{"id":56583,"date":"2018-08-04T18:10:51","date_gmt":"2018-08-04T10:10:51","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=56583"},"modified":"2018-08-16T18:15:04","modified_gmt":"2018-08-16T10:15:04","slug":"%e8%b6%85%e9%81%8e20%e8%90%ac%e5%8f%b0mikrotik%e8%b7%af%e7%94%b1%e5%99%a8%e9%81%ad%e9%81%87%e6%8c%96%e7%a4%a6%e5%8a%ab%e6%8c%81%ef%bc%88cryptojacking%ef%bc%89","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=56583","title":{"rendered":"\u8d85\u904e20\u842c\u53f0MikroTik\u8def\u7531\u5668\u906d\u9047\u6316\u7926\u52ab\u6301\uff08Cryptojacking\uff09"},"content":{"rendered":"

\u8cc7\u5b89\u7814\u7a76\u4eba\u54e1\u767c\u73fe<\/a>\u4e86\u4e00\u6ce2\u6316\u7926\u52ab\u6301\uff08Cryptojacking\uff09\u653b\u64ca\u6d3b\u52d5 \u2013 \u653b\u64ca\u8005\u52ab\u6301\u96fb\u8166\u9032\u884c\u6316\u7926( coinmining )<\/a>\uff0c\u4ed6\u5011\u5229\u7528MikroTik\u8def\u7531\u5668\u7684\u6f0f\u6d1e\u6ce8\u5165\u60e1\u610f\u7248\u672c\u7684Coinhive<\/a>\uff08\u7db2\u9801\u578b\u865b\u64ec\u8ca8\u5e63\u7926\u5de5\uff09\u3002\u4ee5\u4e0b\u662f\u4f60\u6240\u9700\u8981\u4e86\u89e3\u95dc\u65bc\u6b64\u5a01\u8105\u7684\u8cc7\u8a0a\uff1a<\/p>\n

\u767c\u751f\u4e86\u4ec0\u9ebc\u4e8b\uff1f<\/strong><\/p>\n

\u64da\u5831\u5c0e<\/a>\uff0c\u6316\u7926\u52ab\u6301\u4e00\u958b\u59cb\u5728\u5df4\u897f\u653b\u64ca\u4e867.2\u842c\u53f0\u7684MikroTik\u8def\u7531\u5668\u3002\u76f4\u5230\u672c\u6587\u64b0\u5beb\u6642\uff0c\u5df2\u7d93\u6709\u8d85\u904e20\u842c\u53f0MikroTik\u8def\u7531\u5668\u906d\u5230\u5165\u4fb5\u3002\u96d6\u7136\u5927\u591a\u6578\u8def\u7531\u5668\u90fd\u5728\u5df4\u897f\uff0c\u4f46\u7814\u7a76\u4eba\u54e1\u6307\u51fa\u9019\u4e9b\u653b\u64ca\u73fe\u5728\u4e5f\u5728\u570b\u5916\u6563\u64ad<\/a>\u3002<\/p>\n

\u9019\u8868\u793a\u4f7f\u7528\u6709\u6f0f\u6d1eMikroTik\u8def\u7531\u5668\u7684\u4f7f\u7528\u8005\u6216\u7d44\u7e54\u5bb9\u6613\u906d\u53d7\u6316\u7926\u52ab\u6301\u3002\u4e8b\u5be6\u4e0a\uff0c\u7814\u7a76\u4eba\u54e1\u4e5f\u6709\u767c\u73fe\u6709\u975eMikroTik\u8def\u7531\u5668\u53d7\u5230\u5f71\u97ff\uff0c\u5f88\u53ef\u80fd\u662f\u56e0\u70ba\u5df4\u897f\u7684\u7db2\u8def\u670d\u52d9\u5546\uff08ISP\uff09\u5728\u5176\u4e3b\u8981\u7db2\u8def\u5167\u4f7f\u7528MikroTik\u8def\u7531\u5668\u3002<\/p>\n

[<\/strong>\u76f8\u95dc\u5831\u5c0e\uff1aVPNFilter\u5f71\u97ff\u7684\u88dd\u7f6e\u670919\u500b\u6f0f\u6d1e\uff0c\u53ef\u80fd\u906d\u53d7Mirai\u3001Reaper\u3001WannaCry\u653b\u64ca<\/a>]<\/strong><\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

\u9019\u6ce2\u6316\u7926\u52ab\u6301\u653b\u64ca\u5229\u7528\u4ec0\u9ebc\u6f0f\u6d1e\uff1f<\/strong><\/p>\n

