{"id":13294,"date":"2015-07-16T10:00:54","date_gmt":"2015-07-16T02:00:54","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=13294"},"modified":"2015-07-17T14:40:43","modified_gmt":"2015-07-17T06:40:43","slug":"java%e9%9b%b6%e6%99%82%e5%b7%ae%e6%bc%8f%e6%b4%9e%e5%86%8d%e7%8f%be%ef%bc%8c%e9%8e%96%e5%ae%9a%e5%b0%88%e9%96%80%e6%94%bb%e6%93%8a%e8%bb%8d%e4%ba%8b%e5%96%ae%e4%bd%8d%e6%94%bf%e5%ba%9c%e6%a9%9f","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=13294","title":{"rendered":"Java\u96f6\u6642\u5dee\u6f0f\u6d1e\u518d\u73fe\uff0c\u9396\u5b9a\u5c08\u9580\u653b\u64ca\u8ecd\u4e8b\u55ae\u4f4d,\u653f\u5e9c\u6a5f\u95dc\u548c\u570b\u9632\u6a5f\u69cb"},"content":{"rendered":"
Pawn Storm\uff1a\u5169\u5e74\u4f86\u7b2c\u4e00\u500b Java \u96f6\u6642\u5dee\u653b\u64ca<\/strong><\/h5>\n

\u8da8\u52e2\u79d1\u6280\u7684\u7814\u7a76\u5718\u968a\u5728 Pawn Storm<\/a>(\u5178\u7576\u98a8\u66b4) \u9019\u500b\u5c08\u9580\u9396\u5b9a\u91cd\u8981\u654f\u611f\u6a5f\u69cb\u7684\u99ed\u5ba2\u96c6\u5718\u653b\u64ca\u884c\u52d5\u7576\u4e2d\u767c\u73fe\u4e86\u4e00\u9805\u65b0\u7684\u653b\u64ca\u624b\u6cd5\u3002\u6211\u5011\u7d93\u7531\u8da8\u52e2\u79d1\u6280<\/a>\u4e3b\u52d5\u5f0f\u96f2\u7aef\u622a\u6bd2\u670d\u52d9\u00a0 Smart Protection Network<\/a>\u60c5\u5831\u7db2\u767c\u73fe\u4e86\u4e00\u4e9b\u5c08\u9580\u91dd\u5c0d\u5317\u7d04 (NATO) \u6703\u54e1\u570b\u548c\u67d0\u500b\u7f8e\u570b\u570b\u9632\u6a5f\u69cb\u7684\u653b\u64ca\u96fb\u5b50\u90f5\u4ef6\u3002<\/p>\n

\"Attack<\/a><\/p>\n

Pawn Storm \u884c\u52d5\u9019\u9805\u6700\u65b0\u653b\u64ca\u4e4b\u6240\u4ee5\u4ee4\u4eba\u77da\u76ee\u7684\u539f\u56e0\u662f\u5b83\u904b\u7528\u4e86\u4e00\u500b\u5168\u65b0\u3001\u5c1a\u672a\u4fee\u88dc\u7684 Java \u6f0f\u6d1e\uff0c\u9019\u662f\u81ea\u5f9e 2013 \u5e74\u4ee5\u4f86\u7b2c\u4e00\u500b\u88ab\u767c\u73fe\u7684 Java \u96f6\u6642\u5dee\u6f0f\u6d1e\u3002\u6b64\u5916\uff0c\u8a72\u653b\u64ca\u9084\u904b\u7528\u4e86\u4e00\u500b\u5df2\u6709\u4e09\u5e74\u6b77\u53f2\u7684 Microsoft Windows Common Controls (\u901a\u7528\u63a7\u5236\u9805) \u6f0f\u6d1e (CVE-2012-015)\uff0c\u6b64\u6f0f\u6d1e\u5df2\u7d93\u5728 MS12-027<\/a> \u5b89\u5168\u516c\u544a\u7576\u4e2d\u89e3\u6c7a\u3002<\/p>\n

\u8da8\u52e2\u79d1\u6280<\/a>\u7684\u7814\u7a76\u4eba\u54e1\u5df2\u5c07\u6f0f\u6d1e\u901a\u5831\u7d66 Oracle\uff0c Oracle<\/a>\u5df2\u7d93\u57282015 \u5e74 7 \u6708\u91cd\u5927\u4fee\u88dc\u66f4\u65b0<\/a>\u7576\u4e2d\u4fee\u6b63\u4e86\u9019\u9805\u6f0f\u6d1e\u3002\u6211\u5011\u5efa\u8b70\u53d7\u5f71\u97ff\u7684\u4f7f\u7528\u8005\u76e1\u5feb\u66f4\u65b0\u81ea\u5df1\u7684 Java \u8edf\u9ad4\u3002\u6b64\u5916\uff0c\u8a72\u6f0f\u6d1e\u4e5f\u5df2\u5217\u5165 CVE \u6f0f\u6d1e\u8cc7\u6599\u5eab\u7576\u4e2d\uff0c\u7de8\u865f\uff1aCVE-2015-2590\u3002<\/p>\n

