1. °³¿ä
o MS08-067 Ãë¾àÁ¡[1,2]À» ¾Ç¿ëÇÏ´Â ¾Ç¼ºÄڵ忡 ÀÇÇØ ±¹³» ÀϺΠÀÎÅÍ³Ý »ç¿ëÀÚ PCÀÇ ÀÎÅͳÝ
Á¢¼ÓÀå¾Ö »ç·Ê[3]°¡ ¹ß»ýÇÑ ÀÌ·¡ ÇØ´ç ¾Ç¼ºÄÚµåÀÇ º¯Á¾¿¡ °¨¿°µÈ PCÀÇ ¼ýÀÚ°¡ ±Þ°ÝÈ÷ Áõ°¡ÇØ[4]
ÁÖÀÇ°¡ ¿ä±¸µÊ
o Conficker ¶Ç´Â DownadupÀ¸·Î ¸í¸íµÈ ¾Ç¼ºÄÚµå´Â MS08-067 Ãë¾àÁ¡ ÀÌ¿Ü¿¡µµ ³×Æ®¿öÅ© °øÀ¯¿¡
´ëÇÑ ºñ¹Ð¹øÈ£ ¹«ÀÛÀ§ ´ëÀÔ °ø°Ý°ú USB¿Í °°Àº À̵¿Çü ÀúÀåÀåÄ¡¸¦ ÅëÇØ ÀüÆĵÊ
2. ¾Ç¼ºÄÚµåÀÇ ÀüÆÄ
o MS08-067 ¾÷µ¥ÀÌÆ®[1]¸¦ ¼³Ä¡ÇÏÁö ¾ÊÀº ½Ã½ºÅÛÀ» ½ºÄµÇÏ¿© ¾Ç¼ºÄڵ忡 °¨¿°½ÃÅ´
o ´Ü¼øÇÑ ºñ¹Ð¹øÈ£°¡ ¼³Á¤µÈ ³×Æ®¿öÅ© °øÀ¯¿¡ ´ëÇÑ ´ëÀÔ °ø°Ý
o À̵¿Çü ÀúÀåÀåÄ¡ÀÇ ÀÚµ¿ ½ÇÇà(Autorun)À» ÅëÇØ ÀüÆÄ
3. ¾Ç¼ºÄÚµå ÇÇÇØ Áõ»ó
o ÀÓÀÇÀÇ IP·Î °úµµÇÑ ½ºÄµ ÆÐŶÀ» ¹ß»ý½ÃÄÑ HTTP, FTPµî TCP ±â¹ÝÀÇ Åë½Å Àå¾Ö À¯¹ß
o ƯÁ¤ ¹®ÀÚ¿ÀÌ Æ÷ÇÔµÈ µµ¸ÞÀε鿡 ´ëÇÑ DNS ¿äûÀ» ¸ð´ÏÅ͸µÇÏ¿© ÇØ´ç µµ¸ÞÀε鿡 ´ëÇÑ ¾×¼¼½º Â÷´Ü
4. Á¶Ä¡ ¹æ¹ý
o ¾Ç¼ºÄÚµå Ä¡·á Àü¿ë¹é½Å ÀÌ¿ë
- ¾Èö¼ö¿¬±¸¼Ò
http://download.ahnlab.com/vaccine/v3conficker.exe
- ÇϿ츮
http://download.hauri.net/DownSource/down/dwn_antivirus_down.html?uid=57
- F-Downadup Removal Tool
ftp://ftp.antivirus.fi/anti-virus/tools/beta/f-downadup.zip
- Symantec
http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDownadup.exe
- BitDefender
http://download.bitdefender.com/resources/files/Download/en/anti-downadup.zip
- ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® ¾Ç¼º ¼ÒÇÁÆ®¿þ¾î Á¦°Å µµ±¸(MSRT)
http://download.microsoft.com/download/4/A/A/4AA524C6-239D-47FF-860B-5B397199CBF8/windows-
kb890830-v2.6.exe
o ¼öµ¿ º¹±¸[9]
- ´Ü°è°¡ ¸¹°í º¹ÀâÇؼ ¼³Á¤ »óÀÇ ½Ç¼ö·Î ½Ã½ºÅÛ ¿À·ù¸¦ ÀÏÀ¸Å³ ¼ö ÀÖÀ¸¹Ç·Î Àü¿ë ¹é½Å »ç¿ëÀ» ±ÇÀå
