{"id":49235,"date":"2017-05-08T09:00:13","date_gmt":"2017-05-08T01:00:13","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=49235"},"modified":"2017-05-02T18:05:14","modified_gmt":"2017-05-02T10:05:14","slug":"%e9%a7%ad%e5%ae%a2%e7%ab%9f%e6%98%af%e9%a4%8a%e8%b1%ac%e6%88%b6-%e6%aa%a2%e8%a6%96-winnti-%e9%a7%ad%e5%ae%a2%e7%b5%84%e7%b9%94","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=49235","title":{"rendered":"\u99ed\u5ba2\u7adf\u662f\u990a\u8c6c\u6236? \u6aa2\u8996 Winnti \u99ed\u5ba2\u7d44\u7e54"},"content":{"rendered":"

\u8da8\u52e2\u79d1\u6280<\/a>\u5728\u4e4b\u524d\u7684\u4e00\u7bc7\u6587\u7ae0<\/a>\u4e2d\u8a0e\u8ad6\u904e\u4e2d\u570b\u99ed\u5ba2\u7d44\u7e54Winnti\u5982\u4f55\u5229\u7528GitHub\u4f86\u6563\u64ad\u60e1\u610f\u8edf\u9ad4\uff0c\u9019\u7a2e\u767c\u5c55\u986f\u793a\u51fa\u8a72\u96c6\u5718\u5df2\u7d93\u9032\u5316\uff0c\u958b\u59cb\u904b\u7528\u8ddf\u4e4b\u524d\u653b\u64ca\u904a\u6232\u3001\u88fd\u85e5\u548c\u96fb\u4fe1\u516c\u53f8\u6642\u4e0d\u540c\u7684\u6230\u8853\u3002\u900f\u904e\u672c\u6587\uff0c\u6211\u5011\u6703\u4ed4\u7d30\u6aa2\u8996\u8ddfWinnti\u96c6\u5718\u6709\u95dc\u7684\u5c0d\u8c61\uff0c\u5e0c\u671b\u63d0\u4f9b\u4e00\u822c\u4f7f\u7528\u8005\u548c\u4f01\u696d\u5c0d\u9019\u4e9b\u60e1\u610f\u5206\u5b50\u6240\u5229\u7528\u548c\u904b\u4f5c\u5de5\u5177\uff08\u5c24\u5176\u662f\u4f3a\u670d\u5668\u57fa\u790e\u8a2d\u65bd\uff09\u6709\u66f4\u591a\u7684\u4e86\u89e3\u3002<\/p>\n

\u641c\u5c0b\u7db2\u57df\u8a3b\u518a\u4f86\u627e\u7dda\u7d22<\/em><\/strong><\/p>\n

\u60e1\u610f\u5206\u5b50\u901a\u5e38\u6703\u8a3b\u518a\u548c\u4f7f\u7528\u591a\u500b\u7db2\u57df\uff0c\u4ee5\u4fbf\u5c07\u4ed6\u5011\u7684\u60e1\u610f\u8edf\u9ad4\u5206\u6563\u5230\u4e0d\u540c\u7684\u547d\u4ee4\u548c\u63a7\u5236\uff08C&C\uff09\u4f3a\u670d\u5668\u3002\u8a3b\u518a\u7db2\u57df\u90fd\u6703\u9700\u8981\u67d0\u4e9b\u8b58\u5225\u8cc7\u8a0a\uff1a\u5be6\u9ad4\u6216\u90f5\u5bc4\u5730\u5740\u3001\u96fb\u5b50\u90f5\u4ef6\u5730\u5740\u548c\u96fb\u8a71\u865f\u78bc\u3002\u5728\u9019\u4e4b\u4e2d\uff0c\u9700\u8981\u6709\u6548\u7684\u96fb\u5b50\u90f5\u4ef6\u5730\u5740\uff0c\u56e0\u70ba\u8a3b\u518a\u5546\u9700\u8981\u5bc4\u4fe1\u7d66\u65b0\u7db2\u57df\u64c1\u6709\u8005\u4f86\u78ba\u8a8d\u8cfc\u8cb7\uff0c\u540c\u6642\u4e5f\u662f\u63a7\u5236\u7db2\u57df\u6240\u9700\u7684\u8cc7\u8a0a\u3002<\/p>\n

