{"id":17109,"date":"2016-03-11T09:00:18","date_gmt":"2016-03-11T01:00:18","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=17109"},"modified":"2016-03-23T17:17:10","modified_gmt":"2016-03-23T09:17:10","slug":"2015%e5%b9%b4%e7%9a%84%e6%bc%8f%e6%b4%9e%e6%94%bb%e6%93%8a%e5%8c%85%ef%bc%88exploit-kit%ef%bc%89%ef%bc%9a%e5%85%85%e6%96%a5%e8%91%97flash%e6%bc%8f%e6%b4%9e%e3%80%81%e6%b7%aa%e9%99%b7%e7%b6%b2%e7%ab%99","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=17109","title":{"rendered":"2015\u5e74\u7684\u6f0f\u6d1e\u653b\u64ca\u5305\uff08Exploit Kit\uff09\uff1a\u5145\u65a5\u8457Flash\u6f0f\u6d1e\u3001\u6dea\u9677\u7db2\u7ad9\u548c\u60e1\u610f\u5ee3\u544a"},"content":{"rendered":"<p>\u5a01\u8105\u5f9e\u4e0d\u539f\u5730\u8e0f\u6b65\uff0c\u6f0f\u6d1e\u653b\u64ca\u5305\uff08Exploit Kit\uff09\u4e5f\u4e0d\u4f8b\u5916\u30022015\u5e74\u5728\u6b64\u5a01\u8105\u9818\u57df\u4e2d\u770b\u898b\u4e86\u8a31\u591a\u6539\u8b8a\uff1a\u52a0\u5165\u6700\u65b0\u767c\u73fe\u7684\u6f0f\u6d1e\uff0c\u5229\u7528\u6dea\u9677\u7db2\u7ad9\u548c\u60e1\u610f\u5ee3\u544a\u4f86\u7528\u6f0f\u6d1e\u653b\u64ca\u5305\u90e8\u7f72\u548c\u6563\u64ad\u5a01\u8105\u3002<\/p>\n<p>\u6f0f\u6d1e\u653b\u64ca\u5305\u662f<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/aftermath-2015-breaches-threat-trends\/\">2015\u5e74\u5a01\u8105\u74b0\u5883<\/a>\u7684\u91cd\u8981\u90e8\u5206\u3002\u5728\u6b64\u7cfb\u5217\u6587\u7ae0\u4e2d\uff0c\u6211\u5011\u6703\u7814\u7a762015\u5e74\u6f0f\u6d1e\u653b\u64ca\u5305\u7684\u767c\u5c55\uff0c\u5148\u5f9e\u52a0\u5165\u65b0\u6f0f\u6d1e\u958b\u59cb\uff0c\u9084\u6709\u7528\u4f86\u5c07\u6f0f\u6d1e\u653b\u64ca\u5305\u7d44\u7e54\u6210\u653b\u64ca\u7684\u65b0\u6280\u8853\u3002\u5728\u4e4b\u5f8c\u7684\u6587\u7ae0\u4e2d\uff0c\u6211\u5011\u6703\u6aa2\u8996\u8da8\u52e2\u5ba2\u6236\u7684\u53cd\u994b\u8cc7\u6599\u4f86\u78ba\u8a8d\u554f\u984c\u5927\u5c0f\u53ca\u5c55\u793a\u54ea\u4e9b\u570b\u5bb6\/\u5730\u5340\u53d7\u5230\u7684\u5f71\u97ff\u6700\u5927\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u65b0\u7684\u6f0f\u6d1e\uff1a\u4e3b\u8981\u662f Flash<\/em><\/strong><\/p>\n<p>\u6f0f\u6d1e\u653b\u64ca\u5305\u9700\u8981\u6301\u7e8c\u5730\u52a0\u5165\u65b0\u5b89\u5168\u6f0f\u6d1e\u4ee5\u78ba\u4fdd\u5373\u4fbf\u4f7f\u7528\u8005\u5347\u7d1a\u5230\u66f4\u65b0\u7248\u672c\u4e5f\u4ecd\u7136\u6709\u7528\u3002\u6240\u4ee5\u4e26\u4e0d\u5947\u602a\u5730\uff0c\u57282015\u5e74\u670917\u500b\u65b0\u6f0f\u6d1e\u88ab\u773e\u591a\u6f0f\u6d1e\u653b\u64ca\u5305\u6240\u52a0\u5165\u3002\u5728\u9019\u4e4b\u4e2d\uff0c\u670914\u500b\u5728\u6f0f\u6d1e\u653b\u64ca\u78bc\u5ee3\u6cdb\u51fa\u73fe\u524d\u5c31\u5df2\u7d93\u6709\u4e86\u4fee\u88dc\u7a0b\u5f0f\u3002\u5176\u9918\u4e09\u500b\u6210\u70ba\u96f6\u6642\u5dee\u6f0f\u6d1e\uff0c\u4f7f\u7528\u8005\u5728\u4fee\u88dc\u7a0b\u5f0f\u63a8\u51fa\u524d\u5c31\u53d7\u5230\u653b\u64ca\u3002\u6709\u4e9b\u6f0f\u6d1e\u5148\u88ab\u7528\u5728\u91dd\u5c0d\u6027\u653b\u64ca\/\u9396\u5b9a\u76ee\u6a19\u653b\u64ca(Targeted attack )\u5982<a href=\"https:\/\/blog.trendmicro.com.tw\/?s=pawn\">Pawn