{"id":7097,"date":"2014-01-15T16:05:31","date_gmt":"2014-01-15T08:05:31","guid":{"rendered":"https:\/\/blog.trendmicro.com.tw\/?p=7097"},"modified":"2014-01-15T16:05:31","modified_gmt":"2014-01-15T08:05:31","slug":"%e5%81%bd%e8%a3%9d%e7%9b%9c%e7%89%88%e8%bb%9f%e9%ab%94%e7%9a%84zeroaccess%e6%ae%ad%e5%b1%8d%e7%b6%b2%e8%b7%af%e5%89%b7%e9%99%a4%e8%a1%8c%e5%8b%95%e5%be%8c%e7%ba%8c%e5%bd%b1%e9%9f%bf","status":"publish","type":"post","link":"https:\/\/blog.trendmicro.com.tw\/?p=7097","title":{"rendered":"\u507d\u88dd\u76dc\u7248\u8edf\u9ad4\u7684ZeroAccess\u6bad\u5c4d\u7db2\u8def\u5277\u9664\u884c\u52d5,\u5f8c\u7e8c\u5f71\u97ff"},"content":{"rendered":"

\u5728\u53bb\u5e74\u5341\u4e8c\u6708\uff0c\u5fae\u8edf\u548c\u67d0\u4e9b\u57f7\u6cd5\u55ae\u4f4d\u5408\u4f5c\uff0c\u5ba3\u5e03\u5277\u9664<\/a>\u4e86ZeroAccess\u7684\u904b\u4f5c\u3002\u7136\u800c\uff0c\u9019\u4e5f\u610f\u5916\u5730\u5f71\u97ff\u5230\u53e6\u4e00\u500b\u8457\u540d\u7684\u6bad\u5c4d\u7db2\u8def\/\u5080\u5121\u7db2\u8def Botnet<\/a> \u2013 TDSS\u3002<\/p>\n

\"hacker<\/a><\/p>\n

\u00a0TDSS<\/i>\u548cZeroAccess<\/i><\/strong><\/p>\n

ZeroAccess<\/a>\u662f\u4e16\u4e0a\u6700\u8457\u540d\u7684\u6bad\u5c4d\u7db2\u8def\/\u5080\u5121\u7db2\u8def Botnet<\/a>\u4e4b\u4e00\uff0c\u5176\u60e1\u610f\u8edf\u9ad4\u4ee5Rootkit\u80fd\u529b\u805e\u540d\u3002\u5b83\u901a\u5e38\u6703\u507d\u88dd\u6210\u76dc\u7248\u8edf\u9ad4<\/a>\uff0c\u900f\u904e\u9ede\u5c0d\u9ede\u7db2\u8def\uff08P2P\uff09\u4f86\u4e0b\u8f09\u3002\u540c\u6a23\u5730\uff0cTDSS<\/a>\u4e5f\u662f\u4ee5\u5229\u7528Rootkit\u6280\u8853\u4f86\u9583\u8eb2\u5075\u6e2c\u800c\u8457\u7a31\uff0c\u4e26\u4e14\u6703\u6563\u64ad\u5176\u4ed6\u60e1\u610f\u8edf\u9ad4\uff0c\u5982\u5047\u9632\u6bd2\u8edf\u9ad4<\/a>\u548cDNS\u8b8a\u66f4\u6728\u99ac<\/a>\u3002\u9019\u5169\u7a2e\u6bad\u5c4d\u7db2\u8def\u90fd\u548c\u9ede\u64ca\u8a50\u9a19( clickjack\uff09<\/a>\u6709\u95dc<\/p>\n

