태터데스크 관리자

도움말
닫기
적용하기   첫페이지 만들기

태터데스크 메시지

저장하였습니다.

'tdss'에 해당되는 글 1건

  1. 2009.11.20 TDSS Rootkit
신종악성코드정보2009.11.20 10:21


TDL Rootkit 이라고 Ahnlab 연구원분들에 의해서 소개되고 있습니다.

http://blog.naver.com/koheung/120094473744

http://blog.naver.com/hkbemil/130073534493

보통 TDSS 라는 이름으로 잘 알려져 있는 종류이며, GMER 에서도 일부 탐지가 가능합니다.

GMER 1.0.15.15121 - http://www.gmer.net
Rootkit scan 2009-10-03 13:54:24
Windows 5.1.2600 Service Pack 2


---- Kernel code sections - GMER 1.0.15 ----

.rsrc   C:\WINDOWS\system32\drivers\atapi.sys        entry point in ".rsrc" section [0xF74CB380]

---- Devices - GMER 1.0.15 ----

Device  \Driver\atapi \Device\Ide\IdePort0           [F74BE9F2] atapi.sys[unknown section]
Device  \Driver\atapi \Device\Ide\IdePort1           [F74BE9F2] atapi.sys[unknown section]
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4  [F74BE9F2] atapi.sys[unknown section]
Device  \Driver\atapi \Device\Ide\IdePort2           [F74BE9F2] atapi.sys[unknown section]
Device  \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c  [F74BE9F2] atapi.sys[unknown section]
Device  \Driver\atapi \Device\Ide\IdePort3           [F74BE9F2] atapi.sys[unknown section]
Device  \Driver\atapi \Device\Ide\IdePort4           [F74BE9F2] atapi.sys[unknown section]
Device  \Driver\atapi \Device\Ide\IdePort5           [F74BE9F2] atapi.sys[unknown section]

---- Processes - GMER 1.0.15 ----

Library  \\?\globalroot\Device\Ide\IdePort5\kbwwiibi\kbwwiibi\tdlwsp.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1736]  0x10000000

---- EOF - GMER 1.0.15 ----

문제는 변종이 계속 출현하고 있다는 것이겠죠.

사용자 삽입 이미지

TDSS 2009년 2월달 진단 자료

TDSS39f5.tmp.XXX
http://www.virustotal.com/analisis/2ab3a7528eb89dfe991ed67be41abb96 7/39

TDSS3d49.tmp.XXX
http://www.virustotal.com/analisis/683a909814398c5c37e63f62763cca2e 8/39

TDSS3f8d.tmp.XXX
http://www.virustotal.com/analisis/5d193fe0a9cd17746b840f4f45d4b0e2 8/39

TDSS4268.tmp.XXX
http://www.virustotal.com/analisis/b20f940f7f9b7cc1ad62619c524795d2 8/39

TDSSarxx.dll.XXX
http://www.virustotal.com/analisis/ab35795759c82c4a1392916a2127f5c1 8/39

TDSSarxx_14a8.VIR.XXX
http://www.virustotal.com/analisis/c09fd4657593cbdc9e2fcde2265f03d1 8/39

TDSSnvuo.dll.XXX
http://www.virustotal.com/analisis/d770f39798d1fada7e8de93ad51a6004 8/39

TDSSnvuo_14a8.VIR.XXX
http://www.virustotal.com/analisis/d03556cc07ccf450f6fac2b9eb838c40 8/39

TDSSoitu.dll.XXX
http://www.virustotal.com/analisis/1459b791331c79b7dfeb5f7b43b06d6f 8/37

TDSSoitu_14a8.VIR.XXX
http://www.virustotal.com/analisis/6ddfe9d958aa8587ae9cf915e48b27e9 7/38

TDSSpxwt.sys.XXX
http://www.virustotal.com/analisis/fb7881f967f9ac996e20a2c0f9a718cf 7/39

TDSSpxwt_14a8.VIR.XXX
http://www.virustotal.com/analisis/eec28ee5eeb3f61008e2c3b020bf80f5 7/39

TDSSpxwt_50c.VIR.XXX
http://www.virustotal.com/analisis/730c123ac682973566dbe58451bb5643 7/39

TDSSvoqm.dll.XXX
http://www.virustotal.com/analisis/413ae962ed49aa084d390cee80256782 8/39

TDSSvoqm_14a8.VIR.XXX
http://www.virustotal.com/analisis/da04edde864a269f1a59ec2692ecbe77 8/39


Posted by viruslab
TAG