{"id":12444,"date":"2015-05-21T14:00:33","date_gmt":"2015-05-21T06:00:33","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=12444"},"modified":"2015-09-09T16:44:28","modified_gmt":"2015-09-09T08:44:28","slug":"%e5%bb%a3%e5%91%8a%e7%b6%b2%e8%b7%af%e8%a2%ab%e5%85%a5%e4%be%b5%ef%bc%8c%e4%bd%bf%e7%94%a8%e8%80%85%e6%88%90%e7%82%banuclear%e6%bc%8f%e6%b4%9e%e6%94%bb%e6%93%8a%e5%8c%85%e7%9a%84%e5%8f%97%e5%ae%b3","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=12444","title":{"rendered":"\u5ee3\u544a\u7db2\u8def\u88ab\u5165\u4fb5\uff0c\u4f7f\u7528\u8005\u6210\u70baNuclear\u6f0f\u6d1e\u653b\u64ca\u5305\u7684\u53d7\u5bb3\u8005"},"content":{"rendered":"<p>&nbsp;<\/p>\n<p>MadAdsMedia\uff0c\u9019\u662f\u4e00\u5bb6\u7f8e\u570b\u7684\u7db2\u8def\u5ee3\u544a\u5546\uff0c\u6700\u8fd1\u906d\u53d7\u5230\u7db2\u8def\u72af\u7f6a\u4efd\u5b50\u7684\u5165\u4fb5\uff0c\u5c0e\u81f4\u4f7f\u7528\u4ed6\u5011\u5ee3\u544a\u5e73\u53f0\u7684\u7db2\u7ad9\u5e36\u7d66\u8a2a\u5ba2\u51fa\u81ea<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/exploit-kits-past-present-and-future\">Nuclear\u6f0f\u6d1e\u653b\u64ca\u5305<\/a>\u7684Adobe Flash\u6f0f\u6d1e\u653b\u64ca\u3002\u6bcf\u5929\u6709\u591a\u905412,500\u540d\u7684\u4f7f\u7528\u8005\u53ef\u80fd\u53d7\u5230\u6b64\u5a01\u8105\u7684\u5f71\u97ff\uff1b\u5176\u4e2d\u6709\u4e09\u500b\u570b\u5bb6\u4f54\u4e86\u4e00\u534a\u4ee5\u4e0a\u7684\u9ede\u64ca\u91cf\uff1a\u65e5\u672c\u3001\u7f8e\u570b\u548c\u6fb3\u6d32\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2015\/05\/MadAds1.jpg\" alt=\"\" width=\"625\" height=\"264\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><em>\u57161<\/em><em>\u3001\u9019\u6b21\u653b\u64ca\u6700\u65e9\u51fa\u73fe\u5728\u56db\u6708\uff0c\u96d6\u7136\u6d41\u91cf\u76f8\u8f03\u8d77\u4f86\u6bd4\u8f03\u4f4e\u3002\u53d7\u5f71\u97ff\u4f7f\u7528\u8005\u7684\u6578\u91cf\u5728\u4e94\u6708\u521d\u958b\u59cb\u51fa\u73fe\u986f\u8457\u6210\u9577\uff0c\u57285<\/em><em>\u67082<\/em><em>\u65e5\u9054\u5230\u6bcf\u65e512,500<\/em><em>\u540d\u53d7\u5f71\u97ff\u4f7f\u7528\u8005\u7684\u9ad8\u5cf0\u3002<\/em><\/p>\n<p>\u6700\u521d\uff0c<a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2651&amp;name=20110916\">\u8da8\u52e2\u79d1\u6280<\/a>\u8a8d\u70ba\u9019\u662f\u53e6\u4e00\u7a2e\u578b\u614b\u7684\u60e1\u610f\u5ee3\u544a\uff0c\u4f46\u5f8c\u4f86\u6240\u767c\u73fe\u7684\u8b49\u64da\u986f\u793a\u4e26\u975e\u5982\u6b64\u3002\u4e00\u822c\u7684\u60e1\u610f\u5ee3\u544a\u653b\u64ca\u6703\u662f\u7531\u653b\u64ca\u8005\u6240\u8a3b\u518a\u5ee3\u544a\u8edf\u9ad4\u4f86\u89f8\u767c\u7684\u91cd\u65b0\u5c0e\u5411\u3002\u4f46\u5728MadAdsMedia\u4e8b\u4ef6\u4e2d\u4e26\u975e\u5982\u6b64\u3002\u6211\u5011\u770b\u5230\u5176JavaScript\u00a0\u7a0b\u5f0f\u5eab\u7684\u7db2\u5740\u51fa\u73fe\u7570\u5e38\u884c\u70ba \u2013 \u9019\u539f\u672c\u662f\u7528\u4f86\u5206\u914d\u5ee3\u544a\u5982\u4f55\u986f\u793a\u5728\u5ba2\u6236\u7db2\u7ad9\uff1a<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2015\/05\/MadAds3.png\" alt=\"\" width=\"542\" height=\"400\" \/><\/p>\n<p><em>\u57162<\/em><em>\u3001JavaScript<\/em><em>\u7a0b\u5f0f\u5eab\u7db2\u5740\u63d0\u4f9bJavaScript<\/em><em>\uff0c\u5c31\u5982\u9810\u671f\u7684\u4e00\u822c<\/em><\/p>\n<p><!