본문 바로가기

security/악성코드 유포

지난주 악성코드 유포지 8곳 !!

1. 사이트 !!

레이xx 클럽 : http://www.rxxexx.co.kr
옐xx x 택배 : http://www.yelxxxxx.co.kr
피자 xx : http://www.pizzxexxxx.com
게xx젤 : http://www.gaxxxxxel.com
개xx 닷컴 : http://www.gexxmxon.com
安康x政网x迎您 : http://www.xxcx.gov.cn
브레이크 xx : http://www.breakxxxx.com
한국xxxxx연합회 : http://www.xxxwxl.or.kr 外 다수

2. 유포지 !!

[어디서 유포됐는지 모르는 곳]

2010/11/20

http://1x4.2xx.87.1x5/help.asp

[레이xx 클럽, 옐xx x 택배, 피자 xx]

2010/11/17

http://58.1xx.227.1x/F.asp
http://58.1xx.227.1x/./F2.asp 

2010/11/20

http://123.2x4.1x2.1xx/P.asp
http://123.2x4.1x2.1xx/./P1.asp

[게XX젤]

2010/11/20 ~ 2010/11/21

http://cyxxx.net/adv.htm ~> XOR 변형 필요 !!
http://cyxxx.net/K.Js 

[개xx 닷컴]

2010/11/21

http://118.2xx.181.1x9:9x99/vod.js
http://118.2xx.181.1x9:9x99/vod.asp
http://118.2xx.181.1x9:9x99/index.htm
http://114.20x.87.xx/test.htm
http://114.20x.87.xx/test.htm

[安康x政网x迎您]

2010/11/21

http://www.bjxrmxx.com/maxxgeradmin/dataxxckup/ie.htm
http://www.bjxrmxx.com/maxxgeradmin/dataxxckup/pack.exe
http://www.bjxrmxx.com/maxxgeradmin/dataxxckup/test.html

[브레이크 xx]

2010/11/21

http://www.breakxxxx.com/xxxx/tv.htm
http://www.breakxxxx.com/xxxx/tvx.html
http://www.breakxxxx.com/xxxx/tvj.html

[한국XXXXX연합회]

2010/11/07

http://www.woxxxzz.com/images/img.js
http://www.woxxxzz.com/images/kol.htm
http://www.woxxxzz.com/images/sky.html
http://www.woxxxzz.com/images/count.html

2010/11/11

http://www.xxbax.com/DicxData/img.js
http://www.xxbax.com/DicxData/kol.htm
http://www.xxbax.com/DicxData/sky.html
http://www.xxbax.com/DicxData/count.html

2010/11/20

http://www.sxmxxcaux.com/imagex/pic.js
http://www.samxxcaux.com/imagex/sos.htm
http://www.samxxcaux.com/imagex/ner.html
http://www.samxxcaux.com/imagex/count.html

2010/11/23

http://www.xuxx9.com/image/pic.js
http://www.xuxx9.com/image/ner.html
http://www.xuxx9.com/image/sos.htm
http://www.xuxx9.com/image/count.html

3. 최종파일 !!

help.asp : http://121.2xx.1x5.2xx/wxc/ad.exe

F.asp , F2.asp : http://cybexoxxhid.net/bxs/xxon/c.exe

P.asp , P1.asp : http://www.vxx.co.kr/cxxd/lib.exe

adv.htm : http://cyxxx.net/cy.exe

vod.asp : http://www.robotxxx.com/cafe/hxxx/box.exe

test.htm : http://www.robotxxx.com/cafe/xxxx/page/mam.exe

test.html : http://1x7.x.0.1/a.exe  http://www.xjsrmxx.com/maxxgeradmin/dataxxckup/scvhost.txt

tvx.html : http://128.1xx.3x.8x/w.exe

tvj.html : http://128.1xx.30.8x/s.exe

[2010/11/07]

kol.htm , sky.html : http://www.Jxcxx.com/images/s.exe

[2010/11/11]

kol.htm , sky.html : http://www.plxtixxxchina.com/images/s.exe

s.exe : http://98.1xx.64.1xx:6x688/img/img.txt 
           http://98.1xx.64.1xx:6x688/img/Advythsvlfgmf1.exe

