{"id":56313,"date":"2018-07-30T09:00:49","date_gmt":"2018-07-30T01:00:49","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=56313"},"modified":"2018-07-28T13:52:50","modified_gmt":"2018-07-28T05:52:50","slug":"%e6%96%b0underminer%e6%bc%8f%e6%b4%9e%e6%94%bb%e6%93%8a%e5%a5%97%e4%bb%b6-%e6%95%a3%e6%92%adbootkit%e5%92%8c%e6%8c%96%e7%a4%a6%e7%97%85%e6%af%92%e5%bd%b1%e9%9f%bf-50-%e8%90%ac%e5%8f%b0%e9%9b%bb","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=56313","title":{"rendered":"\u65b0Underminer\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6, \u6563\u64adBootkit\u548c\u6316\u7926\u75c5\u6bd2,\u5f71\u97ff 50 \u842c\u53f0\u96fb\u8166,\u9396\u5b9a\u65e5\u672c,\u53f0\u7063\u5c45\u7b2c\u4e8c"},"content":{"rendered":"<p><u><a href=\"https:\/\/www.trendmicro.com.tw\/edm\/Tracking.asp?id=2651&amp;name=20110916\">\u8da8\u52e2\u79d1\u6280<\/a><\/u>\u767c\u73fe\u4e00\u500b\u65b0\u7684<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/definition\/exploit-kit\">\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6<\/a>\uff08\u547d\u540d\u70baUnderminer\uff09\uff0c\u5b83\u6703\u4f7f\u7528\u5176\u4ed6\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u51fa\u73fe\u904e\u7684\u529f\u80fd\u4f86\u963b\u6b62\u7814\u7a76\u4eba\u54e1\u8ffd\u8e64\u5176\u6d3b\u52d5\u6216\u9006\u5411\u5de5\u7a0b\u5176\u9001\u5165\u7684\u75c5\u6bd2\u3002Underminer\u6703\u50b3\u9001\u611f\u67d3\u7cfb\u7d71\u958b\u6a5f\u78c1\u5340\u7684bootkit\u53ca\u540d\u70baHidden Mellifera\u7684\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u75c5\u6bd2\u3002Underminer\u900f\u904e\u52a0\u5bc6TCP\u901a\u9053\u4f86\u6d3e\u9001\u9019\u4e9b\u60e1\u610f\u8edf\u9ad4\uff0c\u4e26\u4e14\u7528\u985e\u4f3cROM\u6a94\u6848\u683c\u5f0f\uff08<a href=\"https:\/\/www.kernel.org\/doc\/Documentation\/filesystems\/romfs.txt\">romfs<\/a>\uff09\u7684\u5ba2\u88fd\u5316\u683c\u5f0f\u4f86\u5c01\u88dd\u60e1\u610f\u6a94\u6848\u3002\u9019\u4e9b\u4f5c\u6cd5\u8b93\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u53ca\u6709\u6548\u8f09\u8377\uff08payload\uff09\u96e3\u4ee5\u88ab\u5206\u6790\u3002Underminer<a href=\"https:\/\/bobao.360.cn\/interref\/detail\/248.html\">\u4f3c\u4e4e<\/a>\u662f\u57282017\u5e7411\u6708\u6240\u958b\u767c\u3002\u4e0d\u904e\u5728\u6b64\u6b21\u6848\u4f8b\u4e2d\uff0c\u4f7f\u7528\u4e86\u5305\u62ecFlash\u6f0f\u6d1e\u653b\u64ca\u78bc\uff0c\u4e26\u4e14\u6703\u7528<a href=\"https:\/\/blog.trendmicro.com.tw\/?p=50380\">\u7121\u6a94\u6848\u653b\u64ca<\/a>\u624b\u6cd5\u4f86\u5b89\u88dd\u60e1\u610f\u8edf\u9ad4\u3002<\/p>\n<p><a href=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/06\/unpatch-e1471856395374.png\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-13069\" src=\"https:\/\/blog.trendmicro.com.tw\/wp-content\/uploads\/2015\/06\/unpatch-e1471856395374.png\" alt=\"\" width=\"500\" height=\"452\" \/><\/a><\/p>\n<p>Underminer\u57287\u670817\u65e5\u7684\u6d3b\u52d5\u986f\u793a\u5b83\u4e3b\u8981\u5c07\u75c5\u6bd2\u6563\u64ad\u5230\u4e9e\u6d32\u570b\u5bb6\u3002Hidden