Home | Data Center | Contact US | Login

Á¦¸ñ MS08-067 Ãë¾àÁ¡À» ÀÌ¿ëÇÑ ¾Ç¼ºÄÚµå º¯Á¾ ÇÇÇØ ÁÖÀÇ
ÀÛ¼ºÀÏ 2009-01-28 10:46:48

1. °³¿ä

o MS08-067 Ãë¾àÁ¡[1,2]À» ¾Ç¿ëÇÏ´Â ¾Ç¼ºÄڵ忡 ÀÇÇØ ±¹³» ÀϺΠÀÎÅÍ³Ý »ç¿ëÀÚ PCÀÇ ÀÎÅͳÝ
  Á¢¼ÓÀå¾Ö »ç·Ê[3]°¡ ¹ß»ýÇÑ ÀÌ·¡ ÇØ´ç ¾Ç¼ºÄÚµåÀÇ º¯Á¾¿¡ °¨¿°µÈ PCÀÇ ¼ýÀÚ°¡ ±Þ°ÝÈ÷ Áõ°¡ÇØ[4]
  ÁÖÀÇ°¡ ¿ä±¸µÊ

o Conficker ¶Ç´Â DownadupÀ¸·Î ¸í¸íµÈ ¾Ç¼ºÄÚµå´Â MS08-067 Ãë¾àÁ¡ ÀÌ¿Ü¿¡µµ ³×Æ®¿öÅ© °øÀ¯¿¡
  ´ëÇÑ ºñ¹Ð¹øÈ£ ¹«ÀÛÀ§ ´ëÀÔ °ø°Ý°ú USB¿Í °°Àº À̵¿Çü ÀúÀåÀåÄ¡¸¦ ÅëÇØ ÀüÆĵÊ

2. ¾Ç¼ºÄÚµåÀÇ ÀüÆÄ
o MS08-067 ¾÷µ¥ÀÌÆ®[1]¸¦ ¼³Ä¡ÇÏÁö ¾ÊÀº ½Ã½ºÅÛÀ» ½ºÄµÇÏ¿© ¾Ç¼ºÄڵ忡 °¨¿°½ÃÅ´
o ´Ü¼øÇÑ ºñ¹Ð¹øÈ£°¡ ¼³Á¤µÈ ³×Æ®¿öÅ© °øÀ¯¿¡ ´ëÇÑ ´ëÀÔ °ø°Ý
o À̵¿Çü ÀúÀåÀåÄ¡ÀÇ ÀÚµ¿ ½ÇÇà(Autorun)À» ÅëÇØ ÀüÆÄ

3. ¾Ç¼ºÄÚµå ÇÇÇØ Áõ»ó
o ÀÓÀÇÀÇ IP·Î °úµµÇÑ ½ºÄµ ÆÐŶÀ» ¹ß»ý½ÃÄÑ HTTP, FTPµî TCP ±â¹ÝÀÇ Åë½Å Àå¾Ö À¯¹ß
o ƯÁ¤ ¹®ÀÚ¿­ÀÌ Æ÷ÇÔµÈ µµ¸ÞÀε鿡 ´ëÇÑ DNS ¿äûÀ» ¸ð´ÏÅ͸µÇÏ¿© ÇØ´ç µµ¸ÞÀε鿡 ´ëÇÑ ¾×¼¼½º Â÷´Ü

4. Á¶Ä¡ ¹æ¹ý
o ¾Ç¼ºÄÚµå Ä¡·á Àü¿ë¹é½Å ÀÌ¿ë
- ¾Èö¼ö¿¬±¸¼Ò
  http://download.ahnlab.com/vaccine/v3conficker.exe
- ÇϿ츮
  http://download.hauri.net/DownSource/down/dwn_antivirus_down.html?uid=57
- F-Downadup Removal Tool
  ftp://ftp.antivirus.fi/anti-virus/tools/beta/f-downadup.zip
- Symantec
  http://www.symantec.com/content/en/us/global/removal_tool/threat_writeups/FixDownadup.exe
- BitDefender
  http://download.bitdefender.com/resources/files/Download/en/anti-downadup.zip
- ¸¶ÀÌÅ©·Î¼ÒÇÁÆ® ¾Ç¼º ¼ÒÇÁÆ®¿þ¾î Á¦°Å µµ±¸(MSRT)
  http://download.microsoft.com/download/4/A/A/4AA524C6-239D-47FF-860B-5B397199CBF8/windows-
  kb890830-v2.6.exe


o ¼öµ¿ º¹±¸[9]
- ´Ü°è°¡ ¸¹°í º¹ÀâÇؼ­ ¼³Á¤ »óÀÇ ½Ç¼ö·Î ½Ã½ºÅÛ ¿À·ù¸¦ ÀÏÀ¸Å³ ¼ö ÀÖÀ¸¹Ç·Î Àü¿ë ¹é½Å »ç¿ëÀ» ±ÇÀå
- ¼öµ¿ º¹±¸°¡ ÇÊ¿äÇÑ °æ¿ì¶ó¸é [9]À» ÂüÁ¶

