¥¨¥Õ¥»¥­¥å¥¢¥Ö¥í¥°

by¡§´ä°æ Çî¼ù

AutoItScript¢ªVBScript¤Ë¤è¤ë¸¡½Ð²óÈò¤È¤«

2013ǯ8·îº¢¤è¤ê¥Þ¥ë¥¦¥§¥¢³«È¯¼Ô¤é¤Î¥³¥ß¥å¥Ë¥Æ¥£Æâ¤Ç¥Þ¥ë¥¦¥§¥¢¤òVBScript¤ØÊÑ´¹¤ò°ÍÍꤹ¤ë¤Ê¤É¤Î¥¹¥ì¥Ã¥É¤ò¸«¤«¤±¤ë¤è¤¦¤Ë¤Ê¤ê¤Þ¤·¤¿¡£
²¼¿Þ¤Ï°ìÎã¤Ç¡¢°¿¤ëRAT¡ÊRemote Administration Tool¡Ë¤òVBScript¤ØÊÑ´¹¤·¤ÆÍߤ·¤¤¡¢¤È¤¤¤Ã¤¿°ÍÍê¤Î¤â¤Î¤Ç¤¹¡£

convert request

´û¸¤Î¥Þ¥ë¥¦¥§¥¢¤ò¤ï¤¶¤ï¤¶Â¾¤Î³«È¯¸À¸ì¤Çºî¤êľ¤¹¼ç¤ÊÍýͳ¤È¤·¤Æ¡¢
¡¡¡¡¡¦°ì»þŪ¤Ê¥»¥­¥å¥ê¥Æ¥£Âкö¥Ä¡¼¥ë¤Î²óÈò
¡¡¡¡¡¦VBScript¤Ê¤É¤Î¥¹¥¯¥ê¥×¥È¸À¸ì¤Ç¤Ï¥¨¥ó¥³¡¼¥É½èÍý¤¬ÍÆ°×
¡¡¡¡¡¦¥¹¥¯¥ê¥×¥È¸À¸ì¤Ø¤ÎÊÑ´¹¡¢¸ø³«¤Ë¤è¤êÊ̤γ«È¯¼Ô¤¬Åо줷¡¢µ¡Ç½Ì̤ʤɤǵ¡Ç½¸þ¾å¤¬´üÂÔ
¤Ê¤É¤¬µó¤²¤é¤ì¤Þ¤¹¡£
¤¤¤º¤ì¤Ë¤»¤è¡¢¥Þ¥ë¥¦¥§¥¢³«È¯¼Ô¦¤Ë¤³¤Î¤è¤¦¤ÊÆ°¤­¤¬¤¢¤ë¤È¤¤¤¦¤³¤È¤Ï¡¢¼¡¤Î¥µ¥¤¥Ð¡¼¹¶·â¤Îή¤ì¤È¤·¤ÆÍ»Ä̤¬¤­¤­°×¤¤¥¹¥¯¥ê¥×¥È¸À¸ì¥Ù¡¼¥¹¤Î¥Þ¥ë¥¦¥§¥¢¤Î¶¼°Ò¤¬ÁýÂ礹¤ë¤Èͽ¬¤Ç¤­¤½¤¦¤Ç¤¹¡£
¤Á¤Ê¤ß¤Ë¡¢¸½ºß¤Á¤é¤Û¤é³Îǧ¤·¤Æ¤¤¤ë¤Î¤ÏZeuS¤Î°¡¼ï¤Ç¤âÍøÍѤµ¤ì¤Æ¤¤¤ë¤È¤µ¤ì¤ëAutoItScript¤«¤éVBScript¤Ø¤ÎÊÑ´¹¤Ç¤¹¡£
¡Ê¤³¤ÎAutoItScript¤Ç³«È¯¤µ¤ì¤¿¥Þ¥ë¥¦¥§¥¢¤ÎÁý²Ã¤Ë´Ø¤·¤Æ¥È¥ì¥ó¥É¥Þ¥¤¥¯¥í¼Ò¤Î¥Ö¥í¥°¤ÇÊó¹ð¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¡Ë
¡ôZeuS¼«¿È¤ÎÊÑ´¹¤Ï¸«¤¿»ö¤¢¤ê¤Þ¤»¤ó¤¬¡¢¥½¡¼¥¹¥³¡¼¥É¤¬Î®½Ð¤·¤Æ¤¤¤ë¤³¤È¤ò¹Í¤¨¤ë¤ÈÍ­¤êÆÀ¤ë¤«¤â¡©
·¹¸þ¤«¤é¤·¤Þ¤¹¤È¡¢VBScript¤ÎÍøÍѤ¬ÌÜΩ¤Ã¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢¤½¤¦¤¤¤Ã¤¿°ÕÌ£¤Ç¤ÏÂбþºö¤ò¹Í¤¨»Ï¤á¤¿Êý¤¬Îɤ¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£
²¼¤Îµ­»ö¤Ë¼ç¤ÊÂбþºö¤¬µ­ºÜ¤µ¤ì¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢»²¹Í¤Ë¤·¤Æ¤ß¤Æ¤ÏÇ¡²¿¤Ç¤·¤ç¤¦¤«¡£