<\/p>\n

\u9019\u6ce2\u6316\u7926\u52ab\u6301\u653b\u64ca\u4e86Winbox\u4e2d\u7684\u5b89\u5168\u6f0f\u6d1e\uff0c\u9019\u662fMikroTik\u8def\u7531\u5668\u4f5c\u696d\u7cfb\u7d71RouterOS\u5167\u7684\u9060\u7aef\u7ba1\u7406\u670d\u52d9\u3002\u9019\u500b\u6f0f\u6d1e\u6c92\u6709\u4e00\u822c\u7684CVE\u7de8\u865f\uff0c\u5b83\u65bc2018\u5e744\u6708\u62ab\u9732<\/a>\u4e14\u5df2\u7d93\u88ab\u4fee\u88dc<\/a>\u3002<\/p>\n

Winbox\u53ef\u4ee5\u8b93\u4f7f\u7528\u8005\u9060\u7aef\u8a2d\u5b9a\u4ed6\u5011\u7684\u8a2d\u5099\u3002\u653b\u64ca\u6b64\u6f0f\u6d1e\u53ef\u4ee5\u8b93\u653b\u64ca\u8005\u7528\u5de5\u5177\u9023\u5230Winbox\u7aef\u53e3\uff088291\uff09\u548c\u8981\u6c42\u5b58\u53d6\u7cfb\u7d71\u4f7f\u7528\u8005\u8cc7\u6599\u5eab\u6a94\u6848\u3002<\/p>\n

[<\/strong>\u5ef6\u4f38\u95b1\u8b80\uff1a\u6aa2\u8996\u6700\u503c\u5f97\u6ce8\u610f\u7684\u5bb6\u7528\u7db2\u8def\u5b89\u5168\u5a01\u8105<\/a>]<\/strong><\/p>\n

 <\/p>\n

\u6316\u7926\u52ab\u6301\u653b\u64ca\u5982\u4f55\u904b\u4f5c\uff1f<\/strong><\/p>\n

\u653b\u64ca\u6f0f\u6d1e\u6703\u8b93\u653b\u64ca\u8005\u53d6\u5f97\u8a2d\u5099\u7684\u7ba1\u7406\u54e1\u6b0a\u9650\uff0c\u9032\u800c\u8b93\u4ed6\u5011\u5c07\u60e1\u610f\u7248\u672c\u7684Coinhive\u8173\u672c\u6ce8\u5165\u4f7f\u7528\u8005\u700f\u89bd\u7684\u6bcf\u500b\u7db2\u9801\u3002\u4f7f\u7528\u8005\u5373\u4f7f\u662f\u9023\u5230\u6709\u6f0f\u6d1e\u8def\u7531\u5668\u7684\u7121\u7dda\u7db2\u8def\u4e5f\u53ef\u80fd\u53d7\u5230\u5f71\u97ff\u3002<\/p>\n

\u56e0\u70ba\u60e1\u610f\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u6d3b\u52d5\u6703\u5c0e\u81f4\u56b4\u91cd\u7684\u6548\u80fd\u554f\u984c\u548c\u7db2\u8def\u6d41\u91cf\u589e\u52a0\uff0c\u60e1\u610f\u653b\u64ca\u7684\u5e55\u5f8c\u9ed1\u624b\u610f\u8b58\u5230\u9019\u4e9b\u653b\u64ca\u5f15\u8d77\u4e86ISP\u548c\u5b89\u5168\u7814\u7a76\u4eba\u54e1\u7684\u6ce8\u610f\u800c\u6539\u8b8a\u4e86\u7b56\u7565\u3002\u60e1\u610fCoinhive\u8173\u672c\u73fe\u5728\u53ea\u6703\u6ce8\u5165\u8def\u7531\u5668\u8fd4\u56de\u7684\u932f\u8aa4\u9801\u9762\u4f86\u4fdd\u6301\u4f4e\u8abf\u3002<\/p>\n

\u7814\u7a76\u4eba\u54e1\u9084\u767c\u73fe\u4e00\u500b\u653b\u64ca\u8005\u627e\u5230\u65b0\u7684\u6709\u6f0f\u6d1e\u8def\u7531\u5668\u6642\u7528\u7684\u8173\u672c\u3002\u60e1\u610f\u8173\u672c\u6703\u4fee\u6539\u7cfb\u7d71\u8a2d\u5b9a\uff0c\u555f\u7528\u4ee3\u7406\u7a0b\u5f0f\uff0c\u6392\u7a0b\u9032\u884c\u81ea\u6211\u66f4\u65b0\uff0c\u4e26\u4e14\u88fd\u9020\u5f8c\u9580\u3002\u9019\u53ef\u4ee5\u770b\u51fa\u99ed\u5ba2\u8a66\u5716\u8981\u8eb2\u907f\u5075\u6e2c\u3002<\/p>\n

