|
Ŀ´Ƽ
|
|
Ŀ´Ƽ õԽù
| õ | ֱٴ۴ | ()
Ŀ´Ƽ õԽù
| õ | ֱٴ۴ | ()
Ŀ´Ƽ õԽù
| õ | ֱٴ۴ | ()
Ŀ´Ƽ õԽù
| õ | ֱٴ۴ | ()
|
|
|
|
|
 |
|
Ƹ Storm ֽϱ? Ƹ ֿϴ ̶ 찡 κԴϴ. ַ ߿ / ѱ ȯ濡 ũ ָ Ͽϴ.
ؼ Ұ 帳ϴ. Storm 1 ߰ߵ ˷ , ַ ʿ Ǿϴ. Ư, Storm "230 dead as storm batters europe" ߿ Ÿ , Ǿϴ. 2 ߷Ÿ ̿ ؼ, ֱ 3 3 ҽ ѹ İ Ǿϴ.
´ ϴ.
Worm Detected!
Virus Detected!ected!
Virus Activity Detected!
ATTN!
Spyware Alert!
Spyware Detected!
Warning!
Trojan Alert!
Trojan Detected!
Worm Activity Detected!
Virus Alert!
From: Customer Support
Dear Customer,
Our robot has detected an abnormal activity from your IP address on sending e-mails.
Probably it is connected with the last epidemic of a worm which does not have official patches at the moment. We recommend you to install this patch to remove worm files and stop email sending, otherwise your account will be blocked. We had archived the patch because the worm can modify unpacked exe files. You should open the archive file, enter the password and run the patch immediately.
Password: {Random}
Customer Support Center Robot.
Attachment: Patch-{Random}.zip
÷
2 ÷ ϰ ֽϴ. ϳ Ϲ (*.gif)̰ ϳ йȣ zip Դϴ. ̸ ϴ.
patch-[RANDOM 4 DIGITS].zip
removal-[5 RANDOM DIGITS].zip
hotfix-[5 RANDOM DIGITS].zip
bugfix-[5 RANDOM DIGITS].zip
Stom Ӱ ٷ йȣ ȣϴ zip Դϴ. ÷ йȣ ڿ ڷ ϰ յ˴ϴ. , ̸Ͽ йȣ ԵǾ ־ ֽϴ.
zip Ͽ йȣ ־ ϸ, Storm PC ġϰ ̷ ijʷκ ڽ ȣϱ ƮŶ ̿Ͽ ϴ. ƮŶ Ǵ ǥ wincom32.sys̰ ƮŶ Ž α ã ֽϴ.
ƮŶ
SSDT
ZwEnumerateKey
C:\WINDOWS\system32\wincom32.sys
SSDT
ZwEnumerateValueKey
C:\WINDOWS\system32\wincom32.sys
SSDT
ZwQueryDirectoryFile
C:\WINDOWS\system32\wincom32.sys
IRP
\Driver\Tcpip->IRP_MJ_DEVICE_CONTROL
\\??\C:\WINDOWS\system32\wincom32.sys
|
|
3
|
[4] ٸ
|
̶ õּ.
α ʾƵ õ Ͻ ֽϴ. |
|
|
|
|
|
| Խù |
|
 |
|
| õȳ |
Խù õ ֽϴ.õ 5 ̸̻ ο Խù ɾ 帳ϴ.
Ʈ ̺Ʈ Ͻþ ǰ ư ֽϴ.
Ʈȳ ۼ : 20, õŬ : 2, õ 2, ۼ : 4 (2008.12.29Ϻ) |
|
|
|
|
|
|
