지난주 악성코드 유포사이트 7곳

1. 사이트

한국 E 스포츠 협회 : http://www.e-sports.or.kr
대명 리조트 : http://www.daemyungresort.com/asp/main.asp
프루나 : http://www.pruna.com
CJ 엔터테인먼트 : http://www.cjent.co.kr
KBS : http://sso.kbs.co.kr
조아라 : http://www.joara.com/main.html
주전자 닷컴 : http://zuzunza.joins.com

2. 유포 사이트

1. 한국 E 스포츠 협회
http://211.218.126.144/css/top.asp ~> 서버 죽음! (V3 : JS/Downloader 추가 : 2010.04.23.02)
http://61.100.7.171/css/lib.asp ~> 서버 죽음!  (V3 : JS/Downloader 추가 : 2010.04.23.02)

 2. 대명 리조트
http://61.100.7.171/css/lib.asp ~> 서버 죽음!
(V3 : JS/Downloader 추가 : 2010.04.23.02)

3. 프루나
http://ac.gemmir.com/t/time.js ~> 서버 죽음!
http://ac.gemmir.com/t/time.asp ~> 서버 죽음!(V3 : JS/Agent 추가 : 2010.04.19.02)

4. CJ 엔터테인먼트
http://61.100.7.171/css/lib.asp ~> 서버 죽음! (V3 : JS/Downloader 추가 : 2010.04.23.02)

5. KBS
http://202.133.245.100/exam.asp ~> 서버 죽음! (V3 : 분석중)

6. 조아라
http://www.gamejil.com/data/css.htm ~> 서버 살아있음! (V3 : 분석중)

7. 주전자 닷컴
http://211.234.118.207/main.html ~> 서버 살아있음 (V3 : 분석중)
http://211.234.118.207/rl.jpg ~> 서버 살아있음 (V3 : 분석중)
http://211.234.118.207/ytl.jpg ~> 서버 살아있음 (V3 : 분석중)
http://211.234.118.207/yt1.jpg ~> 서버 살아있음 (V3 : 분석중)

최종파일 :
top.asp , lib.asp : http://61.100.1.93/css/isa.exe ~> 서버 살아있음 !
(V3 : Win-Trojan/Pincav.54784.U(추가 : 2010.05.01.00)

time.asp : http://www.robot114.com/cafe/help/box.exe ~> 서버 죽음 !  (V3 : Win-Trojan/Magania.53248.AA(추가 : 2010.05.07.07)

exam.asp : http://211.76.154.8/vipasp/logo/57.exe ~> 서버 살아있음 !   (V3 : Win-Trojan/Pincav.53248.AZ 추가 : 2010.05.09.00)

css.htm : http://www.gamejil.com/data/data.exe ~> 서버 살아있음 !
                                                          (V3 : 분석중) : XOR 변형이 필요합니다!

main.html ~> yt1.jpg  http://junggomania.nefficient.co.kr/test.exe ~> 서버 살아있음 ! (V3 : 분석중) 

[바이러스 토탈] 