\u96f6\u6642\u5dee\u6f0f\u6d1e\u4e00\u76f4\u662f\u9032\u968e\u6301\u7e8c\u6027\u6ef2\u900f\u653b\u64ca (APT) \u7684\u6700\u611b\u5de5\u5177<\/a>\uff0c\u56e0\u70ba\u5b83\u5011\u975e\u5e38\u6709\u6548\u3002\u9019\u4e00\u5207\u90fd\u662f\u56e0\u70ba\u5ee0\u5546\u9084\u672a\u91cb\u51fa\u4fee\u88dc\u7a0b\u5f0f\u7684\u7de3\u6545\u3002\u5728\u6211\u5011\u6301\u7e8c\u8ffd\u8e64\u53ca\u76e3\u63a7 Pawn Storm \u9019\u500b APT \u653b\u64ca<\/a>\u884c\u52d5\u7684\u904e\u7a0b\u4e2d\uff0c\u6211\u5011\u767c\u73fe\u4e86\u4e00\u4e9b\u53ef\u7591\u7684\u7db2\u5740\u5c08\u9580\u653b\u64ca\u4e00\u9805\u65b0\u767c\u73fe\u7684 Java \u96f6\u6642\u5dee\u6f0f\u6d1e\u3002\u9019\u662f\u8fd1\u5169\u5e74\u4f86<\/a>\u7b2c\u4e00\u6b21\u6709\u65b0\u7684 Java \u96f6\u6642\u5dee\u6f0f\u6d1e\u88ab\u767c\u73fe\u3002<\/p>\n

\u503c\u5f97\u6ce8\u610f\u7684\u662f\uff0c\u9019\u500b\u96f6\u6642\u5dee\u6f0f\u6d1e\u8207\u6700\u8fd1\u767c\u751f\u7684 Hacking Team \u8cc7\u6599\u5916\u6d29<\/a>\u4e8b\u4ef6\u4e26\u7121\u95dc\u806f\u3002Pawn Storm \u653b\u64ca\u884c\u52d5\u80cc\u5f8c\u7684\u5718\u9ad4\u76ee\u524d\u6b63\u5229\u7528\u9019\u9805 Java \u96f6\u6642\u5dee\u6f0f\u6d1e\u4f86\u5f9e\u4e8b\u6d3b\u52d5\u3002<\/p>\n

\u524d\u8ff0\u6697\u85cf\u9019\u500b Java \u65b0\u96f6\u6642\u5dee\u6f0f\u6d1e\u7684\u7db2\u5740\u8207\u00a0Pawn Storm(\u5178\u7576\u98a8\u66b4) \u00a0<\/a>\u5728 2015 \u5e74 4 \u6708\u653b\u64ca\u5317\u7d04 (NATO) \u6703\u54e1\u570b\u548c\u7f8e\u570b\u767d\u5bae\u6240\u4f7f\u7528\u7684\u7db2\u5740\u985e\u4f3c\uff0c\u4e0d\u904e\u7576\u6642\u7684\u7db2\u5740\u4e26\u672a\u5305\u542b\u9019\u6b21\u767c\u73fe\u7684\u6f0f\u6d1e\u3002\u9664\u6b64\u4e4b\u5916\uff0cPawn Storm \u9084\u6703\u653b\u64ca\u5176\u4ed6\u653f\u5e9c\u6a5f\u69cb\uff0c\u4e26\u5229\u7528\u4e00\u4e9b\u653f\u6cbb\u4e8b\u4ef6\u548c\u7814\u8a0e\u6703\u70ba\u793e\u4ea4\u5de5\u7a0b\uff08<\/u>social engineering \uff09<\/a>\u8a98\u990c\uff0c\u5982\u4e9e\u592a\u7d93\u5408\u6703 (APEC) \u4ee5\u53ca 2014 \u5e74\u4e2d\u6771\u570b\u571f\u5b89\u5168\u9ad8\u5cf0\u6703 (Middle East Homeland Security Summit 2014)\u3002\u9664\u4e86\u8ecd\u4e8b\u55ae\u4f4d\u548c\u653f\u5e9c\u6a5f\u95dc\u4e4b\u5916\uff0c\u5a92\u9ad4\u8207\u570b\u9632\u5de5\u696d\u4e5f\u662f\u9019\u500b APT \u653b\u64ca<\/a>\u884c\u52d5\u9396\u5b9a\u7684\u76ee\u6a19\u3002<\/p>\n