Mellifera\u662f\u5f9e5\u6708\u6642<a href=\"https:\/\/www.freebuf.com\/column\/174581.html\">\u51fa\u73fe<\/a>\uff0c<a href=\"https:\/\/www.freebuf.com\/column\/175106.html\">\u64da\u5831<\/a>\u5f71\u97ff\u591a\u905450\u842c\u53f0\u7684\u96fb\u8166\u3002Hidden Mellifera\u7684\u4f5c\u8005\u4e5f\u8ddf2017\u5e748\u6708\u6240<a href=\"https:\/\/www.anquanke.com\/post\/id\/86600\">\u5831\u5c0e<\/a>\u7684\u700f\u89bd\u5668\u52ab\u6301\u6728\u99acHidden Soul\u6709\u95dc\u3002\u95dc\u806f\u5206\u6790\u986f\u793aUnderminer\u662f\u7531\u540c\u4e00\u6279\u99ed\u5ba2\u6240\u958b\u767c\uff0c\u800cUnderminer\u4e5f\u6563\u64ad\u4e86Hidden Mellifera\u3002\u53e6\u5916\uff0cUnderminer\u662f\u900f\u904e\u5ee3\u544a\u4f3a\u670d\u5668\u6d3e\u9001\uff0c\u9019\u4f3a\u670d\u5668\u7684\u7db2\u57df\u540d\u7a31\u662f\u7528Hidden Mellifera\u958b\u767c\u8005\u7684\u96fb\u5b50\u90f5\u4ef6\u5730\u5740\u8a3b\u518a\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/07\/underminer-exploit-kit-1.png\" \/><\/p>\n<p><em>\u57161<\/em><em>\u3001Underminer\u6f0f\u6d1e\u653b\u64ca\u4e9e\u6d32\u570b\u5bb6,<a href=\"https:\/\/www.freebuf.com\/column\/175106.html\">\u64da\u5831<\/a>\u5f71\u97ff\u591a\u905450\u842c\u53f0\u96fb\u8166,\u4e3b\u8981\u653b\u64ca\u65e5\u672c,\u53f0\u7063\u5c45\u7b2c\u4e8c<\/em><em>\uff08\u5f9e7<\/em><em>\u670817<\/em><em>\u65e5\u52307<\/em><em>\u670823<\/em><em>\u65e5\uff09<\/em><\/p>\n<p><!--more--><\/p>\n<p><strong><em>Underminer<\/em><\/strong><strong><em>\u7684\u80fd\u529b<\/em><\/strong><\/p>\n<p>Underminer\u4f7f\u7528\u5176\u4ed6\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u4e5f\u63a1\u7528\u904e\u7684\u529f\u80fd\uff1a\u700f\u89bd\u5668\u5206\u6790\u548c\u904e\u6ffe\u3001\u9632\u6b62\u5ba2\u6236\u7aef\u91cd\u65b0\u8a2a\u554f\u3001\u7db2\u5740\u96a8\u6a5f\u5316\u53ca\u5c0d\u6709\u6548\u8f09\u8377\u9032\u884c\u975e\u5c0d\u7a31\u52a0\u5bc6\u3002Underminer\u7684\u767b\u9678\u9801\u9762\u53ef\u4ee5\u900f\u904euser-agent\u4f86\u5206\u6790\u5075\u6e2c\u4f7f\u7528\u8005\u7684Adobe Flash Player\u7248\u672c\u548c\u700f\u89bd\u5668\u985e\u578b\u3002\u5982\u679c\u5ba2\u6236\u7aef\u4e0d\u5c6c\u65bc\u9810\u5b9a\u7684\u76ee\u6a19\u985e\u578b\uff0c\u5c31\u4e0d\u6703\u6d3e\u9001\u60e1\u610f\u5167\u5bb9\u4e26\u5c07\u5176\u91cd\u65b0\u5c0e\u5411\u6b63\u5e38\u7db2\u7ad9\u3002Underminer\u9084\u6703\u70ba\u700f\u89bd\u5668cookie\u8a2d\u5b9atoken\uff1b\u5982\u679c\u53d7\u5bb3\u8005\u5df2\u7d93\u8a2a\u554f\u904e\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u7684\u767b\u9678\u9801\u9762\u5c31\u4e0d\u6703\u518d\u50b3\u9001\u6709\u6548\u8f09\u8377\uff0c\u800c\u6703\u50b3\u9001HTTP 