\u5728\u8da8\u52e2\u79d1\u6280<\/a>\u4e4b\u524d\u7684\u6587\u7ae0<\/a>\u88e1\uff0c\u6211\u5011\u63d0\u5230\u7279\u5b9a\u7684ZeroAccess\u8b8a\u7a2e\u5982\u4f55\u5c0e\u5411\u5230\u548cTDSS\u76f8\u95dc\u7684\u7db2\u5740\uff0c\u986f\u793a\u51fa\u9019\u5169\u500b\u6bad\u5c4d\u7db2\u8def\u5171\u4eab\u4e86\u90e8\u5206\u7684\u547d\u4ee4\u8207\u63a7\u5236\uff08C\uff06C\uff09\u57fa\u790e\u8a2d\u65bd\u3002\u7531\u65bc\u6211\u5011\u5728\u76e3\u63a7\u5169\u500b\u6bad\u5c4d\u7db2\u8def\u4e4b\u9593\u7684\u9023\u7d50\uff0c\u56e0\u6b64\u767c\u73feZeroAccess\u5ba2\u6236\u611f\u67d3\u548c\u901a\u8a0a\u6578\u91cf\u5728\u5277\u9664\u884c\u52d5\u5f8c\u7684\u7b2c\u4e8c\u5929\u6709\u986f\u8457\u5730\u4e0b\u964d\u3002\u5728\u9019\u4e9b\u611f\u67d3ZeroAccess\u7684\u7cfb\u7d71\u88e1\uff0c\u53ea\u67092.8\uff05\u5617\u8a66\uff08\u4f46\u5931\u6557\u4e86\uff09\u8ddf\u5176C\uff06C\u4f3a\u670d\u5668\u9032\u884c\u901a\u8a0a\u3002<\/p>\n

\"\"<\/p>\n

 <\/p>\n

\u5716\u4e00\u30012013\u5e7411\u6708\u523012\u6708\u7684ZeroAccess\u6d3b\u52d5<\/i><\/p>\n

<\/p>\n

\u5728\u540c\u4e00\u6642\u671f\uff0c\u8da8\u52e2\u79d1\u6280<\/a>\u89c0\u5bdf\u5230TDSS\u7684\u9ede\u64ca\u8a50\u9a19\u904b\u4f5c\u4e5f\u53d7\u5230\u660e\u986f\u5730\u5f71\u97ff\u3002\u548c\u9ede\u64ca\u8a50\u9a19\u76f8\u95dc\u7684TDSS\u901a\u8a0a\u6b21\u6578\u572812\u67085\u65e5\u4e4b\u5f8c\u5e7e\u65e5\u4e0b\u964d\u4e86\uff0c\u4e5f\u5c31\u662f\u5fae\u8edf\u5ba3\u5e03\u5277\u9664ZeroAccess\u6bad\u5c4d\u7db2\u8def\/\u5080\u5121\u7db2\u8def Botnet<\/a>\u7684\u90a3\u5929\u3002\u7136\u800c\uff0c\u9019\u4e9b\u6d3b\u52d5\u5728\u5e74\u5e95\u7a81\u7136\u51fa\u73fe\u9ad8\u5cf0\uff0c\u986f\u793aTDSS\u7684\u9ede\u64ca\u8a50\u9a19\u6d3b\u52d5\u4ecd\u7136\u5728\u6d3b\u8e8d\u8457\uff0c\u5277\u9664\u884c\u52d5\u53ef\u80fd\u53ea\u9020\u6210\u66ab\u6642\u7684\u5f71\u97ff\u3002<\/p>\n

\"\"<\/p>\n

\u5716\u4e8c\u30012013\u5e7411\u6708\u523012\u6708\u7684TDSS\u9ede\u64ca\u8a50\u9a19\u6d3b\u52d5<\/i><\/p>\n

 <\/p>\n

\u7136\u800c\uff0cTDSS\u7684\u611f\u67d3\u548c\u901a\u8a0a\u6578\u91cf\u4e26\u6c92\u6709\u88ab\u5277\u9664\u884c\u52d5\u6240\u5f71\u97ff\uff0c\u8868\u793a\u5b83\u53ea\u6709\u9ede\u64ca\u8a50\u9a19( clickjack\uff09<\/a><\/b>\u65b9\u9762\u53d7\u5230\u5f71\u97ff\u3002<\/p>\n