--more--><a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2651&amp;name=20110916\">\u8da8\u52e2\u79d1\u6280<\/a>\u7684\u8abf\u67e5\u986f\u793a\u8a72\u7db2\u5740\u4e26\u4e0d\u7e3d\u662f\u63d0\u4f9bJavaScript\u7a0b\u5f0f\u78bc\uff0c\u6709\u6642\u5019\u6703\u91cd\u65b0\u5c0e\u5411\u5230<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/freshly-patched-flash-exploit-added-to-nuclear-exploit-kit\/\">Nuclear\u6f0f\u6d1e\u653b\u64ca\u5305\u4f3a\u670d\u5668<\/a>\uff1a<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2015\/05\/MadAds2.png\" alt=\"\" width=\"542\" height=\"328\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><em>\u57163<\/em><em>\u3001JavaScript<\/em><em>\u7a0b\u5f0f\u5eab\u7db2\u5740\u5c0e\u5230Nuclear<\/em><em>\u6f0f\u6d1e\u653b\u64ca\u5305\u4f3a\u670d\u5668<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u9019\u8b93\u6211\u5011\u5f97\u5230\u8a72\u5ee3\u544a\u7db2\u8def\u7528\u4f86\u5132\u5b58JavaScript\u7a0b\u5f0f\u5eab\u7684\u4f3a\u670d\u5668\u88ab\u5165\u4fb5\u7684\u7d50\u8ad6\u3002MadAdsMedia\u670d\u52d9\u4e86\u4e16\u754c\u5404\u5730\u7684\u7db2\u7ad9\uff0c\u5e7e\u500b\u53d7\u5f71\u97ff\u7db2\u7ad9\u4f3c\u4e4e\u8ddf\u52d5\u6f2b\u4f5c\u54c1\u6709\u95dc\u3002<\/p>\n<p>\u6240\u4f7f\u7528\u7684Flash\u6f0f\u6d1e\u653b\u64ca\u78bc\u91dd\u5c0d<a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2015-0359\">CVE-2015-0359<\/a>\uff0c\u9019\u662f<a href=\"https:\/\/helpx.adobe.com\/security\/products\/flash-player\/apsb15-06.html\">\u4eca\u5e74\u56db\u6708<\/a>\u624d\u4fee\u88dc\u7684\u4e00\u500b\u6f0f\u6d1e\u3002\u6709\u4e9b\u4f7f\u7528\u8005\u53ef\u80fd\u9084\u5728\u4f7f\u7528\u820a\u7248\u672c\u7684Flash\uff0c\u56e0\u6b64\u8655\u5728\u5371\u96aa\u4e2d\u3002\u9019\u500bFlash\u6f0f\u6d1e\u653b\u64ca\u78bc\u662f\u7d93\u7531Nuclear\u6f0f\u6d1e\u653b\u64ca\u5305\u6d3e\u9001\uff0c\u9019\u500b\u653b\u64ca\u5305\u5728<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/freshly-patched-flash-exploit-added-to-nuclear-exploit-kit\/\">\u6301\u7e8c\u66f4\u65b0<\/a>\u4e2d\uff0c\u52a0\u5165\u4e86\u65b0\u7684Flash\u6f0f\u6d1e\u653b\u64ca\u78bc\uff0c\u4e26\u4e14\u8ddf<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/crypto-ransomware-sightings-and-trends-for-1q-2015\/\">\u52a0\u5bc6\u52d2\u7d22\u8edf\u9ad4<\/a>\u6709\u95dc\u3002<\/p>\n<p>\u5728\u6b64\u6848\u4f8b\u4e2d\uff0c\u6211\u5011\u6240\u5206\u6790\u5230\u7684\u611f\u67d3\u93c8\u6700\u7d42\u6703\u5e36\u4f86<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/threat-encyclopedia\/malware\/BKDR_GLUPTEBA.YVA\">BKDR_GLUPTEBA.YVA<\/a>\u3002\u6211\u5011\u5