[2010/11/20]

sos.htm , ner.html : http://www.cnxx.com.cn/images/s.exe

s.exe : http://www.xamxxcaux.com/images/count.html
           http://76.7x.8x.2:6xx88/img/YkaposdYals1.exe

[2010/11/23]

ner.html , sos.htm : http://www.uxxxn.cn/images/s.exe

s.exe : http://76.7x.8x.3:616xx/img/img.txt
           http://76.7x.8x.3:616xx/img/SkaposKdyals1.exe

4. 샘플 진단 현황 !! 

 [안철수연구소]

1. ner.html ~> 악성
2. sos.htm ~> 악성
3. pic.js ~> 악성
4. P.asp ~> 악성
5. P1.asp ~> V3 : JS/Downloader(추가 : 2010.11.22.04)
6. lib.exe ~> V3 : Win-Trojan/Injector.103437(추가 : 2010.11.22.04)
7. cy.exe_Kwan ~> V3 : Win-Trojan/Vilsel.106496.G(추가 : 2010.11.22.02)
8. help.asp ~> V3 : JS/Downloader(추가 : 2010.11.22.02)
9. s.exe ~> V3 : Win-Trojan/Xema.variant(추가 : 2010.11.22.01)
10. YkaposdYals1.exe ~> V3 : Win-Trojan/Securisk(추가 : 2010.11.21.01)
11. ad.exe ~> V3 : Win-Trojan/Injector.55296.BD(추가 : 2010.11.21.01)
12. adv.htm ~> V3 : JS/Cve-2010-0806(추가 : 2010.11.21.01)
13. cy.exe ~> 정상
14. ie.htm ~> V3 : JS/Exploit-cve(추가 : 2010.11.22.02) 
15. tv.htm ~> V3 : JS/Agent(추가 : 2010.11.22.02) 
16. tvx.html ~> V3 : JS/Exploit-cve(추가 : 2010.11.22.02) 
17. scvhost.txt ~> V3 : Win-Trojan/Malware.153349(추가 : 2010.11.22.00) 
18. pack.exe_xor ~> V3 : Win-Trojan/Malware.153349(추가 : 2010.11.22.00) 
19. s.exe ~> V3 : Win-Trojan/Injector.55296.BE(추가 : 2010.11.21.01) 
20. mam.exe ~> V3 : Win-Trojan/Onlinegamehack.55296.BB(추가 : 2010.11.21.01)
21. box.exe ~> V3 : Win-Trojan/Onlinegamehack.55296.BB(추가 : 2010.11.21.01) 
22. w.exe ~> V3 : Win-Trojan/Injector.55296.BE(추가 : 2010.11.21.01) 
23. vod.asp ~> V3 : JS/Exploit(추가 : 2010.11.21.01) 
24. tvj.html ~> V3 : JS/Shellcode(추가 : 2010.11.18.05) 
25. test.html ~> V3 : JS/Cve-2010-3962(추가 : 2010.11.13.00) 
26. test.htm ~> V3 : HTML/Agent(추가 : 2010.11.13.00) 
27. ak.swf ~> 정상
28. vod.js ~> 정상
29. index.htm ~> 정상
30. ner.html ~ 악성
31. pic.js ~> 악성
32. sos.htm ~> 악성
33. SkaposKdyals1.exe ~> 악성
34. s.exe ~> 악성

[이스트 소프트]

모든 샘플 업데이트 추가 완료 !!!

[네이버 , 잉카인터넷]

분석 후 샘플 업데이트 반영 !!

엄청난 샘플양으로 인하여 바이러스 토탈 결과는 생략합니다~
올만에 쓸려니 많이 힘드네요 !!ㅎ