{"id":13054,"date":"2015-07-01T09:00:01","date_gmt":"2015-07-01T01:00:01","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=13054"},"modified":"2015-08-28T10:39:30","modified_gmt":"2015-08-28T02:39:30","slug":"%e8%97%8f%e5%9c%a8png%e5%9c%96%e6%aa%94%e5%85%a7%e7%9a%84%e6%9c%a8%e9%a6%ac-%e9%8e%96%e5%ae%9a%e9%86%ab%e7%99%82%e4%bf%9d%e5%81%a5%e6%a5%ad","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=13054","title":{"rendered":"\u85cf\u5728PNG\u5716\u6a94\u5167\u7684\u6728\u99ac, \u9396\u5b9a\u91ab\u7642\u4fdd\u5065\u696d"},"content":{"rendered":"

\u7f8e\u570b\u91ab\u7642\u6a5f\u69cb\u53d7Stegoloader\u6728\u99ac\u5f71\u97ff\u6700\u70ba\u56b4\u91cd<\/strong><\/p>\n

\u6839\u64da\u89c0\u5bdf\uff0c\u5927\u591a\u6578Stegoloader\u6728\u99ac\uff08\u6700\u8fd1\u6d3b\u8e8d\u5728\u65b0\u805e<\/a>\u4e0a\uff09\u7684\u53d7\u5bb3\u8005\u90fd\u4f86\u81ea\u5317\u7f8e\u7684\u91ab\u7642\u6a5f\u69cb\u3002\u9019\u88ab\u7a31\u70baTROJ_GATAK\u7684\u60e1\u610f\u8edf\u9ad4\u81ea2012\u5e74\u8d77\u5c31\u4e00\u76f4\u6d3b\u8e8d\u8457\uff0c\u5229\u7528\u5716\u50cf\u96b1\u78bc\u8853\uff08Steganography\uff09\u4f86\u5c07\u7d44\u4ef6\u85cf\u5728PNG\u6a94\u5167\u3002<\/p>\n

\"\u91ab\u7642<\/a><\/p>\n

\u7e31\u89c0\u8fd1\u4f86\u7684Stegoloader\u60e1\u610f\u8edf\u9ad4\u53d7\u5bb3\u8005\uff0c\u5728\u904e\u53bb\u4e09\u500b\u6708\u5167\u6240\u770b\u5230\u7684\u5927\u591a\u6578\u53d7\u611f\u67d3\u96fb\u8166\u90fd\u4f86\u81ea\u7f8e\u570b\uff0866.82%\uff09\uff0c\u5176\u6b21\u662f\u667a\u5229\uff089.10%\uff09\u3001\u99ac\u4f86\u897f\u4e9e\uff083.32%\uff09\u3001\u632a\u5a01\uff082.09%\uff09\u53ca\u6cd5\u570b\uff081.71%\uff09\u3002<\/p>\n

\u5728\u540c\u4e00\u671f\u9593\uff0c\u53d7\u5230\u5f71\u97ff\u6700\u5927\u7684\u7522\u696d\u662f\u91ab\u7642\u4fdd\u5065\u3001\u91d1\u878d\u548c\u88fd\u9020\u696d\u3002<\/p>\n

\"\"<\/p>\n

\u57161<\/em>\u3001\u904e\u53bb\u4e09\u500b\u6708\u5167\u5404\u7522\u696d\u7684TROJ_GATAK<\/em>\u611f\u67d3\u7a0b\u5ea6<\/em><\/p>\n

 <\/p>\n

\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u6240\u6709\u53d7\u6b64\u60e1\u610f\u8edf\u9ad4\u5f71\u97ff\u7684\u91ab\u7642\u6a5f\u69cb\u90fd\u4f86\u81ea\u5317\u7f8e\u3002\u8da8\u52e2\u79d1\u6280<\/a>\u7684\u7814\u7a76\u4eba\u54e1\u76ee\u524d\u6b63\u5728\u7814\u7a76\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u5982\u4f55\u53bb\u5229\u7528\u9019\u72c0\u6cc1\u4f86\u9032\u884c\u6709\u7d44\u7e54\u7684\u653b\u64ca\uff0c\u96d6\u7136\u9084\u5728\u5c0b\u627e\u8b49\u64da\u4e2d\u3002<\/p>\n