검사 파일: isa.exe 전송 시각: 2010.05.10 00:46:48 (UTC)
안티바이러스	엔진 버전	정의 날짜	검사 결과
a-squared	4.5.0.50	2010.05.09	Trojan.Peed!IK
AhnLab-V3	2010.05.09.00	2010.05.08	Win-Trojan/Pincav.54784.U
AntiVir	8.2.1.236	2010.05.09	TR/Crypt.ZPACK.Gen
Antiy-AVL	2.0.3.7	2010.05.07	Trojan/Win32.Pincav.gen
Authentium	5.2.0.5	2010.05.09	-
Avast	4.8.1351.0	2010.05.09	Win32:Malware-gen
Avast5	5.0.332.0	2010.05.09	Win32:Malware-gen
AVG	9.0.0.787	2010.05.09	Generic17.BKEJ
BitDefender	7.2	2010.05.10	Trojan.Peed.Gen
CAT-QuickHeal	10.00	2010.05.08	Trojan.Pincav.ywu
ClamAV	0.96.0.3-git	2010.05.09	-
Comodo	4800	2010.05.09	TrojWare.Win32.Trojan.Agent.Gen
DrWeb	5.0.2.03300	2010.05.10	Trojan.Siggen1.24430
eSafe	7.0.17.0	2010.05.09	Win32.PWS.Mmorpg
eTrust-Vet	35.2.7474	2010.05.07	-
F-Prot	4.5.1.85	2010.05.09	-
F-Secure	9.0.15370.0	2010.05.10	Trojan.Peed.Gen
Fortinet	4.1.133.0	2010.05.09	W32/Pincav.YWU!tr
GData	21	2010.05.10	Trojan.Peed.Gen
Ikarus	T3.1.1.84.0	2010.05.10	Trojan.Peed
Jiangmin	13.0.900	2010.05.09	Trojan/Pincav.eta
Kaspersky	7.0.0.125	2010.05.09	Trojan.Win32.Pincav.ywu
McAfee	5.400.0.1158	2010.05.09	PWS-Mmorpg!oq
McAfee-GW-Edition	2010.1	2010.05.09	Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft	1.5703	2010.05.09	Trojan:Win32/Malagent
NOD32	5099	2010.05.10	Win32/PSW.Gamania.NCP
Norman	6.04.12	2010.05.09	-
nProtect	2010-05-09.01	2010.05.09	Trojan.Peed.Gen
Panda	10.0.2.7	2010.05.09	Generic Trojan
PCTools	7.0.3.5	2010.05.07	-
Prevx	3.0	2010.05.10	High Risk Cloaked Malware
Rising	22.46.06.04	2010.05.09	Trojan.Win32.Generic.5202C6D7
Sophos	4.53.0	2010.05.09	Troj/Dload-HL
Sunbelt	6283	2010.05.10	Trojan.Win32.Generic!BT
Symantec	20091.2.0.41	2010.05.10	-
TheHacker	6.5.2.0.277	2010.05.10	Trojan/Pincav.ywu
TrendMicro	9.120.0.1004	2010.05.09	TSPY_MAGANIA.KI
TrendMicro-HouseCall	9.120.0.1004	2010.05.10	TSPY_MAGANIA.KI
VBA32	3.12.12.4	2010.05.06	Malware-Dropper.Win32.Inject.gen
ViRobot	2010.5.8.2306	2010.05.09	Trojan.Win32.Pincav.54784.C
VirusBuster	5.0.27.0	2010.05.09	Trojan.PWS.Gamania.BBV
추가 정보
File size: 54784 bytes
MD5...: a19b540af7132a86e866be1152256f07
SHA1..: 77715cc29b8911598f5f43bb0b17687267ea75f5
SHA256: 1d109b0ebfebc3d3c960bb7e4ef2917d64c4fef515ab031f1f15d522f0aa7fde