df2\u7d93\u806f\u7d61\u4e86MadAdsMedia\uff0c\u5e78\u904b\u7684\u662f\u4ed6\u5011\u5f88\u5feb\u5c31\u6b64\u554f\u984c\u9032\u884c\u8abf\u67e5\u4e26\u63a1\u53d6\u884c\u52d5\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u89e3\u6c7a\u65b9\u6848\u548c\u6700\u4f73\u5be6\u4f5c<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>\u50cf\u9019\u985e\u653b\u64ca\u7a81\u986f\u4e86\u5ee3\u544a\u7db2\u8def\u4fdd\u8b77\u5176\u57fa\u790e\u8a2d\u65bd\u5b89\u5168\u514d\u65bc\u653b\u64ca\u7684\u91cd\u8981\u6027\u3002\u78ba\u4fdd<a href=\"https:\/\/www.trendmicro.com\/cloud-content\/us\/pdfs\/business\/tlp_web_application_vulnerabilities.pdf\">\u7db2\u9801\u4f3a\u670d\u5668\u548c\u61c9\u7528\u7a0b\u5f0f\u5b89\u5168<\/a>\u5c07\u6709\u52a9\u65bc\u78ba\u4fdd\u5c0d\u5176\u696d\u52d9\u548c\u5ba2\u6236\u7684\u4fdd\u8b77\u3002<\/p>\n<p>\u800c\u5728\u53e6\u4e00\u65b9\u9762\uff0c\u4e00\u822c\u4f7f\u7528\u8005\u5fc5\u9808\u8981\u5c07\u5e38\u7528\u7684\u7db2\u8def\u5916\u639b\u7a0b\u5f0f\u4fdd\u6301\u5728\u6700\u65b0\u72c0\u614b\u3002\u4f7f\u7528\u6700\u65b0\u7248\u672cAdobe Flash Player\u7684\u4f7f\u7528\u8005\u4e0d\u6703\u6709\u6b64\u5371\u96aa\u3002\u6bcf\u500b\u6708\u7684Adobe\u66f4\u65b0\u767c\u5e03\u90fd\u5927\u7d04\u8ddf\u9031\u4e8c\u4fee\u88dc\u65e5\uff08\u6bcf\u500b\u6708\u7684\u7b2c\u4e8c\u500b\u79ae\u62dc\u4e8c\uff09\u76f8\u540c\u6642\u9593\uff1b\u9019\u662f\u500b\u5f88\u597d\u7684\u6642\u9593\u8b93\u4f7f\u7528\u8005\u53bb\u9810\u9632\u6027\u5730\u7dad\u8b77\u4ed6\u5011\u7684\u96fb\u8166\u3002<\/p>\n<p>\u8da8\u52e2\u79d1\u6280<a href=\"https:\/\/www.trendmicro.tw\/tw\/enterprise\/cloud-solutions\/deep-security\/index.html\">Deep Security<\/a>\u53ef\u4ee5\u4fdd\u8b77\u4f7f\u7528\u8005\u7cfb\u7d71\u514d\u65bc\u5229\u7528\u6b64\u6f0f\u6d1e\u7684\u5a01\u8105\u653b\u64ca\u3002<a href=\"https:\/\/t.rend.tw\/?i=MzcxMw\">\u8da8\u52e2\u79d1\u6280\u7684\u7aef\u9ede\u89e3\u6c7a\u65b9\u6848<\/a>\u4e5f\u53ef\u4ee5\u9632\u8b77\u60e1\u610f\u8edf\u9ad4\u548c\u5176\u4ed6\u76f8\u95dc\u653b\u64ca\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u66f4\u65b0\u65bc2015<\/em><\/strong><strong><em>\u5e745<\/em><\/strong><strong><em>\u67088<\/em><\/strong><strong><em>\u65e5\uff1a<\/em><\/strong><\/p>\n<p>\u4e00\u4f4d\u4f86\u81eaMadAdsMedia\u7684\u4ee3\u8868\u8ddf\u6211\u5011\u5206\u4eab\u95dc\u65bc\u6b64\u5831\u544a\u7684\u5b98\u65b9\u56de\u61c9\uff1a<\/p>\n<p><em>\u6ce8\u610f\u5230\u6211\u5011\u7db2\u8def\u51fa\u73fe\u53ef\u7591\u6d3b\u52d5\u5f8c\u4e0d\u4e45\uff0c\u6211\u5011\u5c31\u5c55\u958b\u4e86\u8abf\u67e5\u3002\u4e4b\u5f8c\u4e0d\u4e45\uff0c\u8da8\u52e2\u79d1\u6280\u806f\u7e6b\u4e86\u6211\u5011\uff1b\u4ed6\u5011\u6240\u63d0\u4f9b\u7684\u7814\u7a76\u7d30\u7bc0\u5c0d\u6211\u5011\u6d88\u9664\u6b64\u4e00\u5a01\u8105\u767c\u63ee\u4e86\u81f3\u95dc\u91cd\u8981\u7684\u4f5c\u7528\u3002\u6211\u5011\u63d0\u4f9b\u8da8\u52e2\u79d1\u6280\u7684\u8cc7\u6599\u7d66\u6211\u5011\u7