VBScript Malware Demo using FileSystemObject


AutoItScript¤Ç³«È¯¤µ¤ì¤¿¥Þ¥ë¥¦¥§¥¢¤Ë¤Ä¤¤¤Æ
Ê䭤ǡ¢¾å½Ò¤ÎAutoItScript¤Ë¤Ä¤¤¤Æ¿¨¤ì¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£
AutoItScript¤ÏAutoIt¤¬¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤¿´Ä¶­²¼¤Ç¤Ê¤±¤ì¤ÐÆ°ºî¤·¤Þ¤»¤ó¡£¤½¤³¤Ç¡¢AutoIt¤Ë¤è¤ê
¥¹¥¯¥ê¥×¥È¤ò¥³¥ó¥Ñ¥¤¥ë¤·¤Þ¤¹¤ÈUPX¤Ë¤è¤ê¥Ñ¥Ã¥¯¤µ¤ìEXE¥Õ¥¡¥¤¥ë¤È¤·¤Æ½ÐÎϤ¹¤ë¤³¤È¤¬¤Ç¤­¤Þ¤¹¡£
⤷¡¢¥³¥ó¥Ñ¥¤¥ë¤·¤¿·ë²Ì¤Ï¡¢
¡¡¡¡¡¦UPX¤ÎÍøÍÑ¤Ï¥×¥í¥°¥é¥à¤ÎÁ±°­¤Ë´Ø·¸Ìµ¤¯¡¢°ìÉô¤Î¥»¥­¥å¥ê¥Æ¥£Âкö¥Ä¡¼¥ë¤Ë¸¡½Ð¤µ¤ì¤Æ¤·¤Þ¤¦
¡¡¡¡¡¦EXE¥Õ¥¡¥¤¥ë¤Ï¥µ¥ó¥É¥Ü¥Ã¥¯¥¹·¿¤Î¥»¥­¥å¥ê¥Æ¥£Âкö¥Ä¡¼¥ë¤Ç¸¡½Ð¤µ¤ì¤Æ¤·¤Þ¤¦²ÄǽÀ­¤¬¤¢¤ë
¡¡¡¡¡¦AutoIt¤ÇºîÀ®¤·¤¿¤³¤È¤Ï¤¹¤°¤Ëʬ¤«¤Ã¤Æ¤·¤Þ¤¦
¤Ê¤É¤ÎÍýͳ¤Ë¤è¤ê¥»¥­¥å¥ê¥Æ¥£Âкö¥Ä¡¼¥ë¤Ë½èÍý¤µ¤ì¤Æ¤·¤Þ¤¦²ÄǽÀ­¤¬¹â¤Þ¤ê¤Þ¤¹¡£
¤½¤³¤Ç¡¢¹¶·â¼Ô¤é¤Ï»î¹Ôºø¸í¤·¤¿·ë²Ì¡¢²ò·èºö¤Î¤Ò¤È¤Ä¤È¤·¤Æ¥½¡¼¥¹¥³¡¼¥É¤ÎÊÑ´¹¤ò¹Í¤¨¤¿¤È¿ä¬¤µ¤ì¤Þ¤¹
¡£
»²¹Í¤Þ¤Ç¤ËÊÑ´¹Á°¤È¸å¤Ï²¼¤Î¥µ¥ó¥×¥ë¤Î¤è¤¦¤ÊÆâÍƤȤʤê¤Þ¤¹¡£¡Ê¥¤¥á¡¼¥¸¤À¤±¡¦¡¦¡¦¡Ë
¥µ¥ó¥×¥ë£±¡§AutoItScript
FUNC __IS_SPREADING ()


