{"id":49354,"date":"2017-05-03T09:00:13","date_gmt":"2017-05-03T01:00:13","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=49354"},"modified":"2017-05-03T14:54:21","modified_gmt":"2017-05-03T06:54:21","slug":"brickerbot%e8%a6%81%e8%ae%93%e6%99%ba%e6%85%a7%e5%9e%8b%e5%ae%b6%e9%9b%bb%e7%9b%a3%e6%8e%a7%e6%94%9d%e5%bd%b1%e6%a9%9f%e7%ad%89%e7%89%a9%e8%81%af%e7%b6%b2%e8%a8%ad%e5%82%99%e8%ae%8a%e7%a3%9a","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=49354","title":{"rendered":"\u6bd4 Mirai \u66f4\u72e0, BrickerBot \u8981\u8b93\u667a\u6167\u578b\u5bb6\u96fb,\u76e3\u63a7\u651d\u5f71\u6a5f\u2026 \u7b49 IoT \u88dd\u7f6e,\u6c38\u9060\u8b8a\u78da\u584a!"},"content":{"rendered":"

\u4e00\u7a2e\u91dd\u5c0d\u7269\u806f\u7db2\uff08IoT ,Internet of Thing\uff09<\/a>\u8a2d\u5099\u7684\u65b0\u60e1\u610f\u8edf\u9ad4 BrickerBot \u8fd1\u65e5\u767b\u4e0a\u5a92\u9ad4<\/a>,\u96d6\u7136\u64da\u7a31<\/a>\u5b83\u7684\u653b\u64ca\u5a92\u4ecb\u8ddf\u00a0Mirai<\/a>\u00a0\u985e\u4f3c\uff0c\u4f46\u662f\u4e0d\u540c\u65bc\u00a0Mirai \u6703\u5c07\u53d7\u611f\u67d3\u8a2d\u5099\u8b8a\u6210\u300cBotnet\u5080\u5121<\/em>\u6bad\u5c4d\u7db2\u8def\u300d<\/a>\u96fb\u8166\uff0cBrickerBot \u662f\u6240\u8b02\u300cphlashing\u300d(\u7db2\u8def\u5237\u6a5f) \u653b\u64ca\u7684\u771f\u5be6\u6848\u4f8b\uff0c\u9019\u662f\u4e00\u7a2e\u6c38\u4e45\u963b\u65b7\u670d\u52d9\u653b\u64ca (\u7c21\u7a31 PDoS)\uff0c\u5229\u7528\u786c\u9ad4\u88dd\u7f6e\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u76f4\u63a5\u7834\u58de\u88dd\u7f6e\u7684\u97cc\u9ad4\u3002<\/span><\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

BrickerBot \u548c Mirai \u53ca LuaBot (ELF_LUABOT) \u9019\u985e<\/span>\u5c08\u9580\u653b\u64ca IoT \u88dd\u7f6e<\/span><\/a>\u7684\u60e1\u610f\u7a0b\u5f0f\u4e00\u6a23\uff0c\u6703\u85c9\u7531\u88dd\u7f6e\u9810\u8a2d\u7684\u5e33\u865f\u5bc6\u78bc\u4f86\u767b\u5165\u88dd\u7f6e\u3002\u4e0d\u904e\uff0cBrickerBot \u537b\u4e0d\u50cf\u5176\u4ed6\u653b\u64ca IoT \u88dd\u7f6e\u7684\u75c5\u6bd2\u5c07\u611f\u67d3\u7684\u88dd\u7f6e\u8b8a\u6210<\/span>\u6bad\u5c4d\u4ee5\u5efa\u7acb\u9f90\u5927\u7684\u6bad\u5c4d\u7db2\u8def\uff0c\u9032\u800c\u767c\u52d5\u5206\u6563\u5f0f\u963b\u65b7\u670d\u52d9 (DDos) \u653b\u64ca<\/span><\/a>\u3002BrickerBot \u6703\u5728\u611f\u67d3\u88dd\u7f6e\u4e0a\u57f7\u884c\u4e00\u9023\u4e32\u7684 Linux \u6307\u4ee4\uff0c\u5c0e\u81f4\u611f\u67d3\u88dd\u7f6e\u6c38\u4e45\u640d\u58de\u3002\u5176\u4e2d\u67d0\u4e9b\u6307\u4ee4\u6703\u6bc0\u640d\u6216\u60e1\u610f\u4fee\u6539\u88dd\u7f6e\u5132\u5b58\u5bb9\u91cf\u8a2d\u5b9a\u53ca\u6838\u5fc3\u53c3\u6578\u3001\u963b\u7919\u7db2\u969b\u7db2\u8def\u9023\u7dda\u3001\u5f71\u97ff\u88dd\u7f6e\u6548\u80fd\uff0c\u4ee5\u53ca\u6e05\u9664\u88dd\u7f6e\u4e0a\u6240\u6709\u6a94\u6848\u3002<\/span><\/p>\n