검사 파일: box.exe 전송 시각: 2010.05.10 00:46:56 (UTC)
안티바이러스	엔진 버전	정의 날짜	검사 결과
a-squared	4.5.0.50	2010.05.09	Trojan.Win32.Pincav!IK
AhnLab-V3	2010.05.09.00	2010.05.08	Win-Trojan/Magania.53248.AA
AntiVir	8.2.1.236	2010.05.09	TR/Crypt.ZPACK.Gen
Antiy-AVL	2.0.3.7	2010.05.07	-
Authentium	5.2.0.5	2010.05.09	-
Avast	4.8.1351.0	2010.05.09	Win32:Rootkit-gen
Avast5	5.0.332.0	2010.05.09	Win32:Rootkit-gen
AVG	9.0.0.787	2010.05.09	-
BitDefender	7.2	2010.05.10	Trojan.Peed.Gen
CAT-QuickHeal	10.00	2010.05.08	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.05.09	-
Comodo	4800	2010.05.09	TrojWare.Win32.Trojan.Agent.Gen
DrWeb	5.0.2.03300	2010.05.10	Trojan.Siggen1.28028
eSafe	7.0.17.0	2010.05.09	-
eTrust-Vet	35.2.7474	2010.05.07	-
F-Prot	4.5.1.85	2010.05.09	-
F-Secure	9.0.15370.0	2010.05.10	Trojan.Peed.Gen
Fortinet	4.1.133.0	2010.05.09	-
GData	21	2010.05.10	Trojan.Peed.Gen
Ikarus	T3.1.1.84.0	2010.05.10	Trojan.Win32.Pincav
Jiangmin	13.0.900	2010.05.09	Trojan/Pincav.ewu
Kaspersky	7.0.0.125	2010.05.09	Trojan.Win32.Pincav.zor
McAfee	5.400.0.1158	2010.05.09	PWS-Mmorpg!pa
McAfee-GW-Edition	2010.1	2010.05.09	Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft	1.5703	2010.05.09	Trojan:Win32/Malagent
NOD32	5099	2010.05.10	a variant of Win32/Kryptik.DXI
Norman	6.04.12	2010.05.09	-
nProtect	2010-05-09.01	2010.05.09	Trojan.Peed.Gen
Panda	10.0.2.7	2010.05.09	Trj/CI.A
PCTools	7.0.3.5	2010.05.07	-
Prevx	3.0	2010.05.10	High Risk Cloaked Malware
Rising	22.46.06.04	2010.05.09	Trojan.Win32.Generic.5203053E
Sophos	4.53.0	2010.05.09	Sus/UnkPack-C
Sunbelt	6283	2010.05.10	Trojan.Win32.Generic!BT
Symantec	20091.2.0.41	2010.05.10	-
TheHacker	6.5.2.0.277	2010.05.10	Trojan/Kryptik.dxi
TrendMicro	9.120.0.1004	2010.05.09	PAK_Generic.001
TrendMicro-HouseCall	9.120.0.1004	2010.05.10	-
VBA32	3.12.12.4	2010.05.06	Malware-Dropper.Win32.Inject.gen
ViRobot	2010.5.8.2306	2010.05.09	Trojan.Win32.Pincav.53248.U
VirusBuster	5.0.27.0	2010.05.09	-
추가 정보
File size: 53248 bytes
MD5...: ef0a929469019e21809bf2b3ca1a9be8
SHA1..: 6581aa9311056612a1a42de323e8b1d0478b4a96
SHA256: ad8a92588c3b10d0191cc8c6b1a7a979c9927f872756a6c5e2e39286741e80fd

검사 파일: 57.exe 전송 시각: 2010.05.10 00:47:04 (UTC)
안티바이러스	엔진 버전	정의 날짜	검사 결과
a-squared	4.5.0.50	2010.05.09	Trojan.Peed!IK
AhnLab-V3	2010.05.09.00	2010.05.08	Win-Trojan/Pincav.53248.AZ
AntiVir	8.2.1.236	2010.05.09	TR/Crypt.ZPACK.Gen
Antiy-AVL	2.0.3.7	2010.05.07	-
Authentium	5.2.0.5	2010.05.09	-
Avast	4.8.1351.0	2010.05.09	Win32:Malware-gen
Avast5	5.0.332.0	2010.05.09	Win32:Malware-gen
AVG	9.0.0.787	2010.05.09	Generic17.BVCK
BitDefender	7.2	2010.05.10	Trojan.Peed.Gen
CAT-QuickHeal	10.00	2010.05.08	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.05.09	-
Comodo	4800	2010.05.09	TrojWare.Win32.Trojan.Agent.Gen
DrWeb	5.0.2.03300	2010.05.10	-
eSafe	7.0.17.0	2010.05.09	-
eTrust-Vet	35.2.7474	2010.05.07	-
F-Prot	4.5.1.85	2010.05.09	-
F-Secure	9.0.15370.0	2010.05.10	Trojan.Peed.Gen
Fortinet	4.1.133.0	2010.05.09	-
GData	21	2010.05.10	Trojan.Peed.Gen
Ikarus	T3.1.1.84.0	2010.05.10	Trojan.Peed
Jiangmin	13.0.900	2010.05.09	Trojan/Pincav.ewu
Kaspersky	7.0.0.125	2010.05.09	Trojan.Win32.Pincav.zph
McAfee	5.400.0.1158	2010.05.09	PWS-Mmorpg!pa
McAfee-GW-Edition	2010.1	2010.05.09	Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft	1.5703	2010.05.09	Trojan:Win32/Malagent
NOD32	5099	2010.05.10	a variant of Win32/Kryptik.DXI
Norman	6.04.12	2010.05.09	-
nProtect	2010-05-09.01	2010.05.09	Trojan.Peed.Gen
Panda	10.0.2.7	2010.05.09	Trj/CI.A
PCTools	7.0.3.5	2010.05.07	-
Prevx	3.0	2010.05.10	High Risk Cloaked Malware
Rising	22.46.06.04	2010.05.09	Trojan.Win32.Generic.520303BB
Sophos	4.53.0	2010.05.09	Sus/UnkPack-C
Sunbelt	6283	2010.05.10	Trojan.Win32.Generic!BT
Symantec	20091.2.0.41	2010.05.10	-
TheHacker	6.5.2.0.277	2010.05.10	-
TrendMicro	9.120.0.1004	2010.05.09	PAK_Generic.001
TrendMicro-HouseCall	9.120.0.1004	2010.05.10	-
VBA32	3.12.12.4	2010.05.06	Malware-Dropper.Win32.Inject.gen
ViRobot	2010.5.8.2306	2010.05.09	Trojan.Win32.Pincav.53248.W
VirusBuster	5.0.27.0	2010.05.09	-
추가 정보
File size: 53248 bytes
MD5...: 03cf9da736a31756cca52595788a4396
SHA1..: 496889dcca7e74de7a936b7287dd3d60ad9d6c8d
SHA256: 675ecc107bf056e259f9585236fdbbc7e9ed3d05e9873405e571599c5f66c425

