Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
*
HanIRCÀÇ #coffeenix ¹æ
[
Àåºñ ¹× ȸ¼± ÈÄ¿ø
]
> Forum <
IT ÀÏÁ¤
N
e
w
!
ÀÚµ¿È ÇÁ·ÎÁ§Æ®
HOME
>
º¸¾È(security)
>
¹ÙÀÌ·¯½º(virus) / ¿ú / ¹é½Å
µµ¿ò¸»
°Ë»ö :
»çÀÌÆ®
WHOIS
À¥¼¹ö Á¾·ù
Linux/OSF-8759 ¿ú ¹ÙÀÌ·¯½º Ä¡·á ¿¹
ÀÛ¼ºÀÏ : 2003/08/26 21:46
±Û¾´ÀÌ : ÁÁÀºÁøÈ£ (
http://coffeenix.net/
)
Á¶È¸¼ö : 8108
[
ÀÌÀüȸé
/
¼öÁ¤
] ºñ¹Ð¹øÈ£ :
Á¦ ¸ñ : Linux/OSF-8759 ¿ú ¹ÙÀÌ·¯½º Ä¡·á ¿¹
ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel,
http://coffeenix.net/
)
ÀÛ¼ºÀÏ : 2003.8.26(È)
¾Æ´Â ºÐÀÇ ¼¹ö¿¡ ÀÌ»óÇö»óÀÌ ÀÖ´Ù°í ÇÏ¿© È®ÀÎÇغôµ¥,
ps ÇßÀ» ¶§ ls°¡ °è¼Ó ¶ç¿öÁ®ÀÖ¾ú´Ù. ¶ÇÇÑ netstat -aunpÇßÀ» ¶§ UDP 3049 Æ÷Æ®µµ ¿·Á
ÀÖ¾ú´Ù. ¹Ù·Î Linux/OSF-8759 (¿ú)¹ÙÀÌ·¯½º°¡ µ¿ÀÛÇÏ°í ÀÖ´ø °ÍÀÌ´Ù.
»ö´Ù¸¥ °æÇèÀÇ ½ÃÀÛÀ̾ú´Ù.
Linux/OSF-8759 ¹ÙÀÌ·¯½ºÀÇ Æ¯Â¡Àº
- UDP 3049 Æ÷Æ® ¶Ç´Â ±× ÀÌ»óÀÇ Æ÷Æ®¸¦ ¹éµµ¾î·Î ¿¾îµÎ°í
- ELF ½ÇÇàÆÄÀÏÀ» °¨¿°Çϸç, ÆÄÀÏ Å©±â¸¦ 8759bytes Áõ°¡ ½ÃŲ´Ù.
- "ps"·Î ³¡³ª´Â ÆÄÀÏÀº °¨¿°½ÃÅ°Áö ¾Ê´Â´Ù. <- ¹®Á¦ ÇØ°áÀÇ ÇÙ½ÉÀÌ µÉ ¼ö ÀÖÀ½
virus scanner, detectorÀÇ ÆÄÀϸíÀº ps ·Î ³¡³ªµµ·Ï Çضó
- uptimeÀÌ 5ºÐ À̳»ÀÏ °æ¿ì¿¡´Â ¹ÙÀÌ·¯½º°¡ µ¿ÀÛÇÏÁö ¾Ê´Â´Ù.
Á¤È®È÷ 5ºÐÀÌ Áö³ª¸é 3049 Æ÷Æ®°¡ ¿¸°´Ù.
---------------------------------------------------------------
#
netstat -aunp
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
... »ý·« ...
udp 0 0 0.0.0.0:3049 0.0.0.0:* 32133/ls
... »ý·« ...
---------------------------------------------------------------
kill -9 32133 À» Çصµ ¶Ç´Ù½Ã ls, netstat µîÀÇ ÇÁ·Î±×·¥¿¡ ÀÇÇØ ÇØ´ç Æ÷Æ®°¡ ¿·È´Ù.