Storm<\/a>\uff0c\u6216\u662f\u5728\u7db2\u8def\u4e0a\u6d41\u51fa\uff08<a href=\"https:\/\/blog.trendmicro.com.tw\/?s=hacking\">Hacking Team\u6f0f\u6d1e<\/a>\uff09\uff0c\u5176\u4ed6\u5247\u662f\u4ed4\u7d30\u5206\u6790\u4fee\u88dc\u7a0b\u5f0f\u5f8c\u300c\u767c\u73fe\u300d\u3002<\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com.tw\/?attachment_id=13069\" rel=\"attachment wp-att-13069\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-13069\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/06\/unpatch.png\" alt=\"\u7834\u5098 \u6f0f\u6d1e\" width=\"971\" height=\"877\" \/><\/a><\/p>\n<p>\u5728\u9019\u4e4b\u4e2d\uff0c\u6709\u4e00\u500b\u61c9\u7528\u7a0b\u5f0f\u7a81\u986f\u800c\u51fa \u2013 Adobe Flash Player\u3002\u6f0f\u6d1e\u4e2d\u670913\u500b\u4f86\u81ea\u6b64\u61c9\u7528\u7a0b\u5f0f\u3002\u9019\u51f8\u986f\u51faFlash\u6f0f\u6d1e\u5728\u6f0f\u6d1e\u653b\u64ca\u5305\u751f\u614b\u7cfb\u5167\u7684\u91cd\u8981\u6027 \u2013 \u5982\u679c\u6c92\u6709\u5b89\u88ddFlash\uff0c\u6f0f\u6d1e\u653b\u64ca\u5305\u5c31\u4e0d\u90a3\u9ebc\u6709\u7528\u3002<\/p>\n<p><!--more--><\/p>\n<table  class=\" table table-hover\" width=\"625\">\n<tbody>\n<tr>\n<td width=\"114\"><strong>CVE<\/strong><strong>\u7de8\u865f<\/strong><\/td>\n<td width=\"104\"><strong>\u6709\u6f0f\u6d1e\u7684\u61c9\u7528\u7a0b\u5f0f<\/strong><\/td>\n<td width=\"102\"><strong>\u78ba\u8a8d\u65e5\u671f<\/strong><\/td>\n<td width=\"117\"><strong>\u7b2c\u4e00\u500b\u52a0\u4ee5\u6574\u5408\u7684\u6f0f\u6d1e\u653b\u64ca\u5305<\/strong><\/td>\n<td width=\"114\"><strong>\u4fee\u88dc\u7a0b\u5f0f\u767c\u5e03\u65e5\u671f<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-8651<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2016-01-26<\/td>\n<td width=\"117\">Angler<\/td>\n<td width=\"114\">2015-12-28<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-8446<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-12-15<\/td>\n<td width=\"117\">Angler<\/td>\n<td width=\"114\">2015-12-08<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-7645<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-10-29<\/td>\n<td width=\"117\"><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/new-adobe-flash-zero-day-used-in-pawn-storm-campaign\/\">Angler<\/a><\/td>\n<td width=\"114\">2015-10-16<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-5560<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-08-28<\/td>\n<td width=\"117\">Angler<\/td>\n<td width=\"114\">2015-08-11<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-2419<\/td>\n<td width=\"104\">Microsoft Internet Explorer<\/td>\n<td width=\"102\">2015-08-10<\/td>\n<td width=\"117\"><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/3000-high-profile-japanese-sites-hit-by-massive-malvertising-campaign\/\">Angler<\/a><\/td>\n<td width=\"114\">2015-07-22<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-1671<\/td>\n<td width=\"104\">Microsoft Silverlight<\/td>\n<td width=\"102\">2015-07-21<\/td>\n<td width=\"117\">Angler<\/td>\n<td