검사 파일: data.exe 전송 시각: 2010.05.10 00:49:34 (UTC)
안티바이러스	엔진 버전	정의 날짜	검사 결과
a-squared	4.5.0.50	2010.05.09	-
AhnLab-V3	2010.05.09.00	2010.05.08	-
AntiVir	8.2.1.236	2010.05.09	-
Antiy-AVL	2.0.3.7	2010.05.07	-
Authentium	5.2.0.5	2010.05.09	-
Avast	4.8.1351.0	2010.05.09	-
Avast5	5.0.332.0	2010.05.09	-
AVG	9.0.0.787	2010.05.09	-
BitDefender	7.2	2010.05.10	-
CAT-QuickHeal	10.00	2010.05.08	-
ClamAV	0.96.0.3-git	2010.05.09	-
Comodo	4800	2010.05.09	-
DrWeb	5.0.2.03300	2010.05.10	-
eSafe	7.0.17.0	2010.05.09	-
eTrust-Vet	35.2.7474	2010.05.07	-
F-Prot	4.5.1.85	2010.05.09	-
F-Secure	9.0.15370.0	2010.05.10	-
Fortinet	4.1.133.0	2010.05.09	-
GData	21	2010.05.10	-
Ikarus	T3.1.1.84.0	2010.05.10	-
Jiangmin	13.0.900	2010.05.09	-
Kaspersky	7.0.0.125	2010.05.09	-
McAfee	5.400.0.1158	2010.05.09	-
McAfee-GW-Edition	2010.1	2010.05.09	-
Microsoft	1.5703	2010.05.09	-
NOD32	5099	2010.05.10	-
Norman	6.04.12	2010.05.09	-
nProtect	2010-05-09.01	2010.05.09	-
Panda	10.0.2.7	2010.05.09	-
PCTools	7.0.3.5	2010.05.07	-
Prevx	3.0	2010.05.10	-
Rising	22.46.06.04	2010.05.09	-
Sophos	4.53.0	2010.05.09	-
Sunbelt	6283	2010.05.10	-
Symantec	20091.2.0.41	2010.05.10	-
TheHacker	6.5.2.0.277	2010.05.10	-
TrendMicro	9.120.0.1004	2010.05.09	-
TrendMicro-HouseCall	9.120.0.1004	2010.05.10	-
VBA32	3.12.12.4	2010.05.06	-
ViRobot	2010.5.8.2306	2010.05.09	-
VirusBuster	5.0.27.0	2010.05.09	-
추가 정보
File size: 20992 bytes
MD5...: 81b9fb99a58f0e41f1d6c8784dc04397
SHA1..: cd7e5e3b06bdc35e139e307eed89a9f755105997
SHA256: 9df598a6cac3057c277f27e1f02b25b11c4ca648257ab1d182f8266f15a82bf6