 <\/p>\n

\"\"<\/p>\n

\u5716\u4e09\u30012013\u5e7411\u6708\u523012\u6708\u7684TDSS\u6d3b\u52d5<\/i><\/p>\n

 <\/p>\n

\u6bad\u5c4d\u7db2\u8def\u9023\u7d50<\/i><\/b><\/p>\n

TDSS\u9ede\u64ca\u8a50\u9a19\u904b\u4f5c\u7684\u986f\u8457\u4e0b\u964d\uff0c\u662f\u56e0\u70ba\u5b83\u548cZeroAccess\u672c\u8eab\u9ede\u64ca\u8a50\u9a19( clickjack\uff09<\/a><\/b><\/p>\n

\u6d3b\u52d5\u7684\u95dc\u9023\u3002\u6b63\u5982\u6211\u5011\u4e4b\u524d\u7684\u7814\u7a76<\/a>\u6240\u6307\u51fa\uff0c\u56e0\u70ba\u9019\u5169\u500b\u6bad\u5c4d\u7db2\u8def\u90fd\u9032\u884c\u9ede\u64ca\u8a50\u9a19( clickjack\uff09<\/a><\/b>\u6d3b\u52d5\uff0c\u5b83\u5011\u53ef\u80fd\u4e92\u76f8\u4ea4\u63db\u7db2\u5740\u5217\u8868\u4ee5\u7522\u751f\u66f4\u591a\u5229\u6f64\u3002\u8b49\u660e\u9019\u5169\u500b\u60e1\u540d\u9060\u64ad\u7684\u6bad\u5c4d\u7db2\u8def\u4e4b\u9593\u7684\u4ea4\u6613\u8b49\u64da\uff0c\u53ef\u4ee5\u5f9eZeroAccess\u6240\u4f7f\u7528\u7684\u91cd\u65b0\u5c0e\u5411\u7db2\u5740\u770b\u51fa\u3002<\/p>\n

\u7576\u958b\u59cb\u9ede\u64ca\u8a50\u9a19\u6d3b\u52d5\uff0c\u6211\u5011\u6ce8\u610f\u5230\u5e7e\u500bZeroAccess\u8b8a\u7a2e\u5c0e\u5411\u5230TDSS\u76f8\u95dc\u7684\u7db2\u5740\u3002\u9019\u4e9b\u91cd\u65b0\u5c0e\u5411\u6d3b\u52d5\u4e5f\u53cd\u904e\u4f86\u589e\u52a0\u4e86TDSS\u6240\u7522\u751f\u7684\u9ede\u64ca\u6578\uff0c\u4e5f\u56e0\u6b64\u5f9e\u4e2d\u7372\u53d6\u66f4\u591a\u5229\u6f64\u3002\u6211\u5011\u9084\u6ce8\u610f\u5230TDSS\u60e1\u610f\u8edf\u9ad4\uff0c\u7279\u5225\u662fDGAv14\u9019\u7248\u672c\u6703\u4f7f\u7528\u820aZeroAccess\u7684\u7db2\u57df\u751f\u6210\u6f14\u7b97\u6cd5\uff08DGA\uff09\u6a21\u7d44\uff0c\u800c\u65b0\u7684ZeroAccess\u8b8a\u7a2e\u4e5f\u63a1\u7528\u4e86DGAv14\u7684\u529f\u80fd\u3002<\/p>\n

\u96d6\u7136\u5277\u9664ZeroAccess\u5c0d\u65bcTDSS\u7684\u8cfa\u9322\u8a08\u5283\u9020\u6210\u7834\u58de\u6027\u7684\u5f71\u97ff\uff0c\u5b83\u7684\u611f\u67d3\u548c\u901a\u8a0a\u4ecd\u7136\u7167\u5e38\u904b\u4f5c\uff0c\u610f\u5473\u8457TDSS\u6bad\u5c4d\u7db2\u8def\u5f88\u53ef\u80fd\u5f9e\u5176\u4ed6\u6bad\u5c4d\u7db2\u8def\u4e2d\u7372\u5229\u3002<\/p>\n