[TrendLabs Security Intelligence Blog\uff1a\u865b\u64ec\u8ca8\u5e63\u5168\u7403\u6dd8\u91d1\u6f6e, 2017\u5e74\u6316\u7926\u60e1\u610f\u7a0b\u5f0f, \u53f0\u7063\u6392\u5168\u7403\u7b2c\u4e09]<\/a><\/p>\n

 <\/p>\n

\u9019\u662f\u65b0\u7684\u6316\u7926\u52ab\u6301\u624b\u6cd5\u55ce\uff1f<\/strong><\/p>\n

\u9019\u6ce2\u653b\u64ca\u4e26\u4e0d\u65b0\u3002MikroTik RouterOS\u7684\u6f0f\u6d1e\u4e4b\u524d\u4e5f\u88ab\u653b\u64ca<\/a>\u7528\u4f86\u52a0\u5165\u6bad\u5c4d\u7db2\u8def<\/a>\u904e\u3002MikroTik\u8def\u7531\u5668\u9084\u66fe\u5728Operation Slingshot<\/a>\u7db2\u8def\u9593\u8adc\u653b\u64ca\u6d3b\u52d5\u906d\u53d7\u5165\u4fb5\uff0c\u88ab\u7528\u4f86\u5728\u76ee\u6a19\u7cfb\u7d71\u5167\u53d6\u5f97\u7acb\u8db3\u9ede\u3002\u8da8\u52e2\u79d1\u6280\u7684\u7814\u7a76\u4eba\u54e1\u9084\u767c\u73fe<\/a>\u4e86\u985e\u4f3cMirai\u7684\u6d3b\u52d5\uff0c\u6703\u53bb\u6383\u63cf\u6709\u6f0f\u6d1e\u7684\u7269\u806f\u7db2<\/a>\uff08IoT\uff09\u8a2d\u5099\uff0c\u5982\u8def\u7531\u5668\u3001\u7db2\u8def\u651d\u5f71\u6a5f\u548c\u6578\u4f4d\u9304\u5f71\u6a5f\uff08DVR\uff09\u3002\u63a5\u8457\u5229\u7528\u9810\u8a2d\u5bc6\u78bc\u4f86\u52a0\u4ee5\u52ab\u6301\u3002<\/p>\n

\u9451\u65bc\u865b\u64ec\u8ca8\u5e63\u6316\u7926\u7684\u71b1\u9580\uff0c\u60e1\u610f\u4efd\u5b50\u52a0\u5165\u6b64\u884c\u5217\u4e26\u4e0d\u5947\u602a\u3002\u50cf\u662f\u6211\u5011\u53ef\u4ee5\u770b\u5230<\/a>\u4e00\u500b\u99ed\u5ba2\u7d44\u7e54\u515c\u552e\u91dd\u5c0d\u7269\u806f\u7db2\u88dd\u7f6e\u7684\u9580\u7f85\u5e63\u6316\u7926\u75c5\u6bd2\u3002\u9084\u53ef\u4ee5\u4fee\u6539\u5730\u5740\/\u9322\u5305\u66ff\u63db\u6210\u653b\u64ca\u8005\u7684\u4f86\u7aca\u53d6\u53d7\u5bb3\u8005\u7684\u865b\u64ec\u8ca8\u5e63<\/a>\u3002<\/p>\n

[InfoSec<\/strong>\u6307\u5357\uff1a\u89e3\u6c7a\u6316\u7926\u52ab\u6301\u6240\u7528\u7684\u7db2\u9801\u6ce8\u5165<\/a>]<\/strong><\/p>\n

 <\/p>\n

\u5982\u4f55\u963b\u6b62\u9019\u985e\u5a01\u8105\uff1f<\/strong><\/p>\n

\u4e0d\u5b89\u5168\u7684\u8def\u7531\u5668\u53ef\u80fd\u6703\u8b93\u5a01\u8105\u9577\u9a45\u76f4\u5165\uff0c\u52ab\u6301\u96fb\u8166\u4f86\u5354\u52a9\u7db2\u8def\u72af\u7f6a\uff0c\u8b93\u500b\u4eba\u548c\u95dc\u9375\u8cc7\u6599\u88ab\u7aca\u6216\u662f\u8b8a\u52d5\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u5efa\u8b70\u7684\u6700\u4f73\u4f5c\u6cd5<\/a>\uff1a<\/p>\n