> i found that about you! <br> i found this document about you. <br> i have received this. <br> i hope thats not true! <br> i know your document! <br> i like your doc! <br> i lost that <br> i need you! <br> i saw you last week! <br> i wait for your comment about it. <br> i want more... <br> i''ve found it about you <br> illegal st. of you? <br> important? <br> in your mind? <br> incest? <br> information about you? <br> instruct me about this! <br> is that criminal? <br> is that possible? <br> is that the reality? <br> is that true? <br> is that your TAN? <br> is that your account? <br> is that your account? <br> is that your attachment? <br> is that your beast? <br> is that your car? <br> is that your car? <br> is that your cd? <br> is that your creditcard? <br> is that your domain? <br> is that your family? <br> is that your finger? <br> is that your message? <br> is that your name? <br> is that your photo? <br> is that your porn pic? <br> is that your privacy? <br> is that your slip? <br> is that your website? <br> is that your wife? <br> is that your work? <br> is that yours? <br> is the pic a fake? <br> is this information about you? <br> it''s a secret! <br> it''s so similar as yours! <br> its private from me <br> kill him on the picture!<br> kill the writer of this document! <br> let it! <br> lets talk about it! <br> love letter? <br> man or women? <br> meaning of that? <br> message? <br> misc. and so on. see you! <br> modifications? <br> money? <br> msg <br> my advice.... <br> never! <br> new patch is available! <br> ok... <br> old photos about you? <br> only encrypted! <br> pages? <br> personal message! <br> picture? <br> poor quality!<br> possible? <br> pretty pic about you? <br> pwd? <br> read it immediately! <br> read the details. <br> really? <br> reply <br> schoolfriend? <br> see this! <br> see your name!<br> solve the problem!<br> something about you! <br> something is going ... <br> something is going wrong! <br> something is not ok <br> stuff about you? <br> such as yours? <br> take it easy! <br> tell me more about your document! <br> test it <br> that is interesting... <br> that''s a funny text. <br> that''s not the truth? <br> thats wrong! <br> the information is wrong! <br> the truth? <br> this file is bad! <br> this is an attachment message! <br> this is nothing for kids! <br> time to fear? <br> trial? <br> try this patch! <br> what do you think about it? <br> what means that? <br> what still? <br> what? <br> who? <br> why should I? <br> why? <br> wrong calculation! (see the attachment!... <br> xxx ? <br> xxx about you? <br> xxx service <br> yes. <br> you are a bad writer <br> you are bad <br> you are naked in this document! <br> you are sexy in this doc! <br> you cannot hide yourself! (see photo) <br> you earn money, see the attachment! <br> you feel the same. <br> you have a sexy body in the pic! <br> you have done a mistake in the document... <br> you have tried to steal! <br> you look like an ape! <br> you look like an rat? <br> you won the rk! <br> your TAN number? <br> your account is expired! <br> your are naked? <br> your attachment? verify it. <br> your body? <br> your design is not good! <br> your document is not good <br> your document is silly! <br> your eyes? <br> your face? <br> your hero in the picture? <br> your icq number? <br> your job? (I found that!) <br> your lie is going around the world! <br> your name is wrong! <br> your personal record? <br> your photo is poor <br> yours? <br> <br> <br> [첨부파일]<br> <br> 다음중에서 선택 되어 진다. 원형과 마찬가지로 확장자가 scr, pif, exe, zip 등이 붙을수 있다.<br> 그러나 zip으로 첨부된 경우에 압축을 해제 하면<br> txt, rtf, doc, htm 중간 확장자가 붙어 이중 확장자의 형태를 띈다.<br> <br> ( 예 : wife.txt.scr)<br> <br> 454543403 <br> aboutyou <br> associal <br> attach2 <br> attachment <br> auction <br> bill <br> birth <br> card <br> class_photos <br> concert <br> creditcard <br> death <br> description <br> details <br> dinner <br> disco <br> doc <br> doc_ang <br> document <br> final <br> found <br> freaky <br> friend <br> id <br> image <br> important <br> incest <br> information<br> injection <br> intimate stuff<br> jokes <br> letter <br> location <br> mail2 <br> mails <br> masturbation <br> material <br> me <br> message<br> misc <br> moonlight<br> more <br> msg <br> msg2 <br> music <br> myaunt <br> mydate <br> naked1 <br> naked2 <br> news <br> nomoney <br> note <br> nothing <br> number_phone<br> object <br> old_photos <br> part2 <br> party <br> paypal <br> pic <br> portmoney <br> poster <br> posting <br> privacy <br> product <br> ps <br> ranking<br> regards <br> regid <br> release <br> response <br> schock <br> secrets <br> sexual <br> sexy <br> shower <br> story <br> stuff <br> swimmingpool <br> talk <br> tear <br> textfile <br> topseller <br> transfer <br> trash <br> undefinied<br> unfolds <br> update <br> violence <br> visa <br> warez <br> webcam <br> website <br> wife <br> word_doc <br> worker <br> your_stuff <br> yours <br> yours <br> <br> <br> <br> <br> <br><img src="http://www.everyzone.com/info/virus_db/images/netsky_C_outlook.jpg" border="0"> <br> <br> <br> (웜이 발송한 메일의 예)<br> <br> 1. 