검사 파일: DATA.EXE_xor 전송 시각: 2010.05.10 00:50:26 (UTC)
안티바이러스	엔진 버전	정의 날짜	검사 결과
a-squared	4.5.0.50	2010.05.09	-
AhnLab-V3	2010.05.09.00	2010.05.08	ASD.Prevention
AntiVir	8.2.1.236	2010.05.09	TR/Vilsel.acwl.7
Antiy-AVL	2.0.3.7	2010.05.07	-
Authentium	5.2.0.5	2010.05.09	-
Avast	4.8.1351.0	2010.05.09	Win32:Rootkit-gen
Avast5	5.0.332.0	2010.05.09	Win32:Rootkit-gen
AVG	9.0.0.787	2010.05.09	Win32/PEPatch.BM
BitDefender	7.2	2010.05.10	Generic.Malware.FBg.E55EA39E
CAT-QuickHeal	10.00	2010.05.08	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.05.09	-
Comodo	4800	2010.05.09	TrojWare.Win32.Trojan.Agent.Gen
DrWeb	5.0.2.03300	2010.05.10	Trojan.PWS.Wsgame.origin
eSafe	7.0.17.0	2010.05.09	Suspicious File
eTrust-Vet	None	2010.05.07	-
F-Prot	4.5.1.85	2010.05.09	-
F-Secure	9.0.15370.0	2010.05.10	Generic.Malware.FBg.E55EA39E
Fortinet	4.1.133.0	2010.05.09	W32/Vilsel.ACWL!tr
GData	21	2010.05.10	Win32:Rootkit-gen
Ikarus	T3.1.1.84.0	2010.05.10	-
Jiangmin	13.0.900	2010.05.09	Trojan/Vilsel.gqc
Kaspersky	7.0.0.125	2010.05.09	Trojan.Win32.Vilsel.acwl
McAfee	5.400.0.1158	2010.05.09	Suspect-02!3EA6444D45E6
McAfee-GW-Edition	2010.1	2010.05.09	Artemis!3EA6444D45E6
Microsoft	1.5703	2010.05.09	Trojan:Win32/Meredrop
NOD32	5099	2010.05.10	probably a variant of Win32/PSW.OnLineGames.OUF
Norman	6.04.12	2010.05.09	-
nProtect	2010-05-09.01	2010.05.09	-
Panda	10.0.2.7	2010.05.09	W32/Spamta.QO.worm
PCTools	7.0.3.5	2010.05.07	-
Prevx	3.0	2010.05.10	-
Rising	22.46.06.04	2010.05.09	-
Sophos	4.53.0	2010.05.09	-
Sunbelt	6283	2010.05.10	Trojan.Win32.Generic!BT
Symantec	20091.2.0.41	2010.05.10	-
TheHacker	6.5.2.0.277	2010.05.10	-
TrendMicro	9.120.0.1004	2010.05.09	PAK_Generic.001
TrendMicro-HouseCall	9.120.0.1004	2010.05.10	-
VBA32	3.12.12.4	2010.05.06	Malware-Cryptor.Win32.Krap
ViRobot	2010.5.8.2306	2010.05.09	-
VirusBuster	5.0.27.0	2010.05.09	-
추가 정보
File size: 20992 bytes
MD5...: 3ea6444d45e625c2c03887850257a54b
SHA1..: c273744e80632b3f7133a0dca417e99c7bca9f4e
SHA256: c9481aee4d3a87634284f2af34728dab5737b71a1f518dd1aea0a282e2f3d1ef

