Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
*
HanIRCÀÇ #coffeenix ¹æ
[
Àåºñ ¹× ȸ¼± ÈÄ¿ø
]
> Forum <
IT ÀÏÁ¤
N
e
w
!
ÀÚµ¿È ÇÁ·ÎÁ§Æ®
HOME
>
³×Æ®¿öÅ©(network)
>
¸ÞÀÏ ¼¹ö(mail)
>
¸ÞÀÏ ÇÊÅ͸µ(½ºÆÔ¸ÞÀÏ) / procmail
µµ¿ò¸»
°Ë»ö :
»çÀÌÆ®
WHOIS
À¥¼¹ö Á¾·ù
procmailÀ» ÀÌ¿ëÇؼ ³Ý½ºÄ«ÀÌ ¿ú(NetSky Worm) ÇÊÅ͸µ
ÀÛ¼ºÀÏ : 2004/08/12 19:49
±Û¾´ÀÌ : ÁÁÀºÁøÈ£ (
http://coffeenix.net/
)
Á¶È¸¼ö : 6867
[
ÀÌÀüȸé
/
¼öÁ¤
] ºñ¹Ð¹øÈ£ :
Á¦ ¸ñ : procmailÀ» ÀÌ¿ëÇؼ ³Ý½ºÄ«ÀÌ ¿ú(NetSky Worm) ÇÊÅ͸µ
ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel,
http://coffeenix.net/
)
ÀÛ¼ºÀÏ : 2004.08.12
¿©·¯Á¾ÀÇ ³Ý½ºÄ«ÀÌ ¿ú(NetSky Worm)ÀÌ ±â½ÂÀ» ºÎ¸®°í Àִµ¥, ÇÊÅ͸µ¿¡ ´ëÇÑ ±ÛÀ» ã¾Æº¸±â Èûµé¾î Á¦°¡
»ç¿ëÇÏ°í ÀÖ´Â ÇÊÅ͸µ ·êÀ» ¼Ò°³ÇÕ´Ï´Ù. ¿ö³« º¯Á¾µéÀÌ ¸¹°í, Á¦¸ñ À¯Çüµµ ´Ù¾çÇÏ´Ù º¸´Ï ¸¹ÀÌ °É¸®´Â
ÁÖ¿ä º¯Á¾À» Á¦¿ÜÇÏ°í´Â ±×³É ÁÖ~¿í ³ª¿ÇÏ¿´½À´Ï´Ù.
1. ÇÊÅ͸µ
procmailÀ» ÅëÇØ °£´ÜÈ÷ ¸·´Â ¹æ¹ýÀ» ¾Ë¾Æº¾½Ã´Ù.
/etc/procmailrc ¿¡ ´ÙÀ½À» Ãß°¡Çؼ ¼ö½Å ¹ÞÀº ¿úÀ» º°µµ ÆÄÀÏ·Î ÀúÀåÇϰųª »èÁ¦ÇÒ ¼ö ÀÖ½À´Ï´Ù.
WORM_LOG= "/data/WORM.log"
# -------------------------
# Win32/Netsky.worm.28008 ¿ú (º¯Á¾ Q)
#
http://info.ahnlab.com/smart2u/virus_detail_1358.html
#
http://www.symantec.com/region/kr/techsupp/avcenter/venc/data/kr-w32.netsky.q
@mm.html
# Á¦¸ñ : 'Mail Delivery (failure ¸ÞÀÏÁÖ¼Ò)'
:0D
* ^Subject:.*Mail Delivery.*failure
$WORM_LOG
:0D
* ^Subject:.*(Deliver(y|ed)*|Error|Fail(ed|ure)|Mail System|Status|Unknown Exception|ReturnMail).*\(.*@.*\)
$WORM_LOG
# -------------------------
# Netsky.worm.29568 ¿ú
#
http://info.ahnlab.com/smart2u/virus_detail_1351.html
:0D
* ^Subject:.(Re: )*(Administration|Bad Request|Delivery (Protection|Server)|Encrypted Mail|(Message )*Error|Extended Mail( System)*|Failure|Mail (Authentification|Server)|Notify|Protected Mail (Delivery|Request|System)|SMTP Server|Secure (SMTP Message|delivery)|Status|Test|Thank you for delivery)$
$WORM_LOG
# -------------------------
# Netsky.worm.16896.B ¿ú
#
http://info.ahnlab.com/smart2u/virus_detail_1342.html
:0D
* ^Subject:.*Re: *<.*>.*(Approved|Improved|Details|(My|Your) details|Document|(My|Your|Requested) document|Information|My information|(My|Requested) file)$
$WORM_LOG
# -------------------------
# Netsky.worm.17424 (º¯Á¾ D) ¶Ç´Â Netsky.worm.27648 (º¯Á¾ G)
# µÎ º¯Á¾ ¿úÀÇ ¸ÞÀÏ Á¦¸ñÀº µ¿ÀÏÇÔ
#
http://info.ahnlab.com/smart2u/virus_detail_1330.html