width=\"114\">2015-05-12<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-5122<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-07-11<\/td>\n<td width=\"117\">Angler<\/td>\n<td width=\"114\">2015-07-14<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-5119<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-07-07<\/td>\n<td width=\"117\">Angler<\/td>\n<td width=\"114\">2015-07-08<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-3113<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-06-27<\/td>\n<td width=\"117\">Magnitude<\/td>\n<td width=\"114\">2015-06-23<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-3104<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-06-17<\/td>\n<td width=\"117\"><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/angler-exploit-kit-used-to-find-and-infect-pos-systems\/\">Angler<\/a><\/td>\n<td width=\"114\">2015-06-09<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-3105<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-06-16<\/td>\n<td width=\"117\"><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/magnitude-exploit-kit-uses-newly-patched-adobe-vulnerability-us-canada-and-uk-are-most-at-risk\/\">Magnitude<\/a><\/td>\n<td width=\"114\">2015-06-09<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-3090<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-05-26<\/td>\n<td width=\"117\">Angler<\/td>\n<td width=\"114\">2015-05-12<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-0359<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-04-18<\/td>\n<td width=\"117\">Angler<\/td>\n<td width=\"114\">2015-04-14<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-0336<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-03-19<\/td>\n<td width=\"117\">Nuclear<\/td>\n<td width=\"114\">2015-03-12<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-0313<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-02-02<\/td>\n<td width=\"117\">HanJuan<\/td>\n<td width=\"114\">2015-02-04<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-0311<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-01-20<\/td>\n<td width=\"117\">Angler<\/td>\n<td width=\"114\">2015-01-27<\/td>\n<\/tr>\n<tr>\n<td width=\"114\">CVE-2015-0310<\/td>\n<td width=\"104\">Adobe Flash<\/td>\n<td width=\"102\">2015-01-15<\/td>\n<td width=\"117\">Angler<\/td>\n<td width=\"114\">2015-01-22<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>\u88681<\/em><em>\u30012015<\/em><em>\u5e74\u88ab\u52a0\u5230\u6f0f\u6d1e\u653b\u64ca\u5305\u7684\u6f0f\u6d1e\uff08\u6839\u64da\u78ba\u8a8d\u65e5\u671f\u5f9e\u65b0\u5230\u820a\u6392\u5217\uff09<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u6b63\u5982\u6211\u5011\u4e4b\u5f8c\u6703\u63d0\u5230\uff0cAngler\u662f2015\u5e74\u6700\u6210\u529f\u7684\u6f0f\u6d1e\u653b\u64ca\u5305\u3002Angler\u5b9a\u671f\u5730\u52a0\u5165\u65b0\u7684\u6f0f\u6d1e\u653b\u64ca\u78bc\uff0c\u5728\u4e0a\u8868\u4e2d\u53ef\u4ee5\u6ce8\u610f\u5230\u5b83\u7d93\u5e38\u662f\u7b2c\u4e00\u500b\u52a0\u5165\u7684\u653b\u64ca\u5305\u3002\u4e0b\u8868\u5217\u51fa\u57282015\u5e74\u88ab\u6f0f\u6d1e\u653b\u64ca\u5305\u6240\u65b0\u91dd\u5c0d\u7684\u5404\u7a2e\u6f0f\u6d1e\u3002<\/p>\n<p>&nbsp;<\/p>\n<table  