검사 파일: test.exe 전송 시각: 2010.05.10 00:49:41 (UTC)
안티바이러스	엔진 버전	정의 날짜	검사 결과
a-squared	4.5.0.50	2010.05.09	Trojan.Peed!IK
AhnLab-V3	2010.05.09.00	2010.05.08	Malware/Win32.Heur.h4
AntiVir	8.2.1.236	2010.05.09	TR/Crypt.ZPACK.Gen
Antiy-AVL	2.0.3.7	2010.05.07	-
Authentium	5.2.0.5	2010.05.09	-
Avast	4.8.1351.0	2010.05.09	-
Avast5	5.0.332.0	2010.05.09	-
AVG	9.0.0.787	2010.05.09	-
BitDefender	7.2	2010.05.10	Trojan.Peed.Gen
CAT-QuickHeal	10.00	2010.05.08	(Suspicious) - DNAScan
ClamAV	0.96.0.3-git	2010.05.09	-
Comodo	4800	2010.05.09	-
DrWeb	5.0.2.03300	2010.05.10	Trojan.Siggen1.28134
eSafe	7.0.17.0	2010.05.09	-
eTrust-Vet	35.2.7474	2010.05.07	-
F-Prot	4.5.1.85	2010.05.09	-
F-Secure	9.0.15370.0	2010.05.10	Trojan.Peed.Gen
Fortinet	4.1.133.0	2010.05.09	-
GData	21	2010.05.10	Trojan.Peed.Gen
Ikarus	T3.1.1.84.0	2010.05.10	Trojan.Peed
Jiangmin	13.0.900	2010.05.09	-
Kaspersky	7.0.0.125	2010.05.09	Trojan.Win32.Pincav.zqo
McAfee	5.400.0.1158	2010.05.09	-
McAfee-GW-Edition	2010.1	2010.05.09	Heuristic.LooksLike.Heuristic.BehavesLike.Win32.Downloader.B
Microsoft	1.5703	2010.05.09	Trojan:Win32/Malagent
NOD32	5099	2010.05.10	a variant of Win32/Kryptik.DXI
Norman	6.04.12	2010.05.09	-
nProtect	2010-05-09.01	2010.05.09	Trojan.Peed.Gen
Panda	10.0.2.7	2010.05.09	Trj/CI.A
PCTools	7.0.3.5	2010.05.07	-
Prevx	3.0	2010.05.10	High Risk Cloaked Malware
Rising	22.46.06.04	2010.05.09	Trojan.Win32.Generic.52031ABB
Sophos	4.53.0	2010.05.09	Sus/UnkPack-C
Sunbelt	6283	2010.05.10	Trojan.Win32.Generic!BT
Symantec	20091.2.0.41	2010.05.10	-
TheHacker	6.5.2.0.277	2010.05.10	-
TrendMicro	9.120.0.1004	2010.05.09	PAK_Generic.001
TrendMicro-HouseCall	9.120.0.1004	2010.05.10	-
VBA32	3.12.12.4	2010.05.06	Malware-Dropper.Win32.Inject.gen
ViRobot	2010.5.8.2306	2010.05.09	-
VirusBuster	5.0.27.0	2010.05.09	-
추가 정보
File size: 52736 bytes
MD5...: 59fa3bd14812eeb10fb978a16d01614b
SHA1..: cd60891c7b11534c264a1378d4ac5d660b732b82
SHA256: 73e0a9a30910bb47e5c9b44964fc6b73a3f5688c54a4ef0e03020721dbafea61

 

모든샘플은 안철수연구소와 이스트 소프트에 신고합니다.

 

[안철수연구소]

1 rl.jpg ~> 분석중
2 exam.asp ~> 분석중
3 ytl.jpg ~> 분석중
4 yt1.jpg ~> 분석중
5 data.exe ~> 분석중 
6 css.htm ~> 분석중
7 time.js ~> 분석중
8 test.exe ~> 분석중
9 NACookieManage.aspx ~> 분석중
10 57.exe ~> V3 : Win-Trojan/Pincav.53248.AZ(추가 : 2010.05.09.00)
11 box.exe ~>V3 : Win-Trojan/Magania.53248.AA(추가 : 2010.05.07.07) 
12 isa.exe ~> V3 : Win-Trojan/Pincav.54784.U(추가 : 2010.05.01.00)
13 lib.asp ~> V3 : JS/Downloader(추가 : 2010.04.23.02)
14 time.asp ~> V3 : JS/Agent(추가 : 2010.04.19.02)

 [이스트 소프트]

오늘 DB에 추가 할 예정!

자세한정보 : http://cafe.naver.com/malzero/56184