LOCAL $W_KEY = STRINGSPLIT (@SCRIPT,".")
$SPREADING = REGREAD ("HKEY_LOCAL_MACHINE\SOFTWARE\" & $W_KEY[1],"")
IF  $SPREADING = "" THEN
     $SPREADING = "FALSE"
     IF  STRINGUPPER (STRINGMID (@FULLPATH,2)) = STRINGUPPER (":\" & @SCRIPT) THEN $SPREADING = "TRUE"
     REGWRITE ("HKEY_LOCAL_MACHINE\SOFTWARE\" & $W_KEY[1],"","REG_SZ",$SPREADING)
ENDIF
ENDFUNC
¥µ¥ó¥×¥ë£²¡§VBScript
spreading = shellobj.regread ("HKEY_LOCAL_MACHINE\software\" & split (install,".")(0) & "\")
if spreading = "" then
   if lcase ( mid(wscript.scriptfullname,2)) = ":\" &  lcase(install) then
      spreading = "true - " & date
      shellobj.regwrite "HKEY_LOCAL_MACHINE\software\" & split (install,".")(0)  & "\",  spreading, "REG_SZ"
   else
      usbspreading = "false - " & date
      shellobj.regwrite "HKEY_LOCAL_MACHINE\software\" & split (install,".")(0)  & "\",  spreading, "REG_SZ"

   end if
end If  

¼ÂºÝ¤Ï¥µ¥ó¥×¥ë£²¤«¤é¤µ¤é¤Ë¥¨¥ó¥³¡¼¥É¤µ¤ì¤Þ¤¹¤Î¤Ç¡¢²ÄÆÉÀ­¤Î¤¢¤ë¤³¤È¤ÏËؤɤ¢¤ê¤Þ¤»¤ó¡£°Õ¼±¤»¤º¤Ë¤ß¤ë¤È¡¢
Ê£¿ô¤Î¥Þ¥ë¥¦¥§¥¢¤¬Â¸ºß¤¹¤ë¤è¤¦¤Ë¸«¤¨¤Þ¤¹¡£¤³¤³¤Þ¤Ç¤Î¥¤¥á¡¼¥¸¤È¤·¤Æ¤Ï¡¢¼¡¤Î¤è¤¦¤Ë¤Ê¤ê¤Þ¤¹¡£¸µ¤Ï¤Ò¤È¤Ä¤Î¸¡ÂΤʤΤǤ¹¤¬¡¢¼«Í³Å٤ι⤤¡Ê¡©¡Ë¸À¸ì¤ËÊÑ´¹¤¹¤ë¤³¤È¤Ç·ÁÂΤòÊѲ½¤µ¤»À¸Â¸Î¨¤ò¹â¤á¤Æ¤¤¤ë¤ï¤±¤Ç¤¹¡£

autoit

ºÇ½ªÅª¤Ë¥¨¥ó¥³¡¼¥É¤ä°Å¹æ½èÍý¤òÍѤ¤¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢¸¡ÂΤ½¤Î¤â¤Î¤òÈï³²PC¾å¤è¤ê¥Ô¥ó¥Ý¥¤¥ó¥È¤Çȯ¸«¤¹¤ë¤³¤È¤Ï¤Ê¤«¤Ê¤«¹ü¤¬Àޤ줽¤¦¤Ç¤¹¡£¤Þ¤¿¡¢
»Ã¤¯¤Ï¥µ¥¤¥Ð¡¼¹¶·â¼êË¡¤ËÊѲ½¤¬µ¯¤³¤ë¤È¤¤¤¦¤è¤ê¤Ï¡¢¤³¤Î¤è¤¦¤Ê²óÈò¼êË¡¤È¤Î¤¤¤¿¤Á¤´¤Ã¤³¤¬Â³¤¯¤È¹Í¤¨¤Æ¤¤¤Þ¤¹¡£¤³¤Î¤è¤¦¤Ê¾õ¶·¤òƧ¤Þ¤¨¤Þ¤¹¤È¡¢ÍøÍÑÉÑÅÙ¤¬Ä㤤¥¹¥¯¥ê¥×¥È¤Ê¤É¤Ïͽ¤áÆ°ºîÀ©¸Â¤ò¤·¤Æ¤ª¤­¡¢¶¼°Ò¥ì¥Ù¥ë¤ò·Ú¸º¤·¤Æ¤ª¤¤¤¿Êý¤¬°Â¿´¤«¤â¤·¤ì¤Þ¤»¤ó¡£

 