684\u4ee3\u7ba1\u516c\u53f8GigeNET.com<\/em><em>\uff0c\u4ed6\u5011\u8fc5\u901f\u5730\u63a1\u53d6\u4e86\u884c\u52d5\u3002\u5728\u5e7e\u500b\u5c0f\u6642\u5167\uff0cGIGENET<\/em><em>\u78ba\u8a8d\u4e86\u5165\u4fb5\u884c\u70ba\uff0c\u540c\u6642\u4fdd\u8b77\u4e86\u7db2\u8def\u3002\u6211\u5011\u611f\u8b1d\u8da8\u52e2\u79d1\u6280\u548cGIGENET<\/em><em>\u5c0d\u65bc\u4fdd\u8b77\u4f7f\u7528\u8005\u6240\u505a\u7684\u52aa\u529b\u3002<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u66f4\u65b0\u65bc2015<\/em><\/strong><strong><em>\u5e745<\/em><\/strong><strong><em>\u670811<\/em><\/strong><strong><em>\u65e5<\/em><\/strong><\/p>\n<p>\u6700\u7d42\u7684\u60e1\u610f\u8edf\u9ad4\u4e00\u958b\u59cb\u88ab\u5075\u6e2c\u70baTROJ_CARBERP.YVA\uff0c\u73fe\u5728\u88ab\u5075\u6e2c\u70baBKDR_CARBERP.YVA\u4ee5\u53cd\u61c9\u9032\u4e00\u6b65\u7684\u5206\u6790\u7d50\u679c\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u66f4\u65b0\u65bc2015<\/em><\/strong><strong><em>\u5e745<\/em><\/strong><strong><em>\u670815<\/em><\/strong><strong><em>\u65e5<\/em><\/strong><\/p>\n<p>\u539f\u672c\u88ab\u5075\u6e2c\u70baBKDR_CARBERP.YVA\u7684\u6700\u7d42\u60e1\u610f\u8edf\u9ad4\u73fe\u5728\u88ab\u5075\u6e2c\u70baBKDR_GLUPTEBA.YVA\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\uff20\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/ad-network-compromised-users-victimized-by-nuclear-exploit-kit\/\">Ad Network Compromised, Users Victimized by Nuclear Exploit Kit<\/a>\u4f5c\u8005\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/author\/josephcchen\/\">Joseph C Chen\uff08\u7db2\u8def\u8a50\u9a19\u7814\u7a76\u54e1\uff09<\/a><br \/>\n<iframe loading=\"lazy\" style=\"border: none; overflow: hidden; width: 350px; height: 62px;\" src=\"https:\/\/www.facebook.com\/plugins\/likebox.php?id=255176705131&amp;width=350&amp;connections=0&amp;stream=false&amp;header=false&amp;height=62\" width=\"300\" height=\"150\" frameborder=\"0\" scrolling=\"no\"><\/iframe><\/p>\n<p>&nbsp;<\/p>\n<p>\u300a\u63d0\u9192\u300b\u5728\u7c89\u7d72\u9801\u6a6b\u5e45,\u8b9a\u7684\u53f3\u908a\u4e09\u89d2\u5f62\u9078\u64c7<strong>\u63a5\u6536\u901a\u77e5<\/strong>\u548c<strong>\u65b0\u589e\u5230\u8208\u8da3\u4e3b\u984c\u6e05\u55ae<\/strong>,\u91cd\u8981\u901a\u77e5\u8207\u597d\u5eb7\u4e0d\u6f0f\u63a5<\/p>\n","protected":false},"excerpt":{"rendered":"<p>&nbsp; MadAdsMedia\uff0c\u9019\u662f\u4e00\u5bb6\u7f8e\u570b\u7684\u7db2\u8def\u5ee3\u544a\u5546\uff0c\u6700\u8fd1\u906d\u53d7\u5230\u7db2\u8def\u72af\u7f6a\u4efd\u5b50\u7684\u5165\u4fb5\uff0c\u5c0e\u81f4\u4f7f\u7528\u4ed6\u5011\u5ee3\u544a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[2387,156],"tags":[1666,2114,2115],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/12444"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12444"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/12444\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}