404\u932f\u8aa4\u8a0a\u606f\u3002\u9019\u53ef\u4ee5\u9632\u6b62Underminer\u91cd\u8907\u653b\u64ca\u540c\u4e00\u500b\u53d7\u5bb3\u8005\uff0c\u4e26\u4e14\u80fd\u5920\u963b\u6b62\u7814\u7a76\u4eba\u54e1\u900f\u904e\u91cd\u65b0\u8a2a\u554f\u60e1\u610f\u9023\u7d50\u4f86\u91cd\u73fe\u653b\u64ca\u3002Underminer\u9084\u6703\u96a8\u6a5f\u5316\u653b\u64ca\u6240\u7528\u7684\u7db2\u5740\u8def\u5f91\u4f86\u8eb2\u907f\u50b3\u7d71\u9632\u6bd2\u8edf\u9ad4\u7684\u5075\u6e2c\u3002<\/p>\n<p>&nbsp;<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/07\/underminer-exploit-kit-2-1.png\" \/><\/p>\n<p><em>\u57162<\/em><em>\u3001Underminer<\/em><em>\u7684\u7db2\u8def\u6d41\u91cf\u986f\u793a\u653b\u64caCVE-2016-0189<\/em><em>\uff08\u4e0a\uff09\uff0cCVE-2015-5119<\/em><em>\u548cCVE-2018-4878<\/em><em>\uff08\u4e0b\uff09<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>Underminer<\/em><\/strong><strong><em>\u5982\u4f55\u96b1\u85cf\u6f0f\u6d1e\u653b\u64ca\u78bc<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Underminer\u4f7f\u7528RSA\u52a0\u5bc6\u4f86\u4fdd\u8b77\u5176\u6f0f\u6d1e\u653b\u64ca\u78bc\u4e26\u9632\u6b62\u5176\u7db2\u8def\u6d41\u91cf\u88ab\u91cd\u8907\u64ad\u653e\u3002\u5728\u653b\u64ca\u6f0f\u6d1e\u524d\uff0cUnderminer\u6703\u751f\u6210\u96a8\u6a5f\u91d1\u9470\u4e26\u767c\u9001\u5230\u547d\u4ee4\u8207\u63a7\u5236\uff08C&amp;C\uff09\u4f3a\u670d\u5668\u3002\u6b64\u91d1\u9470\u63a5\u8457\u6703\u88ab\u7528\u4f86\u52a0\u5bc6\u5176JavaScript\u7a0b\u5f0f\u78bc\u548c\u6f0f\u6d1e\u653b\u64ca\u78bc\uff0c\u5728HTTP\u56de\u61c9\u6a19\u982d\u201cX-Algorithm\u201d\u5167\u6307\u5b9a\u5c0d\u7a31\u52a0\u5bc6\u6f14\u7b97\u6cd5\u4e26\u56de\u50b3\u7d66\u53d7\u5bb3\u8005\u3002\u5728\u6211\u5011\u7684\u6e2c\u8a66\u4e2d\uff0c\u5b83\u6240\u7528\u7684\u5c0d\u7a31\u6f14\u7b97\u6cd5\u662fRC4\u6216Rabbit\u3002<\/p>\n<p>\u6536\u5230\u56de\u61c9\u5f8c\uff0c\u7528\u751f\u6210\u7684\u91d1\u9470\u4f86\u89e3\u5bc6\u7a0b\u5f0f\u78bc\u4e26\u57f7\u884c\u3002Underminer\u9084\u6703\u5728\u91d1\u9470\u50b3\u8f38\u671f\u9593\u7528RSA\u52a0\u5bc6\u4f86\u505a\u9032\u4e00\u6b65\u7684\u4fdd\u8b77\uff08\u96a8\u6a5f\u91d1\u9470\u7528\u5167\u5d4c\u5728\u7a0b\u5f0f\u78bc\u7684\u516c\u9470\u52a0\u5bc6\u3002\u53ea\u80fd\u7528\u53ea\u6709Underminer\u904b\u4f5c\u8005\u77e5\u9053\u7684\u79c1\u9470\u89e3\u5bc6\uff09\u3002\u5373\u4f7f\u53ef\u4ee5\u770b\u5230\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u7684\u7db2\u8def\u6d41\u91cf\u6216\u62ff\u5230\u6a23\u672c\u4e5f\u7121\u6cd5\u89e3\u5bc6\u6f0f\u6d1e\u653b\u64ca\u78bc\u7684\u6709\u6548\u8f09\u8377\u3002\u9019\u6280\u8853\u985e\u4f3c\u65bc\u5176\u4ed6\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\uff08\u5c24\u5176\u662f<a