UNRECOM¤Ïº£¸å¤ÎRAT¤Î¼çή¤Ë¤Ê¤ì¤ë¤«

2013ǯ¤â12·î¤È¤Ê¤ê¡¢º£Ç¯¤â»Ä¤ê¶Ï¤«¤È¤Ê¤ê¤Þ¤·¤¿¡£¤½¤ó¤ÊÃæ¡¢Java RAT¤Î¤Ò¤È¤Ä¤Ç¤¢¤ëAdwind RAT¤¬Unrecom Soft¡ÊUNiversal REmote COntrol Multi-Platform¡Ë¤ËÇã¼ý¤µ¤ì¡¢¿·¤¿¤ÊŸ³«¤ò¤ß¤»¤è¤¦¤È¤·¤Æ¤¤¤Þ¤¹¡£
Adwind¤Ï¡¢Android RAT¤Î£±¤Ä¤Ç¤¢¤ëAndroRat¡Êή½Ð¤·¤¿¥½¡¼¥¹¥³¡¼¥É¤È¿ä¬¡Ë¤ò¥Ù¡¼¥¹¤È¤·¤¿Android¤Î±ó³ÖÁàºîµ¡Ç½¤òÄɲä·¡¢¥¯¥í¥¹¡¦¥×¥é¥Ã¥È¥Õ¥©¡¼¥à¡ÊWindows¡¢MacOS¡¢Linux¡¢Android¡Ë¤ÎÅý¹ç´ÉÍý¤ò¤¤¤ÁÁ᤯¼Â¸½¤·¤¿¤³¤È¤ÇÃΤé¤ì¤Æ¤¤¤Þ¤¹¡£
¤³¤Î¤³¤È¤Ï¾¤ÎRAT³«È¯¼Ô¤é¤Ë¤â±Æ¶Á¤òÍ¿¤¨¤¿¤È¤â¹Í¤¨¤é¤ì¡¢º£¸å¤Î¥È¥ì¥ó¥É¤òÀꤦ°ÕÌ£¤Ç¤âÃíÌܤÎRAT¤Ç¤¢¤Ã¤¿¤È»×¤¤¤Þ¤¹¡£

unrecom

¤³¤Î¤è¤¦¤ËPC¤È¥¹¥Þ¡¼¥È¥Õ¥©¥ó¤¬¹¶·â¼Ô¤Ë¤è¤êÅý¹ç´ÉÍý¤µ¤ì»Ï¤á¤Þ¤¹¤È¡¢¤½¤ì¤é¤ò·Ò¤°¥ª¥ó¥é¥¤¥ó¡¦¥¹¥È¥ì¡¼¥¸¤Ê¤É¤âɸŪ¤È¤Ê¤ë²ÄǽÀ­¤â½Ð¤Æ¤¯¤ë¤Î¤Ç¤Ï¡©¤È´ª¤°¤ê¤¿¤¯¤Ê¤ê¤Þ¤¹¤Í¡£
¤É¤ÎÄøÅ٤μ¸½À­¤¬¤¢¤ë¤«Ê¬¤«¤ê¤Þ¤»¤ó¤¬¡¢¥ê¥¹¥¯¤ÎÂоÝÈϰϤϽù¡¹¤Ë³ÈÂ礷»Ï¤á¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£
¢¨Adwind¤Ï2013ǯ11·î20Æü°Ê¹ß¤ÏÍøÍѤǤ­¤Ê¤¯¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£

¥¢¥Ê¥¦¥ó¥¹

¤µ¤Æ¡¢Unrecom¤Îµ¡Ç½Ì̤Ǥ¹¤¬¡¢¸½ºß¤Î¤È¤³¤í¤Û¤ÜAdwind v3.0¤ÈƱÍͤǤ¹¡£Adwind¤ÎÆÃħ¤Ç¤â¤¢¤ëPlugin¤ò°ìÄ̤ê°ú¤­·Ñ¤¤¤Ç¤¤¤Þ¤¹¡£±ó³ÖÁàºî¤ò¤¹¤ëºÝ¤Ë¡¢¤¢¤ë¤ÈÊØÍø¤Ê¤â¤Î¤Ï°ìÄ̤귤äƤ¤¤ë¤è¤¦¤Ç¤¹¡£º£¸å¤É¤Î¤è¤¦¤Êµ¡Ç½¤¬Äɲ䵤ì¤ë¤Î¤«¤¬¶½Ì£¿¼¤¤¤È¤³¤í¤Ç¤¹¡£ÃíÌܤÏAndroid¸þ¤±¤ÎPlugin¤ò¤É¤ÎÄøÅÙ½¼¼Â¤µ¤»¤Æ¤¯¤ë¤«¡¢¤Ç¤·¤ç¤¦¤«¡£
¤Á¤Ê¤ß¤Ë¡¢²¼¿Þ¤Ë¤¢¤ëFunny¤Î¤è¤¦¤Ê¤ªÍ·¤ÓŪ¤Ê¤â¤Î¤â¤¢¤ê¤Þ¤¹¡£ÍøÍѲÁ³Ê¤Ï$10¡£