#
http://info.ahnlab.com/smart2u/virus_detail_1336.html
:0D
* ^Subject:.(Re: )*([Aa]pproved|[Dd]etails|Document|(Excel|Word) file|[Hh]ello|[Hh]i|here|My datails|Message|[Tt]hanks!)$
$WORM_LOG
:0D
* ^Subject: *Re: *Your [a-z][a-z][a-z]+$
$WORM_LOG
# -------------------------
# Netsky.worm º¯Á¾ ¹× ±âŸ ¿ú º¯Á¾
#
http://www.krcert.org/detail/2004/Win32_Netsky.html
:0D
* ^Subject:.(Re: )*(improved|(Approved |word |Your )*document|Info|hey|read it immediately|(important )*[i|I]nformation|something for you|Hello.*congratulations!|screensaver|Wow|test|important|[Tt]ext|website|(Error in|Stolen) document|Correction)$
$WORM_LOG
:0D
* ^Subject:.(Re: )*(Is that your (document|password)\?|Here is the document|Does it matter\?)$
$WORM_LOG
* ´Ù¿î·Îµå
http://coffeenix.net/truefeel/files/worm_filter.rc.txt
¸ÞÀÏ ³»¿ëÀº $WORM_LOG ·Î ¸ðµÎ ÀúÀå. ÇÊ¿ä¾øÀ¸¸é /dev/null ·Î Çϼ¼¿ä.
- ¸ðµÎ Á¦¸ñÀ» ÅëÇؼ¸¸ ÇÕ´Ï´Ù.
- Re: Re: Hi ¿Í °°ÀÌ 'Re:' °¡ ¿©·¯ °³ µé¾î°¡µµ ÇÊÅ͸µÀ» ÇÕ´Ï´Ù.
- ´ë¼Ò¹®ÀÚ¸¦ ±¸ÇÕ´Ï´Ù. (D ¿É¼Ç »ç¿ëÇÔ)
2. Âü°í±Û
* Netsky.worm.29568 ¿ú
http://info.ahnlab.com/smart2u/virus_detail_1351.html
* Netsky.worm.16896.B ¿ú
http://info.ahnlab.com/smart2u/virus_detail_1342.html
* Netsky ¿úÀÇ º¯Á¾¿¡ ´ëÇØ Á¤¸®µÈ ±Û
http://www.krcert.org/detail/2004/Win32_Netsky.html
Ä¿ÇǴнº Ä«Æä ÃÖ±Ù ±Û
[04/24]
º¸Çè
[04/22]
Re: OpenSSL Ãë¾àÁ¡ Á¤¸®, Logjam(·Î±×Àë)¿¡¼ Heartbleed±îÁö
[04/21]
LET¡¯S START WITH ON
[04/21]
º¸Çè
[04/20]
Á¦ÁÖ
[04/20]
±¹³»
[04/19]
Á¦ÁÖ
[04/18]
??? ?????
[04/17]
???? onion ?????? -
[04/11]
±¹°¡
[04/10]
Stride Into Dream:
[03/20]
Re: ¿Â¶óÀΰÔÀÓÀÇ Á¾ÁÖ±¹ ´ëÇѹα¹
[10/20]
Cross Compiler ±ò
[07/14]
SSL ¬¡¬°
[04/26]
Re: µµ½ºÈ¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
N
e
w
! ÃÖ±Ù¿¡ µî·ÏÇÑ ÆäÀÌÁö
KiCad EDA Suite project (Free/Libre/Open-Source EDA Suite) (CAD)
¿ÀÇÂij½ºÄÉÀ̵å ijµå (OpenCASCADE CAD)
QCad for Windows --- GNU GPL (Free Software)
The Hello World Collection
IPMI¸¦ È°¿ëÇÑ ¸®´ª½º ¼¹ö°ü¸®
DNS ¼³Á¤ °Ë»ç
nagiosgraph ¼³Ä¡ ¹æ¹ý
Slony-I ¼³Ä¡ ¹æ¹ý (postgresql replication tool)
Qmail±â¹ÝÀÇ Anti spam ½Ã½ºÅÛ ±¸ÃàÇϱâ
clusterssh
[ ÇÔ²²ÇÏ´Â »çÀÌÆ® ]
¿î¿µÁø :
ÁÁÀºÁøÈ£(truefeel)
, ¾ß¼ö(yasu), ¹ü³ÃÀÌ, sCag
2003³â 8¿ù 4ÀÏ~