href=\"https:\/\/securelist.com\/attacking-diffie-hellman-protocol-implementation-in-the-angler-exploit-kit\/72097\/\">Angler<\/a>\u3001<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/how-exploit-kit-operators-are-misusing-diffie-hellman-key-exchange\/\">Nuclear<\/a>\u548c<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/astrum-exploit-kit-abuses-diffie-hellman-key-exchange\/\">Astrum<\/a>\uff09\uff0c\u4f46\u90a3\u4e9b\u4f7f\u7528\u7684\u662fDiffie-Hellman\u6f14\u7b97\u6cd5\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/07\/underminer-exploit-kit-3.png\" \/><\/p>\n<p><em>\u57163<\/em><em>\u3001\u4f7f\u7528RSA<\/em><em>\u516c\u9470\u52a0\u5bc6\u96a8\u6a5f\u91d1\u9470\u7684JavaScript<\/em><em>\u7a0b\u5f0f\u78bc\u7247\u6bb5<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>Underminer<\/em><\/strong><strong><em>\u7684\u6f0f\u6d1e\u653b\u64ca\u78bc<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Underminer\u4f7f\u7528\u5176\u4ed6<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/rig-exploit-kit-now-using-cve-2018-8174-to-deliver-monero-miner\/\">\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6<\/a>\u548c<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/north-korean-hackers-allegedly-exploit-adobe-flash-player-vulnerability-cve-2018-4878-against-south-korean-targets\">\u60e1\u610f\u653b\u64ca\u8005<\/a>\u4e5f\u7528\u904e\u7684\u5e7e\u7d44\u5b89\u5168\u6f0f\u6d1e\uff1a<\/p>\n<ul>\n<li><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak\/\">CVE-2015-5119<\/a>\uff0cAdobe Flash Player\u57282015\u5e747\u6708<a href=\"https:\/\/helpx.adobe.com\/security\/products\/flash-player\/apsa15-03.html\">\u4fee\u88dc<\/a>\u7684use-after-free\u6f0f\u6d1e\u3002<\/li>\n<li><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/may-2016-patch-tuesday-fixes-browser-scripting-engine-flaws\/\">CVE-2016-0189<\/a>\uff0cInternet Explorer\u57282016\u5e745\u6708\u4fee\u88dc\u7684\u8a18\u61b6\u9ad4\u640d\u6bc0\u6f0f\u6d1e\u3002<\/li>\n<li><a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/february-patch-tuesday-bouquet-fixes-privilege-escalation-vulnerabilities\/\">CVE-2018-4878<\/a>\uff0cAdobe Flash Player\u57282018\u5e742\u6708\u4fee\u88dc\u7684use-after-free\u6f0f\u6d1e\u3002<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>\u653b\u64ca\u9019\u4e9b\u6f0f\u6d1e\u6642\u6703\u57f7\u884c\u60e1\u610f\u8edf\u9ad4\u8f09\u5165\u7a0b\u5f0f\u3002\u6bcf\u500b\u90fd\u6709\u985e\u4f3c\u7684\u611f\u67d3\u93c8\uff0c\u4f46\u57f7\u884c\u65b9\u5f0f\u4e0d\u540c\u3002\u5728\u653b\u64caCVE-2016-0189\u6642\uff0c\u6703\u7528regsvr32.exe\u57f7\u884c\u5305\u542bJscript\u7a0b\u5f0f\u78bc\u7684scriptlet\uff08.sct\u6a94\u6848\uff09\u3002Jscript\u6703\u690d\u5165\u4e00\u500bDLL\u6a94\u4e26\u7528rundll32.exe\u57f7\u884c\uff0c\u5b83\u6703\u5f