Funny:
It this a simple funny option for move the mouse of remote pc and push aleatori keys


plugins



¾°¡¢¸½ºß¤Î¤È¤³¤í¸¡½Ð¾õ¶·¤Ï˧¤·¤¯¤¢¤ê¤Þ¤»¤ó¡£¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥½¥Õ¥È¤Ç¤Î¸¡½Ð·ë²Ì¤Ï¥Þ¥Á¥Þ¥Á¤Ê¾õ¶·¤Ç¤¹¡£¡£
⤷¡¢¼¡¤Î¤è¤¦¤ËSnort¤Î¥·¥°¥Í¥Á¥ã¤â¸ø³«¤µ¤ì¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢IDS/IPSÅù¤Ë¤è¤ë¸¡½Ð¤â²Äǽ¤Ç¤¹¤Î¤Ç¡¢Èï³²¤Ë¤¤¤ÁÁ᤯µ¤ÉÕ¤¯¤³¤È¤Ï½ÐÍ褽¤¦¤Ç¤¹¡£¡Ê¾¯¤Ê¤¯¤È¤âUnrecom¤Î»ÅÍͤËÊѹ¹¤¬¤Ê¤±¤ì¤Ð¡¢¤Ç¤¹¡£¡Ë

alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "[CrowdStrike] -RECOMM/Adwind Default Password Auth"; \flow: to_server, established; \
content: "|00||28|e3a8809017dd76bd26557a5b923ab2ae16c0cdb3"; \
sid: 1981310201; rev: 20131115)


alert tcp $HOME_NET any -> $EXTERNAL_NET any (msg: "[CrowdStrike] -RECOMM/Adwind Ping/Pong"; \
flow: to_server, established; dsize: 1024; \
content: "|00 00 53 09 58 58 58 58|"; depth: 16; \
content: "|58 58 58 58 58 58 58 58 58 58 58 58 58 58 58 58|"; offset: 1008; \
sid: 1981310202; rev: 20131115)

¡¡¡¡¡¡¡¡»²¾ÈURL¡§
¡¡¡¡¡¡¡¡http://www.crowdstrike.com/blog/adwind-rat-rebranding/index.html


Java RAT¤Ï°ÊÁ°¤è¤ê¸ºß¤·¤Þ¤·¤¿¤¬¡¢º£Ç¯6·îº¢¤è¤ê¼ÂÍѲ½¤µ¤ì¤Æ¤­¤Æ¤¤¤Þ¤¹¡£¸½ºß¤Î¤È¤³¤íÂ絬ÌϤʹ¶·â¾ðÊó¤Ïʹ¤¤¤Æ¤¤¤Þ¤»¤ó¤¬¡¢¥µ¥¤¥Ð¡¼ÈȺá¤ÎÀ¤³¦¤Ç¤Ï°ìÈÌŪ¤Ë¤Ê¤Ã¤Æ¤¯¤ë¤Î¤Ç¤Ï¤Ê¤¤¤Ç¤·¤ç¤¦¤«¡£
²¿¤Ï¤È¤â¤¢¤ì¡¢Íèǯ¤ÏJava RAT¤äAndroid RAT¤«¤éÌܤ¬Î¥¤»¤Þ¤»¤ó¡£


Äɵ­¡§
¡¡¡¡¡¡¤«¤Ê¤êÁƤ¤¤Ç¤¹¤¬¡¢yara signature¤Ç¤¹¡£
{
 strings:
  $Class = /opciones\/\w+\.class/
  $made = "desinstalador/MaDe.adwind"
  $gcon = "JTextPaneExample.class" nocase
  $plugin = "AdwindServer.class" nocase
 condition:
  any of ($Class) and ($made or $gcon) or $plugin
}