\u6700\u8fd1\u6709\u5e7e\u8d77\u6210\u529f\u7684\u8cc7\u6599\u5916\u6d29\u4e8b\u4ef6\u6d29\u6f0f\u4e86\u6578\u767e\u842c\u7b46\u91ab\u7642\u6a5f\u69cb\u7684\u5ba2\u6236\u8cc7\u6599\uff0c\u50cf\u662fAnthem<\/a>\u548cPremera Blue Cross<\/a>\u3002\u96d6\u7136\u624d\u51fa\u73fe\u5728\u653b\u64ca\u4e2d\uff0c\u5716\u50cf\u96b1\u78bc\u8853\uff08Steganography\uff09\u53ef\u80fd\u6210\u70ba\u672a\u4f86\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u653b\u64ca\u91ab\u7642\u6a5f\u69cb\u6642\u5916\u6d29\u91ab\u7642\u7d00\u9304\u7684\u65b0\u6280\u8853\u3002<\/p>\n

 <\/p>\n

\u8cc7\u6599\u96b1\u533f\u6280\u8853\uff0c\u9593\u8adc\u7528\u5716\u7247<\/strong><\/p>\n

\u5728\u4e4b\u524d\u95dc\u65bc\u5716\u50cf\u96b1\u78bc\u8853\uff08Steganography\uff09\uff08Steganography\uff09\u548c\u60e1\u610f\u8edf\u9ad4<\/a>\u7684\u6587\u7ae0\u4e2d\uff0c\u6211\u5011\u6307\u51fa\u5728\u5716\u7247\u6a94\u4e2d\u5d4c\u5165\u60e1\u610f\u7a0b\u5f0f\u78bc\u4ee5\u8eb2\u907f\u5075\u6e2c\u7684\u6280\u8853\u6703\u8b8a\u5f97\u66f4\u52a0\u666e\u53ca\uff0c\u7279\u5225\u662f\u6709\u8457\u52e4\u596e\u7684\u60e1\u610f\u8edf\u9ad4\u5718\u9ad4\u5b58\u5728\u3002<\/p>\n

TROJ_GATAK<\/strong>\u7684\u518d\u5ea6\u51fa\u73fe\u53ca\u5176\u660e\u986f\u91dd\u5c0d\u67d0\u4e9b\u5730\u5340\u548c\u7522\u696d\u986f\u793a\u51fa\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u5728\u6301\u7e8c\u5730\u8a66\u9a57\u8cc7\u6599\u96b1\u533f\u6280\u8853\uff08Steganography\uff09\u7684\u5275\u610f\u7528\u9014\u4ee5\u64f4\u6563\u5a01\u8105\u3002<\/p>\n

\u7576\u8da8\u52e2\u79d1\u6280<\/a>\u57282014\u5e741\u6708\u7b2c\u4e00\u6b21\u65bc\u90e8\u843d\u683c\u4e2d\u63d0\u5230\u6b64\u60e1\u610f\u8edf\u9ad4\u6642\uff0cTROJ_GATAK.FCK<\/a>\u8b8a\u7a2e\u6346\u7d81\u8457\u5404\u7a2e\u61c9\u7528\u7a0b\u5f0f\u7684\u91d1\u9470\u7522\u751f\u5668\uff0c\u800c\u6700\u7d42\u6703\u5e36\u4f86\u5047\u9632\u6bd2\u8edf\u9ad4<\/a>\u3002<\/p>\n