\u8da8\u52e2\u79d1\u6280<\/a>\u53ef\u4ee5\u5075\u6e2cTDSS\u548cZeroAccess\u8b8a\u7a2e\uff0c\u4ee5\u53ca\u5c01\u9396\u76f8\u95dc\u7db2\u5740\u4f86\u9632\u8b77\u4f7f\u7528\u8005\u5c0d\u6297\u6b64\u5a01\u8105\u3002\u4f5c\u70ba\u984d\u5916\u7684\u9810\u9632\u63aa\u65bd\uff0c\u6211\u5011\u5efa\u8b70\u4f7f\u7528\u8005\u4e0d\u8981\u4e0b\u8f09\u4f86\u81ea\u672a\u7d93\u9a57\u8b49\u7db2\u7ad9\u548c\u9ede\u5c0d\u9ede\uff08P2P\uff09\u7db2\u8def\u7684\u6a94\u6848\uff0c\u90a3\u662fZeroAccess\u8b8a\u7a2e\u5df2\u77e5\u6703\u51fa\u73fe\u7684\u5730\u65b9\u3002<\/p>\n

\uff20\u539f\u6587\u51fa\u8655\uff1aZeroAccess Takedown and the TDSS Aftermath<\/a>\u4f5c\u8005\uff1aYuki Hsu\uff08\u8cc7\u6df1\u5de5\u7a0b\u5e2b\uff09<\/a><\/p>\n

 <\/p>\n

\"freeDownload_540x90\"<\/a><\/p>\n

PC-cillin 2014<\/a>\u96f2\u7aef\u7248\u8de8\u5e73\u53f0\u540c\u6642\u652f\u63f4Win\u3001Mac\u53caAndroid\u624b\u6a5f\u8207\u5e73\u677f,\u7acb\u5373\u4e0b\u8f09<\/a>\u8a66\u7528<\/p>\n

<\/h6>\n

\u25ce \u6b61\u8fce\u52a0\u5165\u8da8\u52e2\u79d1\u6280\u793e\u7fa4\u7db2\u7ad9
\n<\/strong> <\/strong>\"\"<\/a> \"\"<\/a> \"\"<\/a> \"\"<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

\u5728\u53bb\u5e74\u5341\u4e8c\u6708\uff0c\u5fae\u8edf\u548c\u67d0\u4e9b\u57f7\u6cd5\u55ae\u4f4d\u5408\u4f5c\uff0c\u5ba3\u5e03\u5277\u9664\u4e86ZeroAccess\u7684\u904b\u4f5c\u3002\u7136\u800c\uff0c\u9019\u4e5f\u610f\u5916\u5730\u5f71\u97ff\u5230\u53e6\u4e00\u500b\u8457\u540d\u7684 […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","_wpscppro_dont_share_socialmedia":false,"_wpscppro_custom_social_share_image":0,"_facebook_share_type":"","_twitter_share_type":"","_linkedin_share_type":"","_pinterest_share_type":"","_linkedin_share_type_page":"","_instagram_share_type":"","_medium_share_type":"","_threads_share_type":"","_google_business_share_type":"","_selected_social_profile":[],"_wpsp_enable_custom_social_template":false,"_wpsp_social_scheduling":{"enabled":false,"datetime":null,"platforms":[],"status":"template_only","dateOption":"today","timeOption":"now","customDays":"","customHours":"","customDate":"","customTime":"","schedulingType":"absolute"},"_wpsp_active_default_template":true},"categories":[11],"tags":[1345,1343,1342,2275,82,1341,1344],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/7097"}],"collection":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7097"}],"version-history":[{"count":0,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=\/wp\/v2\/posts\/7097\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7097"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7097"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.trendmicro.com.tw\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7097"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}