KINS¤Î¥½¡¼¥¹¥³¡¼¥Éή½Ð¤Ë¤ß¤ë¥µ¥¤¥Ð¡¼ÈȺáÂкö¤ÎÆñ¤·¤µ

¥ª¥ó¥é¥¤¥ó¥Ð¥ó¥­¥ó¥°º¾µ½¥Ä¡¼¥ë¤ÇÃΤé¤ì¤ë¡ÖKINS¡×¤Î¥½¡¼¥¹¥³¡¼¥É¤¬¡¢¿ë¤Ë¥¢¥ó¥À¡¼¥°¥é¥¦¥ó¥É·Ï¥Õ¥©¡¼¥é¥à¤Ëή½Ð¤·¤Æ¤¤¤ë¤Î¤¬³Îǧ¤µ¤ì¤Þ¤·¤¿¡£¤³¤ì¤Ë¤è¤ê¡¢¥ª¥ó¥é¥¤¥ó¥Ð¥ó¥­¥ó¥°¤ÎÍøÍѼԤòÁÀ¤Ã¤¿¥µ¥¤¥Ð¡¼ÈȺá¤Ï¤µ¤é¤ËÊ£»¨²½¤·¤Æ¤¤¤¯¤³¤È¤¬Í½ÁÛ¤µ¤ì¤Þ¤¹¡£

KINS¤È¤Ïº£Ç¯7·îº¢¤ËÊó¹ð¤µ¤ì¡¢¼¡Âå¤ÎZeuS¤äSpyEye¤È¸Æ¤Ð¤ì¤ëÉÔÀµ¥×¥í¥°¥é¥à¤Î£±¤Ä¤Ç¤¹¡£

9·îËö¤ËKINS¤Î¾ÜºÙ¾ðÊó¤¬Êó¹ð¤µ¤ì¤Þ¤·¤¿¡£10·î10Æüº¢¤è¤ê¥»¥­¥å¥ê¥Æ¥£ÀìÌç²È¤è¤ê°ìÉô¤ÎÁܺºµ¡´Ø¡¢¤ª¤è¤Ó¥»¥­¥å¥ê¥Æ¥£¥Ù¥ó¥À¡¼Åù¤ËKINS¥½¡¼¥¹¥³¡¼¥É¤¬ÇÛÉÛ¤µ¤ì»Ï¤á¡¢¤è¤¦¤ä¤¯Âкö¤¬¼è¤é¤ì»Ï¤á¤¿¤È¤³¤í¤Ç¤·¤¿¡£
¡ô¥½¡¼¥¹¥³¡¼¥É¤ÎÆþ¼ê¤ÎºÝ¤Ë¤Ï½ê°ÁÈ¿¥¡¢»á̾¡¢¿¦°ÌÅù¤Î¾ðÊó¤¬É¬Íס£

»²¹Í
http://touchmymalware.blogspot.ru/2013/10/kins-source-code-leaked.html
http://www.xylibox.com/2013/09/having-look-on-kins-toolkit.html
http://pastebin.com/T1A80ZYF
https://blogs.rsa.com/is-cybercrime-ready-to-crown-a-new-kins-inth3wild/


KINS source code

¤È¤³¤í¤¬¡¢Àè½µ¤³¤ÎÇÛÉÛ¤µ¤ì¤¿¥½¡¼¥¹¥³¡¼¥É¤Ï¤¢¤Ã¤µ¤ê¤Èή½Ð¤·¤¿¤³¤È¤¬³Îǧ¤µ¤ì¤Þ¤·¤¿¡£
KINS¤Î¥½¡¼¥¹¥³¡¼¥É¤Ï¡¢ÇÛÉۼԤξµÇ§¤òÆÀ¤¿¥»¥­¥å¥ê¥Æ¥£¥Ù¥ó¥À¡¼Åù¤È¤µ¤ì¤Æ¤¤¤ë¤À¤±¤ËÈó¾ï¤Ë»ÄÇ°¤Ê»ö¤Ç¤¹¡£
¡ô¥¤¥ó¥Æ¥ê¥¸¥§¥ó¥¹¤Î¶¦Í­¤¬Æñ¤·¤¤¤Î¤Ï¡¢¤³¤ÎÊÕ¤ê¤Ç¤·¤ç¤¦¤«¡£