\u5927\u591a\u6578\u8a50\u9a19\u5206\u5b50\u6703\u5efa\u7acb\u4e00\u6b21\u6027\u96fb\u5b50\u90f5\u4ef6\u5730\u5740\u6216\u4f7f\u7528\u5077\u4f86\u7684\u96fb\u5b50\u90f5\u4ef6\u5730\u5740\uff0c\u9019\u5169\u8005\u90fd\u5f88\u5bb9\u6613\u5efa\u7acb\u6216\u53d6\u5f97\u3002\u4f46\u96a8\u8457\u6642\u9593\u4e45\u4e86\uff0c\u8a50\u9a19\u5206\u5b50\u5728\u8a3b\u518a\u65b0\u7db2\u57df\u6642\u4e5f\u6703\u75b2\u65bc\u6539\u8b8a\u8cc7\u6599\uff0c\u72af\u4e0b\u91cd\u8907\u4f7f\u7528\u96fb\u5b50\u90f5\u4ef6\u5730\u5740\u7684\u932f\u8aa4\u3002<\/p>\n

\u4ed4\u7d30\u5206\u6790\u9019\u60e1\u610f\u5206\u5b50\u57282014\u5e74\u52302015\u5e74\u9593\u7684\u7db2\u57df\u8a3b\u518a\u53ef\u4ee5\u8b58\u5225\u51fa\u6709\u4e00\u7d44\u8eab\u5206\u88ab\u7528\u4f86\u8a3b\u518a\u591a\u500b\u7db2\u57df\uff0c\u4f5c\u70baWinnti\u96c6\u5718\u6240\u4f7f\u7528\u7279\u5b9a\u60e1\u610f\u8edf\u9ad4\u7684C&C\u4f3a\u670d\u5668\u3002\u5177\u9ad4\u5730\u8aaa\uff0c\u6211\u5011\u6536\u96c6\u5230\u66b1\u7a31Hack520\u7684\u8a73\u7d30\u8cc7\u6599\uff0c\u8a8d\u5b9a\u4ed6\u8ddfWinnti\u6709\u95dc\u3002<\/p>\n

Winnti<\/em><\/strong>\u96c6\u5718\u662f\u8ab0\uff1f<\/em><\/strong><\/p>\n

Winnti\u60e1\u610f\u8edf\u9ad4\u80cc\u5f8c\u7684\u96c6\u5718\uff08\u6211\u5011\u5c31\u7a31\u4e4b\u70baWinnti\u96c6\u5718\uff09\u8d77\u521d\u662f\u50b3\u7d71\u7684\u7db2\u8def\u8a50\u9a19\u8005\uff0c\u540c\u6642\u5177\u5099\u99ed\u5ba2\u6280\u8853\u80fd\u529b\u4f86\u9032\u884c\u91d1\u878d\u8a50\u9a19\u3002\u6839\u64da\u4ed6\u5011\u6240\u8a3b\u518a\u7db2\u57df\u7684\u4f7f\u7528\u60c5\u6cc1\uff0c\u9019\u96c6\u5718\u4e00\u958b\u59cb\u662f\u57282007\u5e74\u9032\u884c\u5047\uff08\u6d41\u6c13\uff09\u9632\u6bd2\u7522\u54c1\u7684\u751f\u610f<\/a>\u3002\u57282009\u5e74\uff0cWinnti\u96c6\u5718\u8f49\u79fb\u76ee\u6a19\u5230\u97d3\u570b\u7684\u904a\u6232\u516c\u53f8\uff0c\u4f7f\u7528\u81ea\u88fd\u7684\u8cc7\u6599\u548c\u6a94\u6848\u7aca\u53d6\u60e1\u610f\u8edf\u9ad4\u3002<\/p>\n

