| Ãë¾àÁ¡ID |
24065 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
707 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
BackDoor |
| »ó¼¼¼³¸í |
ÇØ´ç Windows ½Ã½ºÅÛÀº Welchia (W32.Welchia.Worm) ¿ú¿¡ °¨¿°µÈ °ÍÀ¸·Î º¸ÀδÙ.
Welchia ¿úÀº 2003³â 7¿ù 16ÀÏÀÚ·Î °ø½ÃµÈ "Buffer Overrun In RPC Interface Could Allow Code Execution"¶ó´Â Á¦¸ñÀÇ Microsoft º¸¾È °Ô½ÃÆÇ MS03-026¿¡ ¼³¸íµÇ¾î ÀÖ´Â Ãë¾àÁ¡À» µµ¿ëÇÔÀ¸·Î½á ÀüÆĵȴÙ. ÀÌ ¿úÀº ¶ÇÇÑ TCP 80 Æ÷Æ®¸¦ ÀÌ¿ëÇÏ¿© Microsoft º¸¾È °Ô½ÃÆÇ MS03-007¿¡ ¼³¸íµÈ WebDav Ãë¾àÁ¡¿¡ ´ëÇÑ ¹öÆÛ ¿À¹öÇ÷οì Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© ÀüÆĸ¦ ½ÃµµÇϱ⵵ ÇÑ´Ù.
W32.Welchia.WormÀº ´ÙÀ½°ú °°Àº ÇàÀ§µéÀ» ÇÑ´Ù:
- ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® Windows Update À¥ »çÀÌÆ®¿¡¼ DCOM RPC ÆÐÄ¡¸¦ ´Ù¿î·ÎµåÇÏ¿© ¼³Ä¡ÇÑ´Ù. ±×·± ´ÙÀ½ ÄÄÇ»Å͸¦ ¸®ºÎÆýÃŲ´Ù.
- ICMP echo ¿äû(ȤÀº PING)À» º¸³¿À¸·Î½á °¨¿°½Ãų »ì¾ÆÀÖ´Â ½Ã½ºÅÛµéÀ» ã´Â´Ù. °á°úÀûÀ¸·Î ÀÌ´Â ICMP Æ®·¡ÇÈÀ» Áõ°¡½ÃŲ´Ù.
- W32.Blaster.WormÀÇ Á¦°Å¸¦ ½ÃµµÇÑ´Ù.
- ¸ðµç °¨¿°µÈ ½Ã½ºÅÛµé »ó¿¡ TFTP ¼¹ö¸¦ ¼³Ä¡ÇÑ´Ù.
- ¸í·ÉÀ» ¹Þ¾ÆµéÀ̱â À§ÇØ 707/tcp Æ÷Æ®»ó¿¡ °ø°ÝÇÏ´Â ÄÄÇ»ÅÍ·ÎÀÇ ÀçÁ¢¼ÓÀ» À§ÇØ Ãë¾àÇÑ È£½ºÆ®»ó¿¡ Remote ShellÀ» »ý¼ºÇØ ³õ´Â´Ù.
* Âü°í »çÀÌÆ®:
http://www3.ca.com/solutions/collateral.asp?CT=27081&CID=49258
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_MSBLAST.D
http://www.sophos.com/virusinfo/analyses/w32nachia.html
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.html
http://home.ahnlab.com/smart2u/virus_detail_1206.html
http://xforce.iss.net/xforce/alerts/id/150
http://www.cert.org/advisories/CA-2003-19.html
http://www.microsoft.com/technet/security/bulletin/MS03-026.asp
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Microsoft Windows Any version |
| ÇØ°áÃ¥ |
¹é½Å ÇÁ·Î±×·¥ (¾ÈƼ¹ÙÀÌ·¯½º ÇÁ·Î±×·¥)À» ÀÌ¿ëÇÏ¿© °¨¿°µÈ ÄÄÇ»ÅͷκÎÅÍ ¹ÙÀÌ·¯½ºµéÀ» Á¦°ÅÇÏ¿©¾ß ÇÑ´Ù. ¸¸¾à ¾ÈƼ¹ÙÀÌ·¯½º ÇÁ·Î±×·¥ÀÌ ¼³Ä¡µÇ¾î ÀÖÁö ¾Ê´Ù¸é ´ÙÀ½ ¹«·á ¿ú Á¦°Å±â ÁßÀÇ Çϳª¸¦ ´Ù¿î·ÎµåÇÏ¿© ¼³Ä¡ÇÑ´Ù:
1. Trend Micro Internet Security:
http://downloadcenter.trendmicro.com/index.php?regs=NABU&clk=latest&clkval=280&lang_loc=1
2. Comodo BOClean 4.02: http://www.comodo.com/home/internet-security/anti-malware.php
3. Symantec DCOM Cleaner:
http://securityresponse.symantec.com/avcenter/venc/data/w32.welchia.worm.removal.tool.html
4. SOPHOS W32/Nachi-A Cleaner: http://www.sophos.com/support/disinfection/nachia.html
-- ±×¸®°í --
´ÙÀ½ ¸¶ÀÌÅ©·Î¼ÒÇÁÆ®ÀÇ º¸¾È °Ô½ÃÆÇ MS03-026¸¦ ÂüÁ¶ÇÏ¿© ½Ã½ºÅÛ¿¡ ÀûÀýÇÑ ÆÐÄ¡¸¦ Àû¿ëÇÏ¿©¾ß ÇÑ´Ù:
http://www.microsoft.com/technet/security/bulletin/ms03-026.asp
±×¸®°í IIS À¥ ¼¹ö°¡ ½Ã½ºÅÛ »ó¿¡ °¡µ¿µÇ°í ÀÖ°í ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® º¸¾È °Ô½Ã¹° MS03-007¿¡ ¼³¸íµÈ WebDav Ãë¾àÁ¡¿¡ ´ëÇÑ ÆÐÄ¡°¡ Àû¿ëµÇÁö ¾Ê¾Ò´Ù¸é ´ÙÀ½ »çÀÌÆ®¿¡¼ ½Ã½ºÅÛ¿¡ ÀûÀýÇÑ ÆÐÄ¡¸¦ Àû¿ëÇÏ¿©¾ß ÇÑ´Ù:
http://www.microsoft.com/technet/security/bulletin/ms03-007.asp |
| °ü·Ã URL |
CVE-2003-0109,CVE-2003-0352 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