\u8da8\u52e2\u79d1\u6280<\/a>\u662f\u900f\u904e\u8da8\u52e2\u79d1\u6280<\/a>\u4e3b\u52d5\u5f0f\u96f2\u7aef\u622a\u6bd2\u670d\u52d9\u00a0 Smart Protection Network<\/a>\u60c5\u5831\u7db2\u7684\u56de\u5831\u800c\u767c\u73fe\u4e86\u9019\u9805\u96f6\u6642\u5dee\u6f0f\u6d1e\u3002\u6211\u5011\u767c\u73fe\u4e00\u4e9b\u91dd\u5c0d\u67d0\u5317\u7d04\u570b\u5bb6\u8ecd\u4e8b\u55ae\u4f4d\u548c\u4e00\u5bb6\u7f8e\u570b\u570b\u9632\u6a5f\u69cb\u7684\u96fb\u5b50\u90f5\u4ef6\u633e\u5e36\u4e86\u4e00\u4e9b\u5c08\u9580\u653b\u64ca\u9019\u9805 Java \u6f0f\u6d1e\u7684\u60e1\u610f\u7db2\u5740\u3002<\/p>\n

\u5728 Java \u7684\u9810\u8a2d\u8a2d\u5b9a\u4e0b\uff0c\u6b64\u6f0f\u6d1e\u4e00\u65e6\u653b\u64ca\u6210\u529f\uff0c\u99ed\u5ba2\u5373\u53ef\u57f7\u884c\u4efb\u610f\u7a0b\u5f0f\u78bc\uff0c\u9032\u800c\u8b93\u7cfb\u7d71\u9677\u5165\u5371\u96aa\u3002\u8da8\u52e2\u79d1\u6280\u5c07\u6f0f\u6d1e\u653b\u64ca\u7a0b\u5f0f\u547d\u540d\u70ba\uff1aJAVA_DLOADR.EFD\u3002\u6b64\u5916\uff0c\u8da8\u52e2\u79d1\u6280\u9084\u5075\u6e2c\u5230\u53e6\u4e00\u500b\u7a0b\u5f0f\uff1aTROJ_DROPPR.CXC\uff0c\u5b83\u6703\u5728\u5728\u7576\u524d\u767b\u5165\u7684\u4f7f\u7528\u8005\u8cc7\u6599\u593e\u4e2d\u690d\u5165 TSPY_FAKEMS.C<\/a> \u6a94\u6848\u3002<\/p>\n

\u8da8\u52e2\u79d1\u6280\u7522\u54c1\u5df2\u7d93\u80fd\u5920\u9632\u7bc4\u9019\u9805\u5a01\u8105\uff0c\u4e0d\u9700\u4efb\u4f55\u66f4\u65b0\u3002\u8da8\u52e2\u79d1\u6280Deep Discovery Inspector<\/a>\u73fe\u6709\u7684\u6c99\u76d2\u6a21\u64ec\u5206\u6790\u548c\u7a0b\u5e8f\u78bc\u5206\u6790\u5f15\u64ce (Script Analyzer) \u5373\u53ef\u85c9\u7531\u884c\u70ba\u4f86\u5075\u6e2c\u9019\u9805\u5a01\u8105\u3002<\/p>\n

\u6b64\u5916\uff0c\u8da8\u52e2\u79d1\u6280 Smart Protection Suite<\/a>\u00a0\u5957\u88dd\u7522\u54c1\u4e2d\u7684\u00a0 Endpoint Security \u7aef\u9ede\u9632\u79a6\u4e5f\u80fd\u900f\u904e\u700f\u89bd\u5668\u6f0f\u6d1e\u9632\u8b77\u529f\u80fd\uff0c\u5728\u4f7f\u7528\u8005\u9023\u4e0a\u5c08\u9580\u653b\u64ca\u6b64\u6f0f\u6d1e\u7684\u7db2\u7ad9\u6642\u52a0\u4ee5\u5075\u6e2c\u3002\u6211\u5011\u7684\u700f\u89bd\u5668\u6f0f\u6d1e\u9632\u8b77\u529f\u80fd\u53ef\u5075\u6e2c\u4f7f\u7528\u8005\u7684\u7cfb\u7d71\u662f\u5426\u542b\u6709\u5c08\u9580\u91dd\u5c0d\u700f\u89bd\u5668\u548c\u76f8\u95dc\u5916\u639b\u7a0b\u5f0f\u7684\u6f0f\u6d1e\u3002<\/p>\n

\u8da8\u52e2\u79d1\u6280Deep Security<\/a>\u53ef\u5229\u7528\u4e0b\u5217\u6df1\u5c64\u5c01\u5305\u6aa2\u67e5 (DPI) \u898f\u5247\u4f86\u9632\u7bc4\u4f7f\u7528\u8005\u96fb\u8166\u906d\u5230\u6b64\u6f0f\u6d1e\u5a01\u8105\uff1a<\/p>\n