1) ¿ì¼± AntiVir¸¦ ¼³Ä¡Çؼ ½ºÄ³´×Çغ¸¾Ò´Ù.
±×·±µ¥ antivir ¸¦ ½ÇÇàÇÏ´Â ¼ø°£ 211 ¿À·ù¸¦ ¹ß»ýÇÏ¸é¼ Á¾·áµÇ¾ú´Ù.
Áï, ls ³ª mv, cp µîÀÇ ¸í·ÉÀÌ ÀÌ¹Ì °É·ÁÀÖ´Â »óÅÂÀ̹ǷΠ/usr/lib/AntiVir µð·ºÅ丮
¿¡¼ ls¸¸ Çصµ antivir±îÁö °¨¿°µÈ °ÍÀÌ´Ù.
Á¶½É½º·´°Ô ´Ù½Ã ¼³Ä¡ÇÏ°í antivir --allfiles -s /
¾öû³ °³¼öÀÇ ½ÇÇàÆÄÀÏ(/bin, /usr/bin, /sbin, /usr/sbin ÀÇ °ÅÀÇ ¸ðµç ÆÄÀÏ)ÀÌ
°É·ÁÀÖ¾ú´Ù.
---------------------------------------------------------------
#
antivir --allfiles -s /
AntiVir / Linux Version 2.0.8-1
Copyright (C) 1994-2003 by H+BEDV Datentechnik GmbH.
All rights reserved.
Loading /usr/lib/AntiVir/antivir.vdf ...
... »ý·« ...
/bin/ln
Date: 9.08.2001 Time: 22:01:19 Size: 29107
ALERT: [Linux/OSF-8759 virus] /bin/ln <<< Contains signature of the Linux virus Linux/OSF-8759
/bin/ls
Date: 9.08.2001 Time: 22:01:19 Size: 54707
ALERT: [Linux/OSF-8759 virus] /bin/ls <<< Contains signature of the Linux virus Linux/OSF-8759
... »ý·« ...
---------------------------------------------------------------
antivir --allfiles -s -e / ·Î Ä¡·á¸¦ ÇÏ·Á ÇßÀ¸³ª Á¤»óÀûÀ¸·Î µÇÁö ¾Ê¾Ò´Ù.
2) ±×·¡¼ Linux/OSF-8759 Àü¿ë Å©¸®³Ê·Î Ä¡·á Çϱâ·Î Çß´Ù.
http://packetstormsecurity.nl/trojans/clean-osf.8759.tgz
---------------------------------------------------------------
#
tar xvfz clean-osf.8759.tgz
#
cd clean-osf.8759
#
./clean-osf.8759-ps
*** Linux/OSF-8759 Virus Cleaner
*** by Druid
*** Greetz: vMatriCS + Casper & the other Dionis admins
./clean-osf.8759-ps: no targets specified
Scan a list of files/dirs for the Linux/OSF-8759 virus
and desinfect them if the virus is found
Usage: ./clean-osf.8759-ps [-s] [-v] [-r] [-l] [-f] [-x] [-p] path...
-s Don't clean, just report infected files
-v Prompt when a virus is found
-r Don't recurse directories
-l Follow symbolic links
-f Don't go on other filesystems
-x Scan only executable files (+x)
-p Don't skip special dirs (/dev, /proc)
---------------------------------------------------------------
./clean-osf.8759-ps -v /bin ·Î Á¤»óÄ¡·áÇÏ´ÂÁö Å×½ºÆ®.
¿Ïº®ÇÏ°Ô Ä¡·áÇÏ´Â °ÍÀ» È®ÀÎ ÈÄ¿¡ Àüü ÆÄÀϽýºÅÛÀ» Ä¡·áÇß´Ù.