- ¼öµ¿ º¹±¸°¡ ÇÊ¿äÇÑ °æ¿ì¶ó¸é [9]À» ÂüÁ¶
5. ¿¹¹æ ¹æ¹ý
o ³×Æ®¿öÅ© °ü¸®ÀÚ
- ¿î¿µ ÁßÀÎ º¸¾ÈÀåºñ¿¡¼ ŽÁö°¡ °¡´ÉÇϵµ·Ï ÃֽŠ·ê ¾÷µ¥ÀÌÆ®
- ¿ÜºÎ·ÎºÎÅÍ TCP 139, 445 Æ®·¡ÇÈÀÌ À¯ÀÔÀÌ µÇÁö ¾Êµµ·Ï Â÷´ÜÇÏ°í, ±â°ü/±â¾÷ ³»ºÎ ³×Æ®¿öÅ©¿¡¼µµ
ÀÚü °ËÅä ÈÄ ºÒÇÊ¿äÇÑ °æ¿ì Â÷´Ü
o ÀÏ¹Ý ÀÎÅÍ³Ý ÀÌ¿ëÀÚ
- MS08-067 º¸¾È¾÷µ¥ÀÌÆ®[1] ¼³Ä¡
¡Ø ÇöÀç±îÁö ³ª¿Â ¸ðµç º¸¾È¾÷µ¥ÀÌÆ® Àû¿ë ±Ç°í
¡Ø À©µµ¿ì ÀÚµ¿ ¾÷µ¥ÀÌÆ® ¼³Á¤
½ÃÀÛ ¡æ Á¦¾îÆÇ ¡æ ÀÚµ¿ ¾÷µ¥ÀÌÆ® ¡æ ÀÚµ¿(±ÇÀå) üũ ¡æ Àû¿ë ¡æ È®ÀÎ
- ºÒÇÊ¿äÇÑ ÆÄÀÏ °øÀ¯´Â Á¦°ÅÇÏ°í, ÇÊ¿äÇÏ´Ù¸é ÀûÀýÇÑ ±ÇÇÑ Á¦¾î¿Í À¯ÃßÇϱâ Èûµç ºñ¹Ð¹øÈ£¸¦ ¼³Á¤
- ÀÚµ¿ ½ÇÇà ±â´ÉÀ» »ç¿ëÇÏÁö ¾Êµµ·Ï ¼³Á¤ÇÏ¿© À̵¿½Ä µå¶óÀ̺êÀÇ ½ÇÇà ÆÄÀÏÀÌ ÀÚµ¿À¸·Î ½ÇÇàµÇ´Â °ÍÀ»
¹æÁö (¡Ø ¼³Á¤ ¹æ¹ýÀº [9]ÀÇ 24¹ø Ç׸ñÀ» ÂüÁ¶)
- °³ÀιæȺ® ¹× ¹é½Å »ç¿ëÀÇ »ýÈ°È
6. ÂüÁ¶»çÀÌÆ®
[1] http://www.microsoft.com/korea/technet/security/bulletin/MS08-067.mspx
[2] http://www.krcert.or.kr/secureNoticeView.do?num=288&seq=-1
[3] http://www.krcert.or.kr/secureNoticeView.do?num=293&seq=-1
[4] http://www.f-secure.com/weblog/archives/00001584.html
[5] http://kr.ahnlab.com/dwVaccineView.ahn?num=80&cPage=1
[6] http://company.hauri.co.kr/news/notice_view.html?news_uid=8956&cpage=1&no=120
[7] http://www.f-secure.com/weblog/archives/00001588.html
[8] http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=ko
[9] http://support.microsoft.com/kb/962007
[10] http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99
[11] http://www.bitdefender.com/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html
|