class=\" table table-hover\" width=\"625\">\n<tbody>\n<tr>\n<td width=\"96\"><strong>\u6f0f\u6d1e\u653b\u64ca\u5305<\/strong><\/td>\n<td width=\"130\"><strong>\u61c9\u7528\u7a0b\u5f0f<\/strong><\/td>\n<td width=\"340\"><strong>\u6f0f\u6d1e<\/strong><\/td>\n<\/tr>\n<tr>\n<td rowspan=\"3\" width=\"96\">Angler<\/td>\n<td width=\"130\">Flash<\/td>\n<td width=\"340\">CVE-2015-8446, CVE-2015-7645, CVE-2015-5560, CVE-2015-5122, CVE-2015-5119, CVE-2015-3113, CVE-2015-3104, CVE-2015-3090, CVE-2015-0359, CVE-2015-0336, CVE-2015-0313, CVE-2015-0311, CVE-2015-0310<\/td>\n<\/tr>\n<tr>\n<td width=\"130\">Internet Explorer<\/td>\n<td width=\"340\">CVE-2015-2419<\/td>\n<\/tr>\n<tr>\n<td width=\"130\">Silverlight<\/td>\n<td width=\"340\">CVE-2015-1671<\/td>\n<\/tr>\n<tr>\n<td rowspan=\"3\" width=\"96\">Magnitude<\/td>\n<td width=\"130\">Flash<\/td>\n<td width=\"340\">CVE-2015-7645, CVE-2015-5122, CVE-2015-5119, CVE-2015-3113, CVE-2015-3105, CVE-2015-3090, CVE-2015-0359, CVE-2015-0336, CVE-2015-0311<\/td>\n<\/tr>\n<tr>\n<td width=\"130\">Internet Explorer<\/td>\n<td width=\"340\">CVE-2015-2419<\/td>\n<\/tr>\n<tr>\n<td width=\"130\">Silverlight<\/td>\n<td width=\"340\">CVE-2015-1671<\/td>\n<\/tr>\n<tr>\n<td rowspan=\"2\" width=\"96\">Nuclear<\/td>\n<td width=\"130\">Flash<\/td>\n<td width=\"340\">CVE-2015-7645, CVE-2015-5560, CVE-2015-5122, CVE-2015-5119, CVE-2015-3113, CVE-2015-3104, CVE-2015-3090, CVE-2015-0359, CVE-2015-0336, CVE-2015-0313, CVE-2015-0311<\/td>\n<\/tr>\n<tr>\n<td width=\"130\">Internet Explorer<\/td>\n<td width=\"340\">CVE-2015-2419<\/td>\n<\/tr>\n<tr>\n<td rowspan=\"2\" width=\"96\">Neutrino<\/td>\n<td width=\"130\">Flash<\/td>\n<td width=\"340\">CVE-2015-7645, CVE-2015-5122, CVE-2015-5119, CVE-2015-3113, CVE-2015-3090, CVE-2015-0359, CVE-2015-0336, CVE-2015-0313, CVE-2015-0311<\/td>\n<\/tr>\n<tr>\n<td width=\"130\">Internet Explorer<\/td>\n<td width=\"340\">CVE-2015-2419<\/td>\n<\/tr>\n<tr>\n<td rowspan=\"2\" width=\"96\">Rig<\/td>\n<td width=\"130\">Flash<\/td>\n<td width=\"340\">CVE-2015-5122, CVE-2015-5119, CVE-2015-3113, CVE-2015-3090, CVE-2015-0359, CVE-2015-0311<\/td>\n<\/tr>\n<tr>\n<td width=\"130\">Internet Explorer<\/td>\n<td width=\"340\">CVE-2015-2419<\/td>\n<\/tr>\n<tr>\n<td width=\"96\">Sundown<\/td>\n<td width=\"130\">Flash<\/td>\n<td width=\"340\">CVE-2015-0313, CVE-2015-0311<\/td>\n<\/tr>\n<tr>\n<td width=\"96\">Hanjuan<\/td>\n<td width=\"130\">Flash<\/td>\n<td width=\"340\">CVE-2015-3113<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><em>\u88682<\/em><em>\u30012015<\/em><em>\u5e74\u88ab\u52a0\u5230\u6f0f\u6d1e\u653b\u64ca\u5305\u7684\u6f0f\u6d1e\uff08\u6839\u64da\u6f0f\u6d1e\u653b\u64ca\u5305\uff09<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u9583\u907f\u6280\u8853<\/em><\/strong><\/p>\n<p>\u5206\u6790\u548c\u5075\u6e2c\u6f0f\u6d1e\u653b\u64ca\u5305\u7684\u6a19\u6e96\u7a0b\u5e8f\u4e4b\u4e00\u662f\u5206\u6790\u6240\u7522\u751f\u7684