5. ¿¹¹æ ¹æ¹ý
o ³×Æ®¿öÅ© °ü¸®ÀÚ
- ¿î¿µ ÁßÀÎ º¸¾ÈÀåºñ¿¡¼­ ŽÁö°¡ °¡´ÉÇϵµ·Ï ÃֽŠ·ê ¾÷µ¥ÀÌÆ®
- ¿ÜºÎ·ÎºÎÅÍ TCP 139, 445 Æ®·¡ÇÈÀÌ À¯ÀÔÀÌ µÇÁö ¾Êµµ·Ï Â÷´ÜÇÏ°í, ±â°ü/±â¾÷ ³»ºÎ ³×Æ®¿öÅ©¿¡¼­µµ
  ÀÚü °ËÅä ÈÄ ºÒÇÊ¿äÇÑ °æ¿ì Â÷´Ü

o ÀÏ¹Ý ÀÎÅÍ³Ý ÀÌ¿ëÀÚ
- MS08-067 º¸¾È¾÷µ¥ÀÌÆ®[1] ¼³Ä¡
  ¡Ø ÇöÀç±îÁö ³ª¿Â ¸ðµç º¸¾È¾÷µ¥ÀÌÆ® Àû¿ë ±Ç°í
  ¡Ø À©µµ¿ì ÀÚµ¿ ¾÷µ¥ÀÌÆ® ¼³Á¤
     ½ÃÀÛ ¡æ Á¦¾îÆÇ ¡æ ÀÚµ¿ ¾÷µ¥ÀÌÆ® ¡æ ÀÚµ¿(±ÇÀå) üũ ¡æ Àû¿ë ¡æ È®ÀÎ
- ºÒÇÊ¿äÇÑ ÆÄÀÏ °øÀ¯´Â Á¦°ÅÇÏ°í, ÇÊ¿äÇÏ´Ù¸é ÀûÀýÇÑ ±ÇÇÑ Á¦¾î¿Í À¯ÃßÇϱâ Èûµç ºñ¹Ð¹øÈ£¸¦ ¼³Á¤
- ÀÚµ¿ ½ÇÇà ±â´ÉÀ» »ç¿ëÇÏÁö ¾Êµµ·Ï ¼³Á¤ÇÏ¿© À̵¿½Ä µå¶óÀ̺êÀÇ ½ÇÇà ÆÄÀÏÀÌ ÀÚµ¿À¸·Î ½ÇÇàµÇ´Â °ÍÀ»
  ¹æÁö (¡Ø ¼³Á¤ ¹æ¹ýÀº [9]ÀÇ 24¹ø Ç׸ñÀ» ÂüÁ¶)
- °³ÀιæÈ­º® ¹× ¹é½Å »ç¿ëÀÇ »ýÈ°È­

6. ÂüÁ¶»çÀÌÆ®
[1] http://www.microsoft.com/korea/technet/security/bulletin/MS08-067.mspx
[2] http://www.krcert.or.kr/secureNoticeView.do?num=288&seq=-1
[3] http://www.krcert.or.kr/secureNoticeView.do?num=293&seq=-1
[4] http://www.f-secure.com/weblog/archives/00001584.html
[5] http://kr.ahnlab.com/dwVaccineView.ahn?num=80&cPage=1
[6] http://company.hauri.co.kr/news/notice_view.html?news_uid=8956&cpage=1&no=120
[7] http://www.f-secure.com/weblog/archives/00001588.html
[8] http://www.microsoft.com/downloads/details.aspx?FamilyID=ad724ae0-e72d-4f54-9ab3-75b8eb148356&DisplayLang=ko
[9] http://support.microsoft.com/kb/962007
[10] http://www.symantec.com/security_response/writeup.jsp?docid=2009-011316-0247-99
[11] http://www.bitdefender.com/VIRUS-1000462-en--Win32.Worm.Downadup.Gen.html

  [µðÁöÅе¥Àϸ®] ³Ø½ºÆ®¶óÀÎ, 9¸¸9000¿øºÎÅÍ ¼­¹öÈ£½ºÆà Çϼ¼¿ä
  [Oracle º¸¾È] 2009³â 1¿ù Oracle Critical Patch Update ±Ç°í








ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ
ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ ȸ»ç¼Ò°³ °³ÀÎÁ¤º¸Ãë±Þ¹æħ ÀÌ¿ë¾à°ü À̸ÞÀÏÁÖ¼Ò ¹«´Ü¼öÁý°ÅºÎ CONTACT US IDC ¾àµµ