PCの修理が必要ですか?
専門家に頼む
????Worm/Rbot.78808
????21/11/2005
??????
????????
?????
???????
????????????
?????????????
????????78.808 ???
MD5???????b68e656d8281c44c1c04f3a1c8ad3cf4
VDF???????6.32.00.202

 ???? ????
   • ???????????


??
   •  Kaspersky: Backdoor.Win32.Rbot.gen
   •  TrendMicro: WORM_RBOT.DAQ
   •  F-Secure: Backdoor.Win32.Rbot.gen
   •  Sophos: W32/Rbot-Fam
   •  Panda W32/Gaobot.LJN.worm
   •  VirusBuster: Worm.RBot.DAY
   •  Eset Win32/Rbot
   •  Bitdefender: Backdoor.Rbot.CPQ


????????/OS?
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


???
   • ???????????
   • ?????????
   • ??????????????
   • ???????????????

 ???? ??????????????????
   • %SYSDIR%\svchsot.exe



???????????????????

 ????? ??????????????????????????????????????????

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   • "MicroSft Personal Firewall"="svchsot.exe"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
   • "MicroSft Personal Firewall"="svchsot.exe"

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
   • "MicroSft Personal Firewall"="svchsot.exe"



???????????????????

HKLM\SOFTWARE\Microsoft\Ole
   ???
   • "EnableDCOM"=%?????%
   ????
   • "EnableDCOM"="N"

HKLM\SYSTEM\CurrentControlSet\Control\Lsa
   ???
   • "restrictanonymous"=%?????%
   ????
   • "restrictanonymous"=dword:00000001

 ???????? ???????????????????????????????????????????

?????????????????????????????
   • IPC$
   • C$
   • C$\windows\system32
   • c$\winnt\system32
   • ADMIN$\system32\
   • ADMIN$


?????????????????????????????????????

???????????????????

?????????????
   • intranet; lan; main; winpass; blank; office; control; nokia; siemens;
      compaq; dell; cisco; ibm; orainstall; sqlpassoainstall; sql; db1234;
      db1; databasepassword; data; databasepass; dbpassword; dbpass; access;
      domainpassword; domainpass; domain; hello; hell; god; sex; slut;
      bitch; fuck; exchange; backup; technical; loginpass; login; mary;
      katie; kate; george; eric; chris; ian; neil; lee; brian; susan; sue;
      sam; luke; peter; john; mike; bill; fred; joe; jen; bob; qwe; zxc;
      asd; qaz; win2000; winnt; winxp; win2k; win98; windows; oeminstall;
      oemuser; oem; user; homeuser; home; accounting; accounts; internet;
      www; web; outlook; mail; qwerty; null; server; system; changeme;
      linux; unix; demo; none; test; 2004; 2003; 2002; 2001; 2000;
      1234567890; 123456789; 12345678; 1234567; 123456; 12345; 1234; 123;
      007; pwd; pass; pass1234; passwd; password; password1; adm; db2;
      oracle; dba; database; default; guest; wwwadmin; teacher; student;
      owner; computer; staff; admins; administrat; administrateur;
      administrador; administrator



???????(Exploit)
??????????(Exploit)???????
– MS03-026 (RPC ????????????? ??????????????????)
– MS03-039 (RPCSS ???? ????? ?????????????????? (824146))
– MS04-011 (LSASS????)


IP??????
?????IP????????????????2??8????????????????????????????


??????
????????????????????????????????????TFTP?FTP?????????????


???????
????????????????????????????????????????NetScheduleJobAdd?????????

 IRC ?????????????????????????????????IRC??????????

??? unixguy.hack**********
???? 8877
????????? guy
????? #LLiFee#
?????? USA| %6??????????%
????? guy



 ???????????????????????????
    • ??????????
    • ????????????????
    • CPU??
    • ???????????
     ???????
    • ????????
    • ?????
    • ?????????????
    • ???????????????
    • ??????
    • ??????????
    • ???????
    • ??????OS???????


 ????????????????????????
     DDoS ICMP flood ?????????
     DDoS SYN flood ?????????
    • DDoS TCP flood ?????????
     DDoS UDP flood ?????????
    • DCOM??????
    • ???????????????
    • ???????????
    • DCOM??????
    • ???????????????
    • ??????
    • ???????????
    • ??????????
    • DDoS???????
     ??????????????
    • ??????????
     ???????
    • ???????
    • ??????
     ???????
     ?????????
    • ??????????
    • ?????????
     ???????????????
    • ?????????????
     ?????????????

 ?? ??????????????
– ?????????ID

???CD???
   • Battlefield 1942; Battlefield 1942 (Road To Rome); Battlefield 1942
      (Secret Weapons of WWII); Battlefield Vietnam; Black and White;
      Command & Conquer Generals; Command and Conquer: Generals (Zero Hour);
      Command and Conquer: Red Alert 2; Command and Conquer: Tiberian Sun;
      Counter-Strike (Retail); Chrome; FIFA 2002; FIFA 2003; Freedom Force;
      Global Operations; Gunman Chronicles; Half-Life; Hidden & Dangerous 2;
      IGI 2: Covert Strike; Industry Giant 2; James Bond 007: Nightfire;
      Legends of Might and Magic; Medal of Honor: Allied Assault; Medal of
      Honor: Allied Assault: Breakthrough; Medal of Honor: Allied Assault:
      Spearhead; Nascar Racing 2002; Nascar Racing 2003; Need For Speed Hot
      Pursuit 2; Need For Speed: Underground; Neverwinter Nights;
      Neverwinter Nights (Hordes of the Underdark); Neverwinter Nights
      (Shadows of Undrentide); NHL 2003; NHL 2002; NOX; Rainbow Six III
      RavenShield; Shogun: Total War: Warlord Edition; Soldier of Fortune II
      - Double Helix; Soldiers Of Anarchy; The Gladiators; Unreal Tournament
      2003; Unreal Tournament 2004

????????????????????????????????
   • :.login; :,login; :!login; :@login; :$login; :%login; :^login;
      :*login; :-login; :+login; :/login; :\login; :=login; :?login;
      :'login; :`login; :~login; : login; :.auth; :,auth; :!auth; :@auth;
      :$auth; :%auth; :^auth; :&auth; :*auth; :-auth; :+auth; :/auth;
      :\auth; :=auth; :?auth; :'auth; :`auth; :~auth; : auth; :.id; :,id;
      :!id; :@id; :$id; :%id; :^id; :&id; :*id; :-id; :+id; :/id; :\id;
      :=id; :?id; :'id; :`id; :~id; : id; :.hashin; :!hashin; :$hashin;
      :%hashin; :.secure; :!secure; :.l; :!l; :$l; :%l; :.x; :!x; :$x; :%x;
      :.syn; :!syn; :$syn; :%syn

???????????URL??????????????????????????
   • paypal.com
   • PAYPAL.com

 ???????
     ????
     ??????

 ??? Mutex(??????)
???Mutex(??????????????
   • BoT

 ??????? ???????:
?????????????MS Visual C++?????????


??????????
??????????????????????????????????????????????????

説明の挿入者 Irina Boldea の 2006年4月6日木曜日
説明の更新者 Irina Boldea の 2006年4月19日水曜日

戻る . . . .
https:// このウィンドウは暗号化されています。