\u7db2\u8def\u6d41\u91cf\u3002\u70ba\u4e86\u89e3\u6c7a\u9019\u554f\u984c\uff0c\u653b\u64ca\u8005\u57282015\u5e74\u958b\u59cb\u4f7f\u7528\u52a0\u5bc6\u6280\u8853\u4f86\u4fdd\u8b77\u4ed6\u5011\u7684\u7db2\u8def\u6d41\u91cf\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\u4ed6\u5011\u900f\u904e\u5229\u7528<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/how-exploit-kit-operators-are-misusing-diffie-hellman-key-exchange\/\">Diffie-Hellman\u91d1\u9470\u4ea4\u63db\u6f14\u7b97\u6cd5<\/a>\u4f86\u4f5c\u5230\u9019\u4e00\u9ede\uff0c\u5728\u53d7\u5bb3\u8005\u53ca\u6f0f\u6d1e\u653b\u64ca\u5305\u4f3a\u670d\u5668\u9593\u4ea4\u63db\u52a0\u5bc6\u91d1\u9470\u3002\u9019\u53ef\u4ee5\u5f9e\u7db2\u8def\u5b89\u5168\u7522\u54c1\u624b\u4e2d\u4fdd\u8b77\u6f0f\u6d1e\u653b\u64ca\u6a94\u6848\uff0c\u56e0\u70ba\u4e00\u822c\u7121\u6cd5\u6383\u63cf\u548c\u5075\u6e2c\u88ab\u50b3\u9001\u7684\u60e1\u610f\u6a94\u6848\u3002\u540c\u6a23\u5730\uff0c\u4f9d\u8cf4\u6d41\u91cf\u64f7\u53d6\u4f86\u5075\u6e2c\u6f0f\u6d1e\u653b\u64ca\u76f8\u95dc\u6d3b\u52d5\u7684\u7522\u54c1\u4e5f\u5c07\u8b8a\u5f97\u4e0d\u592a\u6709\u6548\uff0c\u56e0\u70ba\u91cd\u64ad\u7db2\u8def\u6d41\u91cf\u4e0d\u518d\u6709\u7528\u3002<\/p>\n<p>\u9664\u4e86\u59a8\u7919\u5075\u6e2c\uff0c\u9019\u4e9b\u63aa\u65bd\u4e5f\u8b93\u7814\u7a76\u4eba\u54e1\u60f3\u8981\u5206\u6790\u6f0f\u6d1e\u653b\u64ca\u5305\u6d3b\u52d5\u8b8a\u5f97\u66f4\u52a0\u56f0\u96e3\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2016\/02\/ek-2015-1.png\" alt=\"\" width=\"436\" height=\"307\" \/><\/p>\n<p><em>\u57161<\/em><em>\u3001\u5982\u4f55\u5c07Diffie-Hellman<\/em><em>\u5354\u5b9a\u7528\u4f86\u4ea4\u63db\u8cc7\u6599<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u6dea\u9677\u7684CMS<\/em><\/strong><strong><em>\u7db2\u7ad9\u548c\u60e1\u610f\u5ee3\u544a<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>\u57282015\u5e74\uff0c\u6709\u5169\u500b\u4e3b\u8981\u65b9\u6cd5\u7528\u4f86\u5c07\u4f7f\u7528\u8005\u5c0e\u5230\u6f0f\u6d1e\u653b\u64ca\u5305\uff1a\u6dea\u9677\u7db2\u7ad9\u548c\u60e1\u610f\u5ee3\u544a\u3002\u8b93\u6211\u5011\u5148\u8a0e\u8ad6\u524d\u4e00\u7a2e\u65b9\u6cd5\u3002<\/p>\n<p>\u6dea\u9677\u7db2\u7ad9\u6703\u5c07\u8a2a\u5ba2\u91cd\u5c0e\u5230\u5305\u542b\u6f0f\u6d1e\u653b\u64ca\u5305\u7684\u53e6\u4e00\u500b\u7db2\u7ad9\u4f86\u5c07\u5176\u8b8a\u6210\u53d7\u5bb3\u8005\u3002\u5728\u8a31\u591a\u6848\u4f8b\u4e2d\uff0c\u9019\u4e9b\u7db2\u7ad9\u5f88\u5bb9\u6613\u6dea\u9677\u662f\u56e0\u70ba\u9019\u4e9b\u4f3a\u670d\u5668\u6240\u7528\u7684\u5167\u5bb9\u7ba1\u7406\u7cfb\u7d71\uff08CMS\uff09\u3002<\/p>\n<p>\u57282015\u5e7411\u6708\uff0c\u6211\u5011<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/blog-of-news-site-the-independent-hacked-leads-to-teslacrypto-ransomware\/\">\u5831\u5c0e\u904e<\/a><em>EITest<\/em>\u653b\u64ca\u6d3b\u52d5\u6703\u4f7f\u7528Angler\u6f0f\u6d1e\u653b\u64ca\u5305\u5c07\u52d2\u7d22\u8edf\u9ad4\u6d3e\u9001\u7d66\u6dea\u9677\u7db2\u7ad9\u8a2a\u5ba2\u3002\u9019\u500b\u653b\u64ca\u6d3b\u52d5\u63a7\u5236\u4e86\u8d85\u904e1500\u500b\u7db2\u7ad9\u4f86