9e\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u8f09\u5165\u4e26\u57f7\u884c\u7b2c\u4e8c\u968e\u6bb5\u7684\u4e0b\u8f09\u75c5\u6bd2\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\u7576\u653b\u64caFlash\u6f0f\u6d1e\u6642\uff0cUnderminer\u6703\u76f4\u63a5\u57f7\u884cshellcode\u4f86\u4e0b\u8f09\u6c92\u6709MZ\u6a19\u982d\u7684\u53ef\u57f7\u884c\u6a94\u3002\u9019\u76f8\u7576\u65bcscriptlet\u6240\u690d\u5165\u7684\u7b2c\u4e00\u968e\u6bb5\u8f09\u5165\u75c5\u6bd2\uff08DLL\u6a94\uff09\u3002\u8f09\u5165\u75c5\u6bd2\u6703\u53d6\u56de\u76f8\u540c\u7684\u7b2c\u4e8c\u968e\u6bb5\u4e0b\u8f09\u75c5\u6bd2\uff0c\u7136\u5f8c\u6ce8\u5165\u65b0\u555f\u52d5\u7684rundll32.exe\u7a0b\u5e8f\u3002Flash\u6f0f\u6d1e\u653b\u64ca\u7684\u611f\u67d3\u93c8\u5728\u5b89\u88dd\u60e1\u610f\u8edf\u9ad4\u5230\u7cfb\u7d71\u6642\u6240\u7528\u7684\u662f\u7121\u6a94\u6848\u653b\u64ca\u7684\u624b\u6cd5\u3002\u6211\u5011\u7684<a href=\"https:\/\/documents.trendmicro.com\/assets\/tech-brief-new-exploit-kit-underminer-delivers-bootkit-and-cryptocurrency-mining-malware.pdf\">\u6280\u8853\u7c21\u4ecb<\/a>\u6703\u9032\u4e00\u6b65\u89e3\u91cb\u7b2c\u4e8c\u968e\u6bb5\u4e0b\u8f09\u75c5\u6bd2\u5982\u4f55\u7528\u52a0\u5bc6TCP\u901a\u9053\u50b3\u9001bookit\u548c\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u75c5\u6bd2\u3002<\/p>\n<p><img decoding=\"async\" src=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/files\/2018\/07\/underminer-exploit-kit-4.png\" \/><\/p>\n<p><em>\u57164<\/em><em>\u3001Underminer<\/em><em>\u6f0f\u6d1e\u653b\u64ca\u7684\u611f\u67d3\u6d41\u7a0b<\/em><\/p>\n<p>&nbsp;<\/p>\n<p><strong><em>\u7de9\u89e3\u63aa\u65bd\u548c\u8da8\u52e2\u79d1\u6280\u89e3\u6c7a\u65b9\u6848<\/em><\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>\u8207\u4e4b\u524d\u5176\u4ed6\u7684\u6f0f\u6d1e\u653b\u64ca\u4e00\u6a23\uff0c\u6211\u5011\u9810\u671fUnderminer\u6703\u66f4\u52a0\u78e8\u7df4\u6280\u8853\uff0c\u9032\u4e00\u6b65\u6df7\u6dc6\u5316\u50b3\u9001\u75c5\u6bd2\u7684\u65b9\u5f0f\u4e14\u653b\u64ca\u66f4\u591a\u7684\u6f0f\u6d1e\uff0c\u540c\u6642\u4e5f\u6703\u963b\u6b62\u8cc7\u5b89\u4eba\u54e1\u7814\u7a76\u5b83\u5011\u7684\u6d3b\u52d5\u3002\u9451\u65bc\u5176\u904b\u4f5c\u7684\u7279\u6027\uff0c\u6211\u5011\u4e5f\u9810\u671f\u5b83\u5011\u6703\u8b93\u6709\u6548\u8f09\u8377\u591a\u6a23\u5316\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u76ee\u524d\u53ef\u80fd<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/a-look-into-recent-exploit-kit-activities\/\">\u4e0d\u90a3\u9ebc\u53d7\u91cd\u8996<\/a>\uff0c\u4f46Underminer\u986f\u793a\u51fa\u5b83\u5011\u4ecd\u662f\u7a2e\u91cd\u5927\u7684\u5a01\u8105\u3002\u5b83\u5f37\u8abf\u4e86\u91cd\u8981\u7684\u73fe\u5be6\u554f\u984c\uff08\u5c0d\u8a31\u591a\u4f01\u696d\u4f86\u8aaa\u662f\u4ef6\u9577\u671f\u7684<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/patching-problems-and-how-to-solve-them\">\u6311\u6230<\/a>\uff09 \u2013 \u4fee\u88dc\u6f0f\u6d1e\u3002\u5c0d\u4f01\u696d\u800c\u8a00\uff0c\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u53ef\u80fd<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/vulnerabilities-and-exploits\/exploits-as-a-service-how-exploit-kit-ransomware-affects-bottom-line\">\u610f\u5473<\/a>\u8457\u8981\u8207\u6642\u9593\u8cfd\u8dd1\u3002\u6f0f\u6d1e\u53ef\u80fd\u5728\u4efb\u4f55\u6642\u9593\u88ab\u516c\u958b\uff0c\u800c\u9019\u5c0e\u81f4\u7684\u7a7a\u7a97\u671f\u6703\u8b93\u672a\u7d93\u4fee\u88dc\u7684\u7cfb\u7d71\uff08\u53ca\u5132\u5b58\u5728\u5167\u7684\u500b\u4eba\u6216\u696d\u52d9\u95dc\u9375\u8cc7\u6599\uff09\u9580\u6236\u5927\u958b\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u6700\u4f73\u5be6\u4f5c\uff1a<\/p>\n<ul>\n<li>\u4fdd\u6301\u7cfb\u7d71\u53ca\u61c9\u7528\u7a0b\u5f0f\u66f4\u65b0\uff0c\u4e26\u8003\u616e\u4f7f\u7528<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/capabilities\/intrusion-prevention.html?cm_re=10_19_17-_-2d_Capabilities-_-IntrusionPrevention\">\u865b\u64ec\u4fee\u88dc\u6280\u8853<\/a>\uff0c\u5c24\u5176\u662f\u8001\u820a\u7684\u7cfb\u7d71\u548c\u7db2\u8def\u3002<\/li>\n<li>\u7a4d\u6975\u76e3\u63a7\u7db2\u8def\uff1b<a href=\"https:\/\/www.trendmicro.com\/vinfo\/us\/security\/news\/security-technology\/best-practices-deploying-an-effective-firewall\">\u9632\u706b\u7246<\/a>\u548c\u90e8\u7f72<a href=\"https:\/\/www.trendmicro.com\/en_us\/business\/products\/network\/intrusion-prevention.html\">\u5165\u4fb5\u5075\u6e2c\u548c\u9632\u79a6\u7cfb\u7d71<\/a>\u53ef\u4ee5\u63d0\u4f9b\u591a\u5c64\u6b21\u5b89\u5168\u9632\u8b77\u4f86\u5c0d\u6297\u60e1\u610f\u5a01\u8105\u3002<\/li>\n<li>\u5be6\u65bd\u6700\u4f4e\u6b0a\u9650\u539f\u5247\uff1a\u9650\u5236\u6216\u505c\u7528\u53ef\u4f5c\u70ba\u9032\u5165\u9ede\u7684\u4e0d\u5fc5\u8981\u6216\u904e\u671f\u7684\u61c9\u7528\u7a0b\u5f0f\u548c\u5143\u4ef6\u3002<\/li>\n<li>\u900f\u904e\u90e8\u7f72\u5b89\u5168\u6a5f\u5236\uff08\u5982\u61c9\u7528\u7a0b\u5f0f\u63a7\u5236\u548c\u884c\u70ba\u76e3\u63a7\uff09\u4f86\u5be6\u65bd\u7e31\u6df1\u9632\u79a6\uff0c\u9632\u6b62\u672a\u7d93\u6388\u6b0a\u6216\u60e1\u610f\u61c9\u7528\u7a0b\u5f0f\u6216\u7a0b\u5e8f\u57f7\u884c\u3002<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p>\u4e3b\u52d5\u5f0f\u7684\u591a\u5c64\u6b21\u5b89\u5168\u9632\u8b77\u662f\u5c0d\u6297\u6f0f\u6d1e\u653b\u64ca\u7684\u95dc\u9375 \u2013 \u4e0d\u8ad6\u662f\u91dd\u5c0d\u9598\u9053\u3001\u7aef\u9ede\u3001\u7db2\u8def\u548c\u4f3a\u670d\u5668\u3002\u5177\u5099<a href=\"https:\/\/www.trendmicro.com\/us\/business\/xgen\/index.html\">XGen<\/a>\u7aef\u9ede\u5b89\u5168\u9632\u8b77\u6280\u8853\u7684<a