\u9019\u96c6\u5718\u7684\u4e3b\u8981\u52d5\u6a5f\u662f\u70ba\u4e86\u9322\uff0c\u7279\u8272\u662f\u6703\u7528\u81ea\u4e3b\u7814\u767c\u7684\u7279\u88fd\u5de5\u5177\u4f86\u9032\u884c\u653b\u64ca\u3002\u4ed6\u5011\u66fe\u7d93\u653b\u64ca<\/a>\u904a\u6232\u4f3a\u670d\u5668\u4f86\u975e\u6cd5\u53d6\u5f97\u904a\u6232\u5167\u7684\u91d1\u5e63<\/a>\uff08\u300c\u904a\u6232\u9ec3\u91d1\u300d\u4e5f\u5177\u5099\u73fe\u5be6\u4e16\u754c\u7684\u50f9\u503c\uff09\u548c\u5077\u8d70\u7db2\u8def\u904a\u6232\u5c08\u6848\u7684\u7a0b\u5f0f\u78bc\u3002\u9019\u5718\u9ad4\u9084\u6703\u7aca\u53d6\u6578\u4f4d\u6191\u8b49\uff0c\u7528\u4f86\u7c3d\u7f72\u81ea\u5df1\u7684\u60e1\u610f\u8edf\u9ad4\u4ee5\u9054\u5230\u4e0d\u88ab\u5075\u6e2c\u7684\u6548\u679c\u3002\u9019Winnti\u96c6\u5718\u7684\u76ee\u6a19\u5f88\u591a\u5143\uff0c\u5305\u62ec\u88fd\u85e5<\/a>\u548c\u96fb\u4fe1\u7b49\u4f01\u696d\u3002\u9019\u96c6\u5718\u56e0\u70ba\u9032\u884c\u91dd\u5c0d\u6027\u653b\u64ca\/\u9396\u5b9a\u76ee\u6a19\u653b\u64ca(Targeted attack )<\/a>\u76f8\u95dc\u60e1\u610f\u6d3b\u52d5\u800c\u88ab\u95dc\u6ce8\uff0c\u5982\u90e8\u7f72\u9b5a\u53c9\u5f0f\u91e3\u9b5a\u653b\u64ca\uff08SPEAR PHISHING\uff09<\/a>\u548c\u5efa\u7acb\u5f8c\u9580<\/a>\u3002<\/p>\n

\u5728\u7814\u7a76Winnti\u96c6\u5718\u7684\u904e\u7a0b\u4e2d\uff0c\u8da8\u52e2\u79d1\u6280<\/a>\u767c\u73fe\u6c92\u88ab\u56de\u5831\u904e\u7684\u60e1\u610f\u8edf\u9ad4\u53ef\u4ee5\u6b78\u56e0\u5230\u6b64\u5718\u9ad4\uff0c\u56e0\u70ba\u9019\u60e1\u610f\u8edf\u9ad4\u6240\u7528\u7684\u7a0b\u5f0f\u5eab\u548c\u653b\u64ca\u7528\u57fa\u790e\u8a2d\u65bd\u6240\u7528\u7684\u8a3b\u518a\u7db2\u57df\u3002\u9019\u4e9b\u6a23\u672c\u9084\u8b93\u6211\u5011\u627e\u51fa\u66f4\u591a\u7684C&C\u4f3a\u670d\u5668\uff0c\u5f97\u5230\u6bd4\u539f\u672c\u9810\u8a08\u66f4\u591a\u7684\u8cc7\u8a0a\u3002<\/p>\n

\u4ed4\u7d30\u6aa2\u8996Hack520<\/em><\/strong><\/p>\n

\u5c0dHack520\u6240\u8a3b\u518a\u7db2\u57df\u7684\u521d\u6b65\u8abf\u67e5\u986f\u793a\uff0c\u6709\u985e\u4f3c\u7db2\u57df\uff08\u5982\u4e0b\uff09\u4f7f\u7528\u5176\u4ed6\u8eab\u5206\u8a3b\u518a\u3002<\/p>\n