{"id":10362,"date":"2014-12-10T09:00:58","date_gmt":"2014-12-10T01:00:58","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=10362"},"modified":"2014-12-03T10:53:01","modified_gmt":"2014-12-03T02:53:01","slug":"%e6%96%b0%e8%88%8a%e6%af%94%e8%bc%83%ef%bc%9aapt-%e7%9b%ae%e6%a8%99%e9%87%9d%e5%b0%8d%e6%80%a7%e6%94%bb%e6%93%8a%e6%89%80%e7%94%a8%e7%9a%84%e6%bc%8f%e6%b4%9e","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=10362","title":{"rendered":"\u65b0\u820a\u6bd4\u8f03\uff1aAPT \u76ee\u6a19\u91dd\u5c0d\u6027\u653b\u64ca\u6240\u7528\u7684\u6f0f\u6d1e"},"content":{"rendered":"

\u6700\u8fd1\u4e00\u8d77\u65b0\u767c\u73fe\u7684\u7db2\u8def\u9593\u8adc\u6d3b\u52d5\u88ab\u5927\u8086\u7684\u5831\u5c0e\u8457\uff0c\u7531\u88ab\u7a31\u70ba\u300cSandworm Team\u300d\u7684\u5718\u9ad4\u6240\u767c\u52d5\u3002\u9019\u8d77\u653b\u64ca\u7684\u6838\u5fc3\u662f\u80fd\u5920\u5f71\u97ff\u6240\u6709\u73fe\u884c\u652f\u63f4\u4e2d\u7684\u5fae\u8edfWindows\u7248\u672c\u548cWindows Server 2008\u53ca2012\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e<\/a>\u3002<\/p>\n

\u6839\u64da\u8da8\u52e2\u79d1\u6280\u7684\u5206\u6790<\/a>\uff0c\u8a72\u6f0f\u6d1e\u8b93\u653b\u64ca\u8005\u80fd\u5920\u900f\u904e\u5fae\u8edfWindows\u548cServer\u4e0a\u7684OLE\u5c01\u88dd\u7ba1\u7406\u7a0b\u5f0f\u6f0f\u6d1e\u4f86\u57f7\u884c\u53e6\u4e00\u500b\u60e1\u610f\u8edf\u9ad4\u3002\u4e4b\u524d\u7684\u5831\u544a\u8aaa\u660e\u8a72\u6f0f\u6d1e\u88ab\u7528\u5728\u91dd\u5c0d\u5e7e\u500b\u7d44\u7e54\u548c\u7522\u696d\u7684\u91dd\u5c0d\u6027\u653b\u64ca\u4e2d\u3002\u8da8\u52e2\u79d1\u6280\u7814\u7a76\u4eba\u54e1\u7684\u5206\u6790\u986f\u793a\uff0c\u9019\u653b\u64ca\u548c\u8cc7\u6599\u8490\u96c6\u8207\u76e3\u63a7\u7cfb\u7d71\uff08SCADA\uff09\u6709\u95dc\u76ee\u6a19<\/a>\u6709\u8457\u5bc6\u5207\u95dc\u9023\u3002\u6b64\u5916\uff0c\u9019\u500b\u6f0f\u6d1e\u5f88\u5feb\u5c31\u88ab\u7528\u5728\u53e6\u4e00\u8d77\u63a1\u7528\u65b0\u898f\u907f\u6280\u8853<\/a>\uff08\u5c07\u60e1\u610f\u6a94\u6848\u5d4c\u5165PPSX\u6a94\u6848\uff09\u7684\u653b\u64ca\u3002<\/p>\n

\"APT\"<\/a><\/p>\n

\u6709\u6642\u820a\uff0c\u6709\u6642\u65b0<\/em><\/strong><\/p>\n

\u4e26\u4e0d\u662f\u53ea\u6709\u96f6\u6642\u5dee\u6f0f\u6d1e\u6703\u88ab\u7528\u5728\u91dd\u5c0d\u6027\u653b\u64ca\u4e0a\u3002\u57282014\u5e74\u4e0a\u534a\u5e74\uff0c\u8da8\u52e2\u79d1\u6280<\/a>\u770b\u5230\u653b\u64ca\u8005\u4ecd\u7136\u91cd\u5ea6\u7684\u4f7f\u7528\u8f03\u820a\u7684\u6f0f\u6d1e\u3002\u6700\u597d\u7684\u4f8b\u5b50\u83ab\u904e\u65bcCVE-2012-0158<\/a>\uff0c\u9019\u662f\u8ddfWindows\u516c\u5171\u63a7\u5236\u9805\u6709\u95dc\u7684\u6f0f\u6d1e\u3002\u5118\u7ba1\u81ea2012\u5e74\u521d\u5c31\u6709\u4e86\u4fee\u88dc\u7a0b\u5f0f<\/a>\uff0c\u4f46\u9019\u6f0f\u6d1e\u5df2\u88ab\u8b49\u660e\u662fAPT\u653b\u64ca \/\u76ee\u6a19\u653b\u64ca<\/a>\u4e2d\u4e0d\u53ef\u6216\u7f3a\u7684\u5de5\u5177\uff0c\u5305\u62ec\u4e86PLEAD\u653b\u64ca\u6d3b\u52d5<\/a>\u3002<\/p>\n