href=\"https:\/\/www.trendmicro.com\/us\/enterprise\/product-security\/officescan\/\">\u8da8\u52e2\u79d1\u6280OfficeScan<\/a>\u5177\u6709<a href=\"https:\/\/www.trendmicro.com\/us\/enterprise\/product-security\/vulnerability-protection\/\">Vulnerability Protection<\/a>\u53ef\u4ee5\u5728\u90e8\u7f72\u4fee\u88dc\u7a0b\u5f0f\u524d\u4fdd\u8b77\u7aef\u9ede\u514d\u53d7\u5df2\u77e5\u548c\u672a\u77e5\u7684\u6f0f\u6d1e\u653b\u64ca\u3002\u8da8\u52e2\u79d1\u6280\u7684\u7aef\u9ede\u89e3\u6c7a\u65b9\u6848\uff08\u5982\u8da8\u52e2\u79d1\u6280<a href=\"https:\/\/www.trendmicro.com\/us\/business\/complete-user-protection\/index.html\">Smart Protection Suites<\/a>\u548c<a href=\"https:\/\/www.trendmicro.com\/us\/small-business\/product-security\/\">Worry-Free Business Security<\/a>\uff09\u53ef\u4ee5\u5075\u6e2c\u548c\u5c01\u9396\u60e1\u610f\u6a94\u6848\u53ca\u6240\u6709\u76f8\u95dc\u60e1\u610f\u7db2\u5740\uff0c\u4fdd\u8b77\u6700\u7d42\u4f7f\u7528\u8005\u548c\u4f01\u696d\u514d\u65bc\u9019\u4e9b\u5a01\u8105\u3002<\/p>\n<p>\u6211\u5011\u5728\u6b64<a href=\"https:\/\/documents.trendmicro.com\/assets\/tech-brief-new-exploit-kit-underminer-delivers-bootkit-and-cryptocurrency-mining-malware.pdf\">\u6280\u8853\u7c21\u4ecb<\/a>\u5167\u63d0\u4f9b\u4e86Underminer\u611f\u67d3\u93c8\u7684\u8a73\u7d30\u5206\u6790\u53ca\u5165\u4fb5\u6307\u6a19\u3002<\/p>\n<p>&nbsp;<\/p>\n<p>@\u539f\u6587\u51fa\u8655\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/new-underminer-exploit-kit-delivers-bootkit-and-cryptocurrency-mining-malware-with-encrypted-tcp-tunnel\/\">New Underminer Exploit Kit Delivers Bootkit and Cryptocurrency-mining Malware with Encrypted TCP Tunnel<\/a> \u4f5c\u8005\uff1a<a href=\"https:\/\/blog.trendmicro.com\/trendlabs-security-intelligence\/author\/cybersafety\/\">\u8da8\u52e2\u79d1\u6280\u7db2\u8def\u5b89\u5168\u89e3\u6c7a\u65b9\u6848\u5718\u968a<\/a>\uff08Jaromir Horejsi\u548cJoseph C. Chen\uff09<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u8da8\u52e2\u79d1\u6280\u767c\u73fe\u4e00\u500b\u65b0\u7684\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\uff08\u547d\u540d\u70baUnderminer\uff09\uff0c\u5b83\u6703\u4f7f\u7528\u5176\u4ed6\u6f0f\u6d1e\u653b\u64ca\u5957\u4ef6\u51fa\u73fe\u904e\u7684\u529f\u80fd\u4f86\u963b\u6b62\u7814\u7a76 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[3373,3647,3654],"tags":[3919,3575,3918,3640,452,3723],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/56313"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=56313"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/56313\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=56313"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=56313"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=56313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}