leaked source code

»ÄÇ°¤Ê¤¬¤é¡¢KINS¤¬´°Á´¤Ë¸¡½Ð¤Ï¤Ç¤­¤Ê¤¤¾õÂ֤Ǥ¹¤¬¡¢¤«¤í¤¦¤¸¤Æµß¤¤¤Ê¤Î¤Ï¡¢KINS¼«ÂΤϰìÉô¤Î´ØÏ¢¥Õ¥¡¥¤¥ë¤«¤é¸«¤Æ¼è¤ì¤ë¤è¤¦¤Ë¡¢ZeuS¤¬¥Ù¡¼¥¹¤È¤Ê¤Ã¤Æ¤¤¤ë¤³¤È¤Ç¤·¤ç¤¦¤«¡£¤½¤Î¤¿¤á¡¢¼Â¹Ô»þ¤ËZBOT¤â¤·¤¯¤ÏSpyEye´ØÏ¢¤Î¥Õ¥¡¥¤¥ë¤È¤·¤Æ¸¡½Ð¤µ¤ì¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£Î㤨¤Ð¡¢¼¡¤Ë¼¨¤¹´ØÏ¢¥Õ¥¡¥¤¥ë¤Ï¤½¤Îŵ·¿¤Ç¤¹¡£

bot32.dll

»²¹ÍURL
https://www.virustotal.com/en/file/8c8055c9e972ab37d0880f2b8f63605be52babd779a29e78be3647194ef31aa2/analysis/

¤Þ¤¿¡¢Dropper¤Ë¸ÂÄꤵ¤ì¤Þ¤¹¤¬¡¢AlienVault-Labs¤«¤éYara¤Î¥ë¡¼¥ë¤¬Ä󶡤µ¤ì¤Æ¤¤¤Þ¤¹¡£
https://github.com/AlienVault-Labs/AlienVaultLabs/blob/master/malware_analysis/KINS/kins.yar
¥ª¥ê¥¸¥Ê¥ë¥ë¡¼¥ë¤¬ÄɲòÄǽ¤Ê¥»¥­¥å¥ê¥Æ¥£À½Éʤò½êÍ­¤·¤Æ¤¤¤ë¤Î¤Ç¤¢¤ì¤Ð¡¢¤³¤Î¥ë¡¼¥ë¤ò»²¾È¤·¤Æ¤ß¤ë¤Î¤âÎɤ¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£

ÌÞÏÀ¡¢ÁÈ¿¥¤È¤·¤Æ¤³¤ì¤é¤ÎÂкö¤ò¹Ö¤¸¤ë¤³¤È¤ÏÂç»ö¤Ç¤¹¤¬¡¢¤Þ¤º¤Ï¸Ä¡¹¤Î¸ýºÂ¤ÇÉÔÀµÁ÷¶âÅù¤¬Ìµ¤¤¤«¤Î³Îǧ¤ò¤¹¤ëÊý¤¬Àè·è¤Ç¤¹¡£


9.18¤Î¥µ¥¤¥Ð¡¼¹¶·â¤Ë´Ø¤·¤Æ¤ÎÊä­Ū¾ðÊó¡ÊÄɵ­¡Ë

¹±Îã¤Î918¥µ¥¤¥Ð¡¼¹¶·â¤Î»þ´ü¤¬¶á¤Å¤¤¤Æ¤¤¤Þ¤¹¤¬¡¢Âкö¤ÏËüÁ´¤Ç¤·¤ç¤¦¤«¡£
³µÍפϥ˥塼¥¹¤Ê¤É¤ÇÊóÆ»¤µ¤ì¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢ÆâÍƤϳ䰦¤µ¤»¤Æ夭¤Þ¤¹¡£