\u6563\u64ad\u52d2\u7d22\u8edf\u9ad4\u3002<em>EITest<\/em>\u653b\u64ca\u6d3b\u52d5\u901a\u5e38\u6703\u5c07SWF\u7269\u4ef6\u52a0\u5230\u6dea\u9677\u7db2\u7ad9\u9801\u9762\u4e0a\uff0c\u8f09\u5165\u53e6\u4e00\u500bFlash\u6a94\u6848\u4f86\u6ce8\u5165\u96b1\u85cfiframe\u4ee5\u5c0e\u81f4\u6f0f\u6d1e\u653b\u64ca\u5305\u3002\u9019\u4e00\u5207\u90fd\u5728\u4f7f\u7528\u8005\u4e0d\u77e5\u60c5\u4e0b\u767c\u751f\u3002<\/p>\n<p><em>ElTest<\/em>\u4e26\u4e0d\u662f\u53ea\u60f3\u653b\u9677\u76ee\u6a19\u7db2\u7ad9\u7684\u55ae\u4e00\u653b\u64ca\u6d3b\u52d5\u3002\u9019\u4e9b\u653b\u64ca\u6d3b\u52d5\u90fd\u6709\u8457\u76f8\u540c\u7684\u7279\u6027\uff1a\u5b83\u5011\u91dd\u5c0d\u57f7\u884c\u77e5\u540dCMS\u8edf\u9ad4\u7684\u7db2\u7ad9\uff0c\u50cf\u662fWordPress\u3001Joomla\u548cDrupal\u3002\u53d7\u5f71\u97ff\u7db2\u7ad9\u57f7\u884c\u672a\u7d93\u4fee\u88dc\u800c\u6709\u6f0f\u6d1e\u7684\u7248\u672c\u6216\u662f\u4f7f\u7528\u7b2c\u4e09\u65b9\u5916\u639b\u7a0b\u5f0f\uff0c\u9019\u51f8\u986f\u4e86\u5c07\u5176\u4fdd\u6301\u5230\u6700\u65b0\u72c0\u614b\u6709\u591a\u91cd\u8981\u3002\u9019\u4e9b\u56e0\u7d20\u52a0\u8d77\u4f86\u8b93\u653b\u64ca\u8005\u53ef\u4ee5\u82b1\u8cbb\u8f03\u5c11\u7684\u7cbe\u529b\u5c31\u53ef\u4ee5\u91dd\u5c0d\u5927\u91cf\u7db2\u7ad9\u52a0\u4ee5\u653b\u9677\uff0c\u8b93\u5927\u91cf\u4f7f\u7528\u8005\u9677\u5165\u5371\u96aa\u4e2d\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\" https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2016\/02\/ek-2015-2-tb.png\" alt=\"\" width=\"418\" height=\"106\" \/><\/p>\n<p><em>\u57162<\/em><em>\u3001\u88ab\u63d2\u5165\u7684SWF<\/em><em>\u7269\u4ef6<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u6b64\u5916\uff0c\u5ee3\u544a\u6703\u88ab\u7528\u4f86\u5c07\u8a2a\u5ba2\u5e36\u5230\u60e1\u610f\u7db2\u7ad9\uff0c\u5728\u4e0d\u77e5\u4e0d\u89ba\u4e0b\u70ba\u864e\u4f5c\u5000\u3002\u7d55\u5927\u591a\u6578\u7db2\u7ad9\u90fd\u4f9d\u8cf4\u5ee3\u544a\u4f86\u5e6b\u5fd9\u4ed8\u5e33\u55ae\uff0c\u4f46\u9019\u4e9b\u5ee3\u544a\u5f88\u5c11\u76f4\u63a5\u7531\u7db2\u7ad9\u6240\u6709\u8005\u9032\u884c\u7ba1\u7406\u3002\u76f8\u5c0d\u5730\uff0c\u9019\u4e9b\u90fd\u662f\u900f\u904e\u5ee3\u544a\u7db2\u8def\u9032\u884c\u7ba1\u7406\u3002\u5982\u679c\u9019\u4e9b\u5ee3\u544a\u7db2\u8def\u7121\u6cd5\u78ba\u4fdd\u6240\u6709\u7684\u5ee3\u544a\u8cb7\u5bb6\u90fd\u6b63\u5e38\uff0c\u653b\u64ca\u8005\u53ef\u4ee5\u300c\u8cb7\u300d\u4e0b\u5ee3\u544a\u6d41\u91cf\uff0c\u4e26\u5c07\u5176\u5e36\u5230\u6f0f\u6d1e\u653b\u64ca\u5305\u3002\u7db2\u7ad9\u6240\u6709\u8005\u6703\u767c\u73fe\u5f88\u96e3\u53bb\u5075\u6e2c\u548c\u6e05\u9664\u9019\u4e9b\u653b\u64ca\uff0c\u56e0\u70ba\u5b83\u5011\u662f\u900f\u904e\u5ee3\u544a\u7db2\u8def\uff0c\u4e26\u975e\u4ed6\u5011\u6240\u80fd\u76f4\u63a5\u63a7\u5236\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2016\/02\/ek-2015-3.png\" alt=\"\" width=\"529\" height=\"184\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><em>\u57163<\/em><em>\u3001\u4e0d\u53ef\u898b\u7684iframe<\/em><em>\u85cf\u8457\u4e00\u500b\u60e1\u610f\u5ee3\u544a<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