\u7576\u7136\uff0c\u9019\u4e26\u4e0d\u4ee3\u8868\u96f6\u6642\u5dee\u6f0f\u6d1e\u6c92\u6709\u57282014\u5e74\u9020\u6210\u5a01\u8105\u3002\u4e00\u500b\u91dd\u5c0d\u597d\u5e7e\u500b\u5927\u4f7f\u9928\u7684APT\u653b\u64ca \/\u76ee\u6a19\u653b\u64ca<\/a>\u88ab\u767c\u73fe\u6703\u5229\u7528\u4e00\u500bWindows\u96f6\u6642\u5dee\u6f0f\u6d1e<\/a>\u3002\u9019\u500b\u6f0f\u6d1e\u5728\u5e7e\u5929\u5f8c\u88ab\u4fee\u88dc \u2013\u503c\u5f97\u6ce8\u610f\u7684\u662f\u9019\u767c\u751f\u5728Windows XP\u505c\u6b62\u652f\u63f4\u524d\uff0c\u800cWindows XP\u4e5f\u662f\u53d7\u5f71\u97ff\u7684\u5e73\u81fa\u3002\u53e6\u4e00\u500b\u96f6\u6642\u5dee\u6f0f\u6d1e<\/a>\u4e5f\u88abTaidoor\u653b\u64ca\u6d3b\u52d5\u7684\u5e55\u5f8c\u9ed1\u624b\u91cd\u5ea6\u7684\u4f7f\u7528\u5728\u653b\u64ca\u4e2d\u3002\u9019\u500b\u96f6\u6642\u5dee\u6f0f\u6d1e\u5728\u4e09\u6708\u5f8c\u671f\u88ab\u767c\u73fe\uff0c\u4fee\u88dc\u7a0b\u5f0f\u5728\u56db\u6708\u7684\u79ae\u62dc\u4e8c\u66f4\u65b0\u63a8\u51fa\u3002<\/p>\n

\u5404\u64c5\u52dd\u5834<\/em><\/strong><\/p>\n

\u6f0f\u6d1e\u5e7e\u4e4e\u90fd\u6703\u88ab\u5ee0\u5546\u52a0\u4ee5\u4fee\u88dc\uff0c\u5c24\u5176\u662f\u88ab\u8a8d\u70ba\u662f\u95dc\u9375\u6027\u7684\u6f0f\u6d1e\u3002\u4f46\u5118\u7ba1\u6709\u4fee\u88dc\u7a0b\u5f0f\u5b58\u5728\uff0c\u4e5f\u4e0d\u662f\u6240\u6709\u7684\u4f7f\u7528\u8005\u548c\u7d44\u7e54\u90fd\u6703\u52a0\u4ee5\u66f4\u65b0\u6216\u7acb\u5373\u66f4\u65b0\u3002\u539f\u56e0\u4e4b\u4e00\u662f\u66f4\u65b0\u4fee\u88dc\u7a0b\u5f0f\u53ef\u80fd\u6703\u4e2d\u65b7\u71df\u904b\u3002\u6216\u8005\u662f\u6703\u7d93\u904e\u8f03\u9577\u7684\u5ef6\u9072\u6642\u9593\u624d\u66f4\u65b0\u4fee\u88dc\u7a0b\u5f0f\uff0c\u56e0\u70ba\u5728\u4f01\u696d\u74b0\u5883\u4e2d\u66f4\u65b0\u4fee\u88dc\u7a0b\u5f0f\u9700\u8981\u5148\u7d93\u904e\u6e2c\u8a66\u3002<\/p>\n