---------------------------------------------------------------
#
./c-ps -v /bin
*** Linux/OSF-8759 Virus Cleaner
*** by Druid
*** Greetz: vMatriCS + Casper & the other Dionis admins
Scanning: /bin
Infected: /bin/ping
Clean (Yes / No / clean All / Clean none / eXit) ? a
Infected: /bin/ping - DISINFECTED
Infected: /bin/mail - DISINFECTED
Infected: /bin/mktemp - DISINFECTED
Infected: /bin/hostname - DISINFECTED
Infected: /bin/netstat - DISINFECTED
... »ý·« ...
Scan ended
***** Scan Results *****
Your system was infected with Linux/OSF/8759!
Thanks to this proggy the virus was removed ;)
Directories : 1
Files : 70
Infected : 68
Cleaned : 68
Unknown : 0
---------------------------------------------------------------
3) ¿©·¯ ¹øÀÇ Ä¡·á¿Í
OSF-8759 Àü¿ë Å©¸®³Ê¿Í antivirÀ¸·Î ÀçÂ÷ È®ÀÎÇÏ¿© ÆÄÀÏÀº ¿Ïº®ÇÏ°Ô Ä¡·áµÇ¾ú´Ù.
netstat -aunp·Î UDP 3049 Æ÷Æ®¸¦ »ç¿ëÇÏ´Â ÇÁ·Î¼¼½º´Â kill ÇÏ¿´´Ù.
Ä¿ÇǴнº Ä«Æä ÃÖ±Ù ±Û
[04/18]
??? ?????
[04/17]
???? onion ?????? -
[04/11]
±¹°¡
[04/10]
Stride Into Dream:
[03/20]
Re: ¿Â¶óÀΰÔÀÓÀÇ Á¾ÁÖ±¹ ´ëÇѹα¹
[10/20]
Cross Compiler ±ò
[07/14]
SSL ¬¡¬°
[04/26]
Re: µµ½ºÈ¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
[04/25]
µµ½ºÈ¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
[10/30]
Cshell¿¡¼ ³¼ö ¼³Á¤
[10/23]
°øÇ×öµµÁÖ½Äȸ»ç SE ±¸ÀÎ Ëì
[01/26]
Re: wgetÀ¸·Î ´Ù¸¥¼¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
[01/25]
wgetÀ¸·Î ´Ù¸¥¼¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
[01/11]
ƯÁ¤ ¾Èµå·ÎÀ̵å WebView ¹öÀü¿¡¼ SSL ¹®Á¦ (WebView ¹ö±×)
[08/01]
DNS forwarder (Àü´ÞÀÚ) ¼¹ö¸¦ ÅëÇؼ Äõ¸®ÇÏ¸é ¿ª¹æÇâÀ» ¹Þ¾Æ¿ÀÁú ¸øÇÕ´Ï´Ù.
N
e
w
! ÃÖ±Ù¿¡ µî·ÏÇÑ ÆäÀÌÁö
KiCad EDA Suite project (Free/Libre/Open-Source EDA Suite) (CAD)
¿ÀÇÂij½ºÄÉÀ̵å ijµå (OpenCASCADE CAD)
QCad for Windows --- GNU GPL (Free Software)
The Hello World Collection
IPMI¸¦ È°¿ëÇÑ ¸®´ª½º ¼¹ö°ü¸®
DNS ¼³Á¤ °Ë»ç
nagiosgraph ¼³Ä¡ ¹æ¹ý
Slony-I ¼³Ä¡ ¹æ¹ý (postgresql replication tool)
Qmail±â¹ÝÀÇ Anti spam ½Ã½ºÅÛ ±¸ÃàÇϱâ
clusterssh
[ ÇÔ²²ÇÏ´Â »çÀÌÆ® ]
¿î¿µÁø :
ÁÁÀºÁøÈ£(truefeel)
, ¾ß¼ö(yasu), ¹ü³ÃÀÌ, sCag
2003³â 8¿ù 4ÀÏ~