2016\/02\/ek-2015-4.png\" alt=\"\" width=\"542\" height=\"293\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><em>\u57164<\/em><em>\u3001\u5f48\u51fa\u5ee3\u544a\u5c0e\u81f4\u6f0f\u6d1e\u653b\u64ca\u5305<\/em><\/p>\n<p>&nbsp;<\/p>\n<p>\u57282015\u5e74\u770b\u5230\u8a31\u591a\u60e1\u610f\u5ee3\u544a\u4f7f\u7528\u6a6b\u5e45\/\u5d4c\u5165\u5ee3\u544a\u6216\u5f48\u51fa\u5f0f\u5ee3\u544a\u5c07\u8a2a\u5ba2\u5c0e\u5230\u6f0f\u6d1e\u653b\u64ca\u5305\u9801\u9762\u3002\u4ed6\u5011\u6703\u88fd\u4f5c\u4e00\u500b\u5047\u5ee3\u544a\uff08\u6216\u5f9e\u5408\u6cd5\u5ee3\u544a\u4e2d\u8907\u88fd\u5716\u7247\uff09\uff0c\u4e26\u4e14\u52a0\u5165\u8173\u672c\u5728\u80cc\u666f\u4e2d\u5c07\u4f7f\u7528\u8005\u5c0e\u5230\u6f0f\u6d1e\u653b\u64ca\u5305\uff0c\u4f7f\u7528\u8005\u4e0d\u7528\u9ede\u64ca\u4efb\u4f55\u6771\u897f\u4e5f\u770b\u4e0d\u51fa\u4ec0\u9ebc\u7570\u72c0\u3002\u5982\u6b64\u4f5c\u6cd5\uff0c\u653b\u64ca\u8005\u53ef\u4ee5\u66f4\u5feb\u5730\u5c07\u653b\u64ca\u5e36\u7d66\u5927\u91cf\u4f7f\u7528\u8005\u3002\u6211\u5011\u7684\u8cc7\u6599\u986f\u793a\uff0c\u57282015\u5e7412\u6708\u670988%\u7684\u6f0f\u6d1e\u653b\u64ca\u5305\u653b\u64ca\u8ddf\u60e1\u610f\u5ee3\u544a\u6709\u95dc\u3002<\/p>\n<p>&nbsp;<\/p>\n<table  class=\" table table-hover\" width=\"625\">\n<tbody>\n<tr>\n<td width=\"186\"><strong>\u00a0<\/strong><\/td>\n<td width=\"186\"><strong>\u4f86\u81ea\u60e1\u610f\u5ee3\u544a<\/strong><\/td>\n<td width=\"186\"><strong>\u4f86\u81ea\u5176\u4ed6\u4f86\u6e90<\/strong><\/td>\n<\/tr>\n<tr>\n<td width=\"186\">Angler Exploit Kit<\/td>\n<td width=\"186\">89.32%<\/td>\n<td width=\"186\">10.68%<\/td>\n<\/tr>\n<tr>\n<td width=\"186\">Magnitude Exploit Kit<\/td>\n<td width=\"186\">100%<\/td>\n<td width=\"186\">0%<\/td>\n<\/tr>\n<tr>\n<td width=\"186\">Neutrino Exploit Kit<\/td>\n<td width=\"186\">39.80%<\/td>\n<td width=\"186\">60.20%<\/td>\n<\/tr>\n<tr>\n<td width=\"186\">Rig Exploit Kit<\/td>\n<td width=\"186\">85.93%<\/td>\n<td width=\"186\">14.07%<\/td>\n<\/tr>\n<tr>\n<td width=\"186\">Nuclear Exploit Kit<\/td>\n<td width=\"186\">33.81%<\/td>\n<td width=\"186\">66.19%<\/td>\n<\/tr>\n<tr>\n<td width=\"186\">Sundown Exploit Kit<\/td>\n<td width=\"186\">100%<\/td>\n<td width=\"186\">0%<\/td>\n<\/tr>\n<tr>\n<td width=\"186\">Total<\/td>\n<td width=\"186\">88.07%<\/td>\n<td width=\"186\">11.93%<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>\u88684\u3001\u6f0f\u6d1e\u653b\u64ca\u5305\u6d41\u91cf\u7684\u4f86\u6e90\u5206\u5e03\uff082015\u5e7412\u6708\uff09<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u6982\u8981<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>\u6f0f\u6d1e\u653b\u64ca\u5305\u591a\u5e74\u4f86\u5df2\u7d93\u88ab\u8b49\u5be6\u975e\u5e38\u6709\u7528\uff0c\u57282015\u5e74\u4e5f\u4e0d\u4f8b\u5916\u3002\u6709\u4e86\u9019\u6a23\u4e00\u500b\u6709\u6548\u7684\u5de5\u5177\uff0c\u6c92\u6709\u7406\u7531\u9032\u884c\u6025\u5287\u7684\u6539\u8b8a\u3002\u76f8\u5c0d\u5730\uff0c\u6211\u5011\u6703\u770b\u5230\u5b83\u5011\u904b\u4f5c\u6a21\u5f0f\u7684\u6f14\u8b8a\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\u8edf\u9ad4\uff08\u7279\u5225\u662fAdobe