\u5f9e\u9019\u89d2\u5ea6\u4e0a\uff0c\u653b\u64ca\u8005\u6703\u56e0\u70ba\u300c\u53ef\u9760\u6027\u300d\u800c\u4f7f\u7528\u820a\u6f0f\u6d1e\u3002\u6709\u4e9b\u5df2\u7d93\u5145\u5206\u6e2c\u8a66\u904e\u7684\u6f0f\u6d1e\u53ef\u4ee5\u5728\u76ee\u6a19\u7db2\u8def\u548c\u7d44\u7e54\u4e2d\u767c\u73fe\u3002\u4e26\u4e14\u56e0\u70ba\u9019\u4e9b\u6f0f\u6d1e\u5df2\u7d93\u5b58\u5728\u591a\u5e74\uff0c\u8b93\u653b\u64ca\u8005\u66f4\u80fd\u5920\u53bb\u7522\u751f\u5b8c\u7f8e\u7684\u60e1\u610f\u8edf\u9ad4\u6216\u5a01\u8105\u4f86\u5229\u7528\u6b64\u6f0f\u6d1e\u3002<\/p>\n

\u5728\u53e6\u4e00\u65b9\u9762\uff0c\u65b0\u7684\u6f0f\u6d1e\u53ef\u4ee5\u8b93\u653b\u64ca\u8005\u53d6\u5f97\u4e0a\u98a8\u3002\u96f6\u6642\u5dee\u6f0f\u6d1e\u53ef\u4ee5\u8b93\u6240\u6709\u4eba\u90fd\u63aa\u624b\u4e0d\u53ca\uff0c\u5305\u62ec\u4e86\u5b89\u5168\u5ee0\u5546\u3002\u4f9b\u61c9\u5546\u8981\u4e0d\u65b7\u5730\u53bb\u5efa\u7acb\u5fc5\u8981\u7684\u5b89\u5168\u63aa\u65bd\u548c\u5c0d\u61c9\u7684\u4fee\u88dc\u7a0b\u5f0f\uff0c\u96f6\u6642\u5dee\u6f0f\u6d1e\u53ef\u4ee5\u5229\u7528\u300c\u5b89\u5168\u7a7a\u7a97\u671f\u300d\u4f86\u653b\u64ca\uff0c\u751a\u81f3\u80fd\u5920\u5f71\u97ff\u6700\u5b89\u5168\u7684\u74b0\u5883\u3002\u5728\u9019\u500b\u610f\u7fa9\u4e0a\uff0c\u96f6\u6642\u5dee\u6f0f\u6d1e\u53ef\u4ee5\u88ab\u8a8d\u70ba\u66f4\u6709\u6548\u4e5f\u66f4\u5177\u5371\u96aa\u6027\u3002<\/p>\n

\u5982\u679c\u53d7\u5f71\u97ff\u5e73\u81fa\u6216\u61c9\u7528\u7a0b\u5f0f\u5df2\u7d93\u904e\u6642\u6216\u8d85\u904e\u652f\u63f4\u671f\u9650\uff0c\u90a3\u9ebc\u96f6\u6642\u5dee\u6f0f\u6d1e\u6703\u66f4\u52a0\u6709\u6548\u3002\u56e0\u70ba\u6c92\u6709\u4fee\u88dc\u7a0b\u5f0f\u53ef\u7528\uff0c\u53ef\u4ee5\u9032\u884c\u96f6\u6642\u5dee\u6f0f\u6d1e\u653b\u64ca\u7684\u5b89\u5168\u7a7a\u7a97\u671f\u5c31\u6703\u8b8a\u6210\u7121\u9650\u9577\u3002<\/p>\n

\u4e00\u500b\u5f88\u597d\u7684\u4f8b\u5b50\u662f\u4e00\u500b \u76ee\u6a19\u653b\u64ca<\/a>\u5229\u7528\u4e86IE\u700f\u89bd\u5668\u6f0f\u6d1e<\/a>\u3002\u9019\u500b\u6f0f\u6d1e\uff08CVE-2014-1776<\/a>\uff09\u53d7\u5230\u5927\u91cf\u7684\u95dc\u6ce8\uff0c\u56e0\u70ba\u6700\u521d\u5831\u5c0e\u6307\u51fa\u5fae\u8edf\u4e0d\u6703\u767c\u8868Windows XP\u4e0a\u7684\u4fee\u88dc\u7a0b\u5f0f\u3002\u4e0d\u904e\u5f88\u5feb\u5c31\u6709\u4fee\u88dc\u7a0b\u5f0f\u91cb\u51fa\u5728\u8a72\u5e73\u81fa\u4e0a\u3002<\/p>\n