메일 제목 do not use this creditcard!<br> <br> 본문 내용<br> <br> I have your password!<br> <br> 첨부파일 이름 <br> <br> old_photos.zip (25KB)<br> <br> <br> 2. 메일 제목 exception<br> <br> 본문 내용<br> <br> your name is wrong!<br> <br> 첨부파일 이름 <br> <br> note.zip (25KB)<br> <br> <br> 3.메일 제목 Re: does it?<br> <br> 본문 내용<br> <br> do not give up!<br> <br> 첨부파일 이름 <br> <br> wife.zip (25KB)<br> <br> <br> 4. 메일 제목 its me<br> <br> 본문 내용<br> <br> i have received this.<br> <br> 첨부파일 이름 <br> <br> unfolds.zip (25KB)<br> <br> <br> 5. 메일 제목 wrong calculation! (see the attachment!)<br> <br> 본문 내용<br> <br> your attachment? verify it.<br> <br> 첨부파일 이름 <br> <br> auction.rtf.pif<br> <br> <br> 6. 메일 제목 yes.<br> <br> 본문 내용<br> <br> illegal st. of you?<br> <br> 첨부파일 이름 <br> <br> letter.com.<br> <br> <br> [특징] <br> <br> 첨부파일은 wife.zip(25,475 bytes) 외 다수 이며, 압축을 해제 하면 워드 패드 아이콘을 하고 있다. <br> <br> <br> <br><img src="http://www.everyzone.com/info/virus_db/images/netsky_C_icon.jpg" border="0"> <br> <br> 처음 실행시에 다음과 같이 윈도우 시스템 폴더(win 2000, NT : c:\Wint\system32, win XP : c:\windows\system32)<br> 에 있는 winlogon.exe 파일 이름과 똑같은 이름으로 윈도우 폴더 (win 2000, NT : c:\Wint, win XP : c:\windows)에<br> 생성되어 마치 정상 프로그램 인 것 처럼 속인다.<br> <br> 또한, 다음처럼 레지스트를 수정하여 다음 부팅시 실행되도록 조작한다. <br> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run 항목에<br> <br> (win2000, NT의 경우) <br> ICQ Net = c:\winnt\winlogon.exe -stealth<br> <br> (WinXP의 경우) <br> ICQ Net = c:\windows\winlogon.exe -stealth<br> <br> 다음으로 .HTM, .HTML,, .TXT, .WAB 확장자를 지닌 파일에서 메일 주소를 수집하여 웜이 첨부된 메일을 발송한다<br> <br> 마지막으로 레지스트리에 Mydoom, Mimail, Bagle, 등이 생성한 값과 몇가지 레지스트리 값이 삭제 된다.<br> <br> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run 항목에<br> Taskmon <br> Explorer <br> system.<br> <br> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run 항목에 <br> Taskmon <br> Explorer <br> KasperskyAv <br> system. <br> <br> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices 항목에<br> system<br> <br> 또한 p2p 공유프로그램을 이용할때는 다음과 같은 이름으로 확산 된다.<br> <br> 1000 Sex and more.rtf.exe <br> 3D Studio Max 3dsmax.exe <br> ACDSee 9.exe <br> Adobe Photoshop 9 full.exe <br> Adobe Premiere 9.exe <br> Ahead Nero 7.exe <br> Best Matrix Screensaver.scr <br> Clone DVD 5.exe <br> Cracks & Warez Archive.exe <br> Dark Angels.pif <br> Dictionary English - France.doc.exe <br> DivX 7.0 final.exe <br> Doom 3 Beta.exe <br> E-Book Archive.rtf.exe <br> Full album.mp3.pif <br> Gimp 1.5 Full with Key.exe <br> How to hack.doc.exe <br> IE58.1 full setup.exe <br> Keygen 4 all appz.exe <br> Learn Programming.doc.exe <br> Lightwave SE Update.exe <br> MS Service Pack 5.exe <br> Magix Video Deluxe 4.exe <br> Microsoft Office 2003 Crack.exe <br> Microsoft WinXP Crack.exe <br> Norton Antivirus 2004.exe <br> Opera.exe <br> Partitionsmagic 9.0.exe <br> Porno Screensaver.scr <br> RFC Basics Full Edition.doc.exe <br> Screensaver.scr 26KB <br> Serials.txt.exe 26KB <br> Smashing the stack.rtf.exe <br> Star Office 8.exe <br> Teen Porn 16.jpg.pif <br> The Sims 3 crack.exe <br> Ulead Keygen.exe <br> Virii Sourcecode.scr <br> Visual Studio Net Crack.exe <br> Win Longhorn Beta.exe <br> WinAmp 12 full.exe <br> WinXP eBook.doc.exe <br> Windows Sourcecode.doc.exe <br> XXX hardcore pic.jpg.exe <br> <br> <br> 마지막으로 다음 ip 의 트레픽이 증가 될 수 있다.<br> <br> 145.253.2.171<br> 151.189.13.35<br> 193.141.40.42<br> 193.189.244.205<br> 193.193.144.12<br> 193.193.158.10<br> 194.25.2.129<br> 194.25.2.130<br> 194.25.2.131<br> 194.25.2.132<br> 194.25.2.133<br> 194.25.2.134<br> 195.185.185.195<br> 195.20.224.234<br> 212.185.252.136 <br> 212.185.252.73 <br> 212.185.253.70 <br> 212.44.160.8 <br> 212.7.128.162 <br> 212.7.128.165 <br> 213.191.74.19 <br> 217.5.97.137 <br> 62.155.255.16<br>

※ 예방 및 수동 조치 방법

• 본 컨텐츠에 대한 저작권은 '에브리존'에게 있으며 이에 무단 사용 및 재배포를 금지합니다.
• 본 컨텐츠에 대한 이용 문의는 '에브리존'으로 문의하여 주십시요