Flash\uff09\u65b0\u6f0f\u6d1e\u6b63\u88ab\u8fc5\u901f\u5730\u52a0\u5165\u6f0f\u6d1e\u653b\u64ca\u5305\u3002\u52a0\u5bc6\u6280\u8853\u73fe\u5728\u4e5f\u88ab\u7528\u4f86\u4fdd\u8b77\u6f0f\u6d1e\u653b\u64ca\u5305\u7684\u7db2\u8def\u6d41\u91cf\uff0c\u8b93\u5075\u6e2c\u548c\u5206\u6790\u90fd\u66f4\u52a0\u56f0\u96e3\u3002\u6dea\u9677CMS\u7db2\u7ad9\u548c\u60e1\u610f\u5ee3\u544a\u8d8a\u4f86\u8d8a\u5e38\u88ab\u7528\u4f86\u7522\u751f\u53d7\u5bb3\u8005\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\u9019\u4e9b\u90fd\u4e0d\u662f\u7279\u5225\u7684\u6f14\u8b8a\u3002\u4f46\u7d50\u5408\u8d77\u4f86\uff0c\u5b83\u5011\u8b93\u5229\u7528\u6f0f\u6d1e\u653b\u64ca\u5305\u6240\u9032\u884c\u7684\u653b\u64ca\u6301\u7e8c\u5730\u6709\u6548\u4e5f\u5c0d\u7db2\u8def\u72af\u7f6a\u5206\u5b50\u5177\u6709\u8457\u5438\u5f15\u529b\u3002\u9019\u554f\u984c\u5230\u5e95\u6709\u591a\u5927\uff1f\u6211\u5011\u5c07\u5728\u672c\u7cfb\u5217\u7684<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/exploit-kits-2015-scale-distribution\/\">\u7b2c\u4e8c\u7bc7\u6587\u7ae0<\/a>\u4e2d\u63a2\u8a0e\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u66f4\u65b0\u65bc2016<\/em><\/strong><strong><em>\u5e743<\/em><\/strong><strong><em>\u670816<\/em><\/strong><strong><em>\u65e5<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>\u66f4\u65b0\u95dc\u65bcSundown\u6f0f\u6d1e\u653b\u64ca\u5305\u7684\u8cc7\u8a0a\u3002\u4e4b\u524d\u63d0\u5230Internet Explorer\u5167\u7684\u4e00\u500b\u6f0f\u6d1e\uff08CVE-2015-2444\uff09\u88ab\u6b64\u6f0f\u6d1e\u653b\u64ca\u5305\u6240\u7d0d\u5165\uff0c\u4f46\u986f\u7136\u4e26\u6c92\u6709\u5b8c\u5168\u5be6\u4f5c\u6210\u529f\u3002\u6211\u5011\u66f4\u65b0\u4e86\u4e0a\u8868\u4e26\u79fb\u9664\u6b64CVE\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\uff20\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/exploit-kits-2015-flash-bugs-compromised-sites-malvertising-dominate\/\">Exploit Kits in 2015: Flash Bugs, Compromised Sites, Malvertising Dominate<\/a>\u4f5c\u8005\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/author\/brookslijosephchen\/\">Brooks Li\u548cJoseph C Chen\uff08\u5a01\u8105\u5206\u6790\u5e2b\uff09<\/a><\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5a01\u8105\u5f9e\u4e0d\u539f\u5730\u8e0f\u6b65\uff0c\u6f0f\u6d1e\u653b\u64ca\u5305\uff08Exploit Kit\uff09\u4e5f\u4e0d\u4f8b\u5916\u30022015\u5e74\u5728\u6b64\u5a01\u8105\u9818\u57df\u4e2d\u770b\u898b\u4e86\u8a31\u591a\u6539\u8b8a\uff1a\u52a0\u5165\u6700 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[195,156],"tags":[2243,2292],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/17109"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=17109"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/17109\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=17109"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=17109"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=17109"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}