\u800c\u9019\u60e1\u610f\u8edf\u9ad4\u6700\u65b0\u7684\u4e09\u500b\u6a23\u672c\u6700\u7d42\u6703\u5e36\u4f86TROJ_GATAK.SMJV\u3001TROJ_GATAK.SMN<\/a>\u548cTROJ_GATAK.SMP<\/a>\uff08\u5728\u5206\u6790\u4e2d\uff09\u3002<\/p>\n

\u8981\u6ce8\u610f\u7684\u662f\uff0c\u9019\u8b8a\u7a2e\u5728\u904e\u53bb\u5e7e\u5e74\u7684\u884c\u70ba\u4fdd\u6301\u4e0d\u8b8a\u3002\u8a72\u60e1\u610f\u8edf\u9ad4\u88ab\u76f8\u4fe1\u5176\u70ba\u91d1\u9470\u7522\u751f\u5668\u6216\u8a3b\u518a\u6a5f\u7684\u4f7f\u7528\u8005\u5f9e\u7db2\u8def\u4e0a\u4e0b\u8f09\u3002\u4e00\u65e6\u4e0b\u8f09\uff0c\u5b83\u507d\u88dd\u6210\u8ddfSkype\u6216Google Talk\u76f8\u95dc\u7684\u6b63\u5e38\u6a94\u6848\u3002\u6700\u7d42\u6703\u4e0b\u8f09\u7167\u7247\uff0c\u5d4c\u5165\u4e86\u5176\u5927\u90e8\u5206\u7684\u529f\u80fd\u3002\u4ee5\u4e0b\u662f\u60e1\u610f\u8edf\u9ad4\u7528\u4f86\u5d4c\u5165\u60e1\u610f\u7d44\u4ef6\u7684\u7167\u7247\u6a23\u672c\uff1a<\/p>\n

\"\"<\/p>\n

\u57162<\/em>\u3001TROJ_GATAK<\/em>\u6240\u4e0b\u8f09\u7684\u5716\u7247\u6a23\u672c<\/em><\/p>\n

 <\/p>\n

\u9019\u60e1\u610f\u8edf\u9ad4\u5177\u5099\u9632\u865b\u64ec\u6a5f\u5668\u548c\u9632\u6a21\u64ec\u529f\u80fd\uff0c\u8b93\u5b83\u53ef\u4ee5\u907f\u514d\u88ab\u5206\u6790\u3002<\/p>\n

\u904e\u53bb\u4f7f\u7528\u5716\u50cf\u96b1\u78bc\u8853\uff08Steganography\uff09\u7684\u653b\u64ca\u4f7f\u7528\u4e86\u6709\u8da3\u4f46\u5176\u5be6\u6703\u9020\u6210\u50b7\u5bb3\u7684\u5915\u967d\u548c\u8c93\u54aa\u7167\u7247\u4f86\u91dd\u5c0d\u7db2\u8def\u9280\u884c\u5e33\u865f\u3002\u96d6\u7136\u4f7f\u7528\u7167\u7247\u7684\u6280\u8853\u5f88\u8001\u820a\uff0c\u4f46\u5b83\u80fd\u5920\u5e6b\u52a9\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u548c\u5a01\u8105\u5e55\u5f8c\u9ed1\u624b\u4f86\u8eb2\u907f\u5075\u6e2c\u4ecd\u662f\u5b83\u6703\u7e7c\u7e8c\u88ab\u52a0\u4ee5\u4f7f\u7528\u7684\u6709\u529b\u7406\u7531\u3002<\/p>\n

 <\/p>\n

\u4ee5\u4e0b\u662f\u5728\u672c\u6587\u4e2d\u6240\u5831\u5c0e\u60e1\u610f\u8edf\u9ad4\u7684\u76f8\u95dcSHA1<\/em>\u96dc\u6e4a\u503c\uff1a<\/em><\/p>\n

 <\/p>\n

TROJ_GATAK.SMJV<\/p>\n