ÇØÄ¿Áî´º½º / ÇØÄ¿´ëÇÐ

Donation bitcoin(±âºÎ¿ë ºñÆ®ÄÚÀÎ ÁÖ¼Ò)
¡¡
1Pq3K39XM5xx4CifGKgppXeavtWNNHH7K4
¡¡
±âºÎÇϽŠºñÆ®ÄÚÀÎÀº "º¸¾È Ãë¾à °èÃþ"À» À§ÇØ »ç¿ëµÇ°í ÀÖ½À´Ï´Ù.
¡¡
¡¡

Donation bitcoin(±âºÎ¿ë ºñÆ®ÄÚÀÎ ÁÖ¼Ò)
¡¡
1Pq3K39XM5xx4CifGKgppXeavtWNNHH7K4
¡¡
±âºÎÇϽŠºñÆ®ÄÚÀÎÀº "º¸¾È Ãë¾à °èÃþ"À» À§ÇØ »ç¿ëµÇ°í ÀÖ½À´Ï´Ù.
¡¡

°øÁö
¡¡

1. MS ¿§Áö ºê¶ó¿ìÀú¿¡¼­ÀÇ °æ°íâÀº 'À©µµ¿ì µðÆæ´õ'¸¦ ²ô½Ã¸é µË´Ï´Ù.

             'À©µµ¿ì µðÆæ´õ ²ô±â'

2. Å©·Ò ºê¶ó¿ìÀú·Î Á¢¼Ó½Ã ³ª¿À´Â ¾Ç¼ºÄÚµå °æ°íâÀº ±¸±Û Å©·ÒÀÇ ¿¡·¯, Áï ¿ÀŽ(ŽÁö ¿À·ù)À̹ǷΠ¹«½ÃÇÏ½Ã¸é µË´Ï´Ù.

3. ÀÌ »çÀÌÆ®´Â ¾ÈÀüÇÏ¸ç ±ú²ýÇÏ´Ù´Â °ÍÀ» ¾Ë·Á µå¸³´Ï´Ù.

4. ¹«°íÇÑ »çÀÌÆ®µé¿¡ ´ëÇÑ °ø·æ ±â¾÷ ºê¶ó¿ìÀúµéÀÇ ¹«Â÷º°ÀûÀÎ 'ŽÁö ¿À·ù ȾÆ÷'°¡ »ç¿ëÀÚµéÀÇ Á¤º¸ °øÀ¯ÀÇ ÀÚÀ¯¸¦ ħÇØÇÏ°í ÀÖ½À´Ï´Ù. ÀÌ¿¡ ´ëÀÀÇÏ¿© ÀÌ ±â¾÷µéÀ» »ó´ë·Î ¼Ò¼ÛÀ» ÁغñÇÏ°í ÀÖ½À´Ï´Ù.

¡¡


ÇØÄ¿Áî´º½º Á¦°ø ¹ÙÀÌ·¯½º °æº¸
¸íĪ: Linux.Amnesiark
¹ß·ÉÀϽÃ: 2017.04.10
À¯Çü: Æ®·ÎÀÌ
À§Çèµµ: ÇÏ
ÇØ´ç½Ã½ºÅÛ: ¸®´ª½º
ÁÖ¿äÁõ»ó: ¹éµµ¾î ¿ÀÇÂ
2017/4/10(¿ù)
Linux.Amnesiark  
¸íĪ : Linux.Amnesiark
¹ß·ÉÀϽà : 4¿ù10ÀÏ
À¯Çü : Æ®·ÎÀÌ
À§Çèµµ : ¡Ú¡Ù¡Ù¡Ù¡Ù
ÇØ´ç½Ã½ºÅÛ : ¸®´ª½º
ÁÖ¿äÁõ»ó : ¹éµµ¾î ¿ÀÇÂ
Type: Trojan
Systems Affected: Linux
CVE References: CVE-2014-6271

Linux.Amnesiark is a Trojan horse that opens a back door on the compromised computer

=====

This Trojan may arrive through exploitation of the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271) and other remotely exploitable vulnerabilities.

When executed, the Trojan creates the following files:
/tmp/.radioactive
/tmp/plump
/etc/init.d/radioactive
/etc/cron.daily/radioactive

The Trojan then attempts to end the following processes:
ddoscc.sys
cocks.sh
.lizardsquad1
lightaidra
kaiten
jackmymipsel
jackmymips
jackmysh4
jackmyx86
jackmyarmv6
jackmyi686
jackmypowerpc
jackmyi586
jackmym86k
jackmysparc
telarmv6
teli586
teli686
telmips
telmipsel
telpowerpc
telsh4
telx86

The Trojan opens a back door to the following location, allowing an attacker access to the compromised computer:
188.209.52.40

The Trojan may then be commanded to spread itself to another computer using the GNU Bash Remote Code Execution Vulnerability (CVE-2014-6271)..
¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ

Copyright¨Ï2000-2017 All rights reserved

         ÇØÄ¿Áî´º½º / ÇØÄ¿´ëÇÐ

¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ¢Æ

                    ´äº¯/°ü·Ã ¾²±â Æû¸ÞÀÏ ¹ß¼Û
NoI¢ÆN¢ÆD¢ÆE¢ÆXDate
2060   Trojan.Lodarat 2017/04/25
2059   Trojan.Spanderditz 2017/04/18
2058   Linux.Amnesiark 2017/04/10
2057   SONAR.MSOffice!g7 2017/04/03
2056   Trojan.Cadanif 2017/03/27
2055   W32.Golroted!gen4 2017/03/20
2054   Exp.CVE-2017-2982 2017/03/14
2053   W32.Disttrack.C 2017/03/08

 
óÀ½ ÀÌÀü ´ÙÀ½       ¸ñ·Ï