[<\/strong>\u5ef6\u4f38\u95b1\u8b80\uff1a<\/strong>\u5982\u4f55\u8b93\u5bb6\u7528\u8def\u7531\u5668\u4e0d\u8b8a\u6210\u6bad\u5c4d\u6a5f\u5668,\u63a5\u6536\u6307\u4ee4\u9032\u884c\u7db2\u8def\u72af\u7f6a?<\/a>]<\/strong><\/p>\n

\u76ee\u524d\u5df2\u77e5 BrickerBot \u6709\u5169\u7a2e\u7248\u672c:<\/span><\/p>\n

BrickerBot.1 \u7248\u672c\u5c08\u9580\u653b\u64ca\u4f7f\u7528 BusyBox \u8edf\u9ad4\u7684 IoT \u88dd\u7f6e (\u9019\u662f\u4e00\u5957\u985e\u4f3c Unix \u5de5\u5177\u5305\u7684\u8edf\u9ad4\uff0c\u9069\u7528 Linux \u548c Android \u7cfb\u7d71)\uff0c\u88dd\u7f6e\u82e5\u958b\u653e\u4e86 Telnet \u6216 Secure Shell (SSH) \u9023\u7dda\u5c31\u53ef\u80fd\u906d\u5230\u653b\u64ca\uff0c\u5f8c\u8005\u4e4b\u6240\u4ee5\u906d\u5230\u653b\u64ca\u662f\u56e0\u70ba\u63a1\u7528\u4e86\u820a\u7248\u7684 SSH \u4f3a\u670d\u5668\u3002\u4e00\u4e9b\u4ecd\u5728\u4f7f\u7528\u820a\u7248\u97cc\u9ad4\u7684\u7db2\u8def\u88dd\u7f6e\u6700\u53ef\u80fd\u906d\u5230\u6b64\u7248\u672c\u7684\u653b\u64ca\u3002<\/span><\/p>\n

BrickerBot.2 \u7248\u672c\u5c08\u9580\u653b\u64ca\u958b\u653e Telnet \u670d\u52d9\u4e26\u4f7f\u7528\u9810\u8a2d (\u6216\u5beb\u6b7b) \u5e33\u865f\u5bc6\u78bc\u7684 Linux \u88dd\u7f6e\u3002\u7b2c\u4e8c\u500b\u7248\u672c\u6703\u5229\u7528 TOR \u51fa\u53e3\u7bc0\u9ede (exit node) \u4f86\u96b1\u85cf\u5176\u884c\u8e64\u3002<\/span><\/p>\n

\u6839\u64da\u8da8\u52e2\u79d1\u6280\u5c0d BrickerBot \u7684\u9577\u671f\u89c0\u5bdf\uff0c\u8a72\u7a0b\u5f0f\u9084\u6703\u5229\u7528\u8def\u7531\u5668\u4e2d\u7684\u9060\u7aef\u7a0b\u5f0f\u78bc\u57f7\u884c\u6f0f\u6d1e\u3002\u800c\u521d\u6b65\u5206\u6790\u4e5f\u8b49\u5be6 BrickerBot \u7684\u78ba\u6703\u4f7f\u7528\u9810\u8a2d\u7684\u5e33\u865f\/\u5bc6\u78bc\u7d44\u5408 (\u5982\uff1a\u300croot\/root\u300d\u548c\u300croot\/vizxv\u300d) \u4f86\u8a66\u5716\u767b\u5165\u88dd\u7f6e\uff0c\u6b64\u5916\u9084\u6703\u96a8\u6a5f\u5beb\u5165\u88dd\u7f6e\u7684\u5132\u5b58\u88dd\u7f6e\u3002<\/span><\/p>\n