<\/p>\n

\u5c0d\u7b56\u53ca\u89e3\u6c7a\u65b9\u6cd5<\/em><\/strong><\/p>\n

\u89e3\u6c7a\u91dd\u5c0d\u6027\u653b\u64ca\u4e0d\u50c5\u9700\u8981\u6b63\u78ba\u7684\u5de5\u5177\uff0c\u9084\u8981\u6709\u6b63\u78ba\u7684\u5fc3\u614b\u3002\u5728\u6211\u5011\u7684\u6587\u7ae0\uff1a\u300cIT\u7ba1\u7406\u54e1\u5c0dAPT\u653b\u64ca\u5e38\u898b\u7684\u8aa4\u89e3<\/a>\u300d\u4e2d\uff0c\u6211\u5011\u5217\u8209\u4e86\u5e7e\u500b\u53ef\u80fd\u6703\u5927\u5927\u5730\u5f71\u97ff\u7db2\u8def\u5b89\u5168\u7684\u8aa4\u89e3\u3002\u5305\u62ec\u91dd\u5c0d\u6027\u653b\u64ca\u4e00\u5b9a\u6703\u4f7f\u7528\u96f6\u6642\u5dee\u6f0f\u6d1e\u7684\u932f\u89ba\u3002\u6b63\u5982\u6211\u5011\u6240\u770b\u5230\u7684\uff0c\u653b\u64ca\u8005\u4e0d\u6703\u81ea\u9650\u65bc\u4f7f\u7528\u96f6\u6642\u5dee\u6f0f\u6d1e\u3002\u820a\u6f0f\u6d1e\u5176\u5be6\u8f03\u96f6\u6642\u5dee\u6f0f\u6d1e\u66f4\u53d7\u9752\u775e\u3002\u9019\u5f37\u8abf\u4e86\u8981\u66f4\u65b0\u6240\u6709\u53ef\u7528\u5b89\u5168\u4fee\u88dc\u7a0b\u5f0f\u7684\u91cd\u8981\u6027\u3002<\/p>\n

\u89e3\u6c7a\u96f6\u6642\u5dee\u6f0f\u6d1e\u554f\u984c\u53ef\u80fd\u5f88\u56f0\u96e3\uff0c\u4f46\u4e26\u975e\u4e0d\u53ef\u80fd\u3002\u985e\u4f3c\u865b\u64ec\u4fee\u88dc\u7a0b\u5f0f\u9019\u6a23\u7684\u505a\u6cd5\u53ef\u4ee5\u5e6b\u52a9\u6e1b\u8f15\u96f6\u6642\u5dee\u6f0f\u6d1e\u548c\u4e0d\u53d7\u652f\u63f4\u7cfb\u7d71\u6240\u5e36\u4f86\u7684\u5a01\u8105\u3002\u871c\u7f50\u7cfb\u7d71\uff08\u53ef\u4ee5\u7528\u4f86\u5438\u5f15\u653b\u64ca\u8005\uff09\u80fd\u5920\u5728\u65e9\u671f\u968e\u6bb5\u6a19\u8a18\u653b\u64ca\u3002\u985e\u4f3c\u555f\u767c\u5f0f\u6383\u63cf\u548c\u6c99\u7bb1\u9632\u8b77<\/a>\u7b49\u6280\u8853\u53ef\u4ee5\u7528\u4f86\u5e6b\u52a9\u8b58\u5225\u53ef\u7591\u7684\u6a94\u6848\uff0c\u4e26\u5728\u63a7\u5236\u74b0\u5883\u5167\u57f7\u884c\u8a72\u6a94\u6848\u800c\u4e0d\u6703\u5c0d\u7db2\u8def\u9020\u6210\u5f71\u97ff\u3002\u7d44\u7e54\u4e5f\u61c9\u8a72\u8981\u52a0\u5f37\u54e1\u5de5\u7684\u6559\u80b2\u8a13\u7df4\u3002\u96fb\u5b50\u90f5\u4ef6\u8a98\u990c\u5f80\u5f80\u6703\u51fa\u73fe\u5728\u91dd\u5c0d\u6027\u653b\u64ca\u7684\u7b2c\u4e00\u968e\u6bb5\ufe54\u5982\u679c\u54e1\u5de5\u6709\u53d7\u904e\u8a13\u7df4\u4f86\u8b58\u5225\u53ef\u7591\u7684\u90f5\u4ef6\uff0c\u5c31\u53ef\u4ee5\u5927\u5927\u5730\u5f37\u5316\u7db2\u8def\u9632\u79a6\u3002<\/p>\n

\u8da8\u52e2\u79d1\u6280Deep Security\u53ef\u4ee5\u900f\u904e\u4e0b\u5217\u898f\u5247\u4f86\u9632\u8b77\u9019\u7bc7\u6587\u7ae0\u4e2d\u6240\u63d0\u5230\u7684\u96f6\u6642\u5dee\u6f0f\u6d1e\uff1a<\/p>\n

 <\/p>\n