[\u5ef6\u4f38\u95b1\u8b80\uff1a<\/strong>\u00a0<\/strong>\u5982\u4f55\u4fdd\u8b77\u8def\u7531\u5668\u4ee5\u9632\u7bc4\u5bb6\u7528\u7db2\u8def\u653b\u64ca<\/strong><\/a>]<\/strong><\/p>\n

\u53bb\u5e74\uff0c\u7531\u65bc Mirai \u6bad\u5c4d\u75c5\u6bd2\u7684\u51fa\u73fe\uff0c\u4ee5\u53ca\u5b83\u5c0d\u4f01\u696d\u548c\u500b\u4eba\u6240\u9020\u6210\u7684<\/span>\u56b4\u91cd\u707d\u60c5<\/span><\/a>\uff0c\u00a0<\/span><\/span>IoT \u88dd\u7f6e\u5b89\u5168<\/span><\/a>\u6210\u4e86\u6700\u8feb\u5207\u7684\u8b70\u984c\u3002\u6b64\u6b21 BrickerBot \u7684\u73fe\u8eab\uff0c\u53cd\u6620\u51fa <\/span>IoT \u88dd\u7f6e\u5728\u7db2\u8def\u653b\u64ca\u7576\u4e2d\u6b63\u9010\u6f38\u626e\u6f14\u91cd\u8981\u89d2\u8272<\/span><\/a>\uff0c\u56e0\u70ba\u67d0\u4e9b\u7522\u696d\u7684\u4f01\u696d\u5df2\u958b\u59cb\u6162\u6162\u5c0e\u5165\u9019\u4e9b\u88dd\u7f6e\uff0c\u4f8b\u5982\uff1a\u88fd\u9020\u696d\u548c\u80fd\u6e90\u7522\u696d\u3002\u5c31\u9023\u50cf\u4e00\u822c\u5bb6\u7528\u8def\u7531\u5668\u9019\u6a23\u5e73\u51e1\u7684\u88dd\u7f6e\uff0c\u4e00\u65e6\u88ab\u8b8a\u6210\u6bad\u5c4d\uff0c\u5c31\u6703\u5b8c\u5168\u807d\u5f9e\u99ed\u5ba2\u7684\u6307\u793a\u653b\u64ca\u4f01\u696d\u3001\u7aca\u53d6\u4f01\u696d\u8cc7\u7522\uff0c\u6216\u7aca\u53d6\u611f\u67d3\u88dd\u7f6e\u4e0a\u7684\u8cc7\u6599\u3002<\/span><\/p>\n

<\/p>\n

\u5982\u4f55\u9632\u7bc4 BrickerBot<\/h3>\n

\u6709\u9451\u65bc BrickerBot \u7684\u7834\u58de\u6027\uff0c\u7f8e\u570b\u5de5\u696d\u63a7\u5236\u7cfb\u7d71\u7db2\u8def\u7dca\u6025\u61c9\u8b8a\u5c0f\u7d44 (Industrial Control Systems Cyber Emergency Response Team\uff0c\u7c21\u7a31 ICS-CERT) \u7279\u5225\u91dd\u5c0d\u5de5\u696d\u63a7\u5236\u7cfb\u7d71\u5ee0\u5546\u3001\u6301\u6709\u8005\u8207\u64cd\u4f5c\u8005\u767c\u8868\u4e86\u4e00\u4efd\u8cc7\u5b89\u516c\u544a<\/a>\u00a0\uff0c\u5efa\u8b70\u63a1\u53d6\u4ee5\u4e0b\u9632\u79a6\u63aa\u65bd\uff1a<\/p>\n