¤µ¤Æ¡¢ÊóÆ»¤Ë¤â¤¢¤ê¤Þ¤·¤¿¤è¤¦¤Ë9/18¤Ë¸þ¤±¡¢º£Ç¯¤â¹ÈµÒ¡Ê¤Û¤ó¤¯¡¼¡§Ãæ¹ñ¤Î¥Ï¥¯¥Æ¥£¥Ó¥º¥à¤Î¥°¥ë¡¼¥×¤ÎÁí¾Î¡Ë¤é¤è¤ê¹¶·â¤ÎɸŪ¥ê¥¹¥È¤¬¸øɽ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
¤·¤«¤·¡¢»ÄÇ°¤Ê¤¬¤éɬ¤º¤·¤â¤³¤ì¤é¤Î¥ê¥¹¥ÈÄ̤ê¤Ë¹¶·â¤¬¹Ô¤ï¤ì¤ë¤ï¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
°ìÉô¤Î¹¶·â¼Ô¤é¤ÏGoogle¤Ê¤É¤Î¸¡º÷¥¨¥ó¥¸¥ó¤òÍøÍѤ¹¤ë¤³¤È¤Ç¡¢É¸Åª¤ò¹Ê¤Ã¤Æ¤¤¤Þ¤¹¡£¤Ä¤Þ¤ê¡¢¹¶·â¼Ô¤é¤Î¸¡º÷·ë²Ì¤È¤·¤Æɽ¼¨¤µ¤ì¤¿¥¦¥§¥Ö¥µ¥¤¥È¤Ï¹¶·âÂоݤȤʤë²ÄǽÀ­¤¬¤¢¤ë¡¢¤È¤¤¤¦¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£
¤½¤¦¤¤¤Ã¤¿°ÕÌ£¤Ç¤Ï¡¢¥ê¥¹¥È¤Ëµ­ºÜ¤µ¤ì¤Æ¤¤¤Ê¤¤ÁÈ¿¥¤Ë¤ª¤¤¤Æ¤â·Ù²ü¤ò¤·¤Æ¤ª¤¯¤Ë±Û¤·¤¿¤³¤È¤Ï¤Ê¤¤¡¢¤È¸À¤¨¤Þ¤¹¡£

ɸŪ¥ê¥¹¥ÈÎã


¤Ç¤Ï¡¢¹¶·â¼Ô¤Ï¤É¤Î¤è¤¦¤Êʸ»úÎó¤ò¸¡º÷¤·¡¢É¸Åª¤ò¹Ê¤Ã¤Æ¤¤¤ë¤Î¤Ç¤·¤ç¤¦¤«¡£
Î㤨¤Ð¡¢¤¢¤ë¹ÈµÒ¤ÏSQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¤ÎɸŪ¤ò¹Ê¤ê¹þ¤à¤¿¤á¤Ë¡¢¼¡¤Î¤è¤¦¤Êʸ»úÎó¤òÍøÍѤ·¤Æ¤¤¤Þ¤¹¡£
site:.jp inurl:php?id= site:.jp inurl:asp?id=
·ë¹½¡¢Â绨ÇĤ˸¡º÷¤·¤Æ¤¤¤ë¤³¤È¤¬Ê¬¤«¤ê¤Þ¤¹¡£¤È¤ê¤¢¤¨¤º¡¢¥ê¥¹¥È²½¤·¤Æ¹¶·â¤·¤è¤¦¤È¤¤¤¦¤³¤È¤Ê¤Î¤Ç¤·¤ç¤¦¡£
¤³¤Î¤è¤¦¤Ê¸¡º÷ʸ»úÎó¤Ë´Ø¤·¤Æ¤Î¾ðÊó¤Ï¡¢9·î¤ËÆþ¤êÆüËܤؤι¶·â¤ò¼¨º¶¤¹¤ëÆâÍƤȶ¦¤ËÊ£¿ô³Îǧ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
¾¤Î¸¡º÷ʸ»úÎó¤È¤·¤Æ¼¡¤Î¤â¤Î¤¬¾Ò²ð¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¡Ê9/18¤Î¹¶·â¤ÈľÀÜ´ØÏ¢¤¹¤ë¤«¤Ïʬ¤«¤ê¤Þ¤»¤ó¤¬¡¢¡¢¡¢¡Ë

google hacks
¢¨¡Öinlitle:¡×¤Ï¡Öintitle:¡×¤Îtypo¤«¤È»×¤ï¤ì¤Þ¤¹¡£

¾¤Ë¤âÍÍ¡¹¤Ê¸¡º÷ʸ»úÎó¤Ë¤è¤ê¸¡º÷¤µ¤ì¤ë¤³¤È¤¬¿ä¬¤µ¤ì¡¢Â¿¤¯¤Î¥¦¥§¥Ö¥µ¥¤¥È¤¬¹¶·âÂоݤȤʤë²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£¤½¤¦¤¤¤Ã¤¿°ÕÌ£¤Ç¤Ï¡¢¤³¤ì¤é¤Î¸¡º÷·ë²Ì¤Ë¡¢¼«¿È¤Î¥¦¥§¥Ö¥µ¥¤¥È¾å¤ÎÀȼåÅÀ¤¬É½¼¨¤µ¤ì¤Æ¤¤¤Ê¤¤¤«¡¢¤Ê¤É»öÁ°¤Ë³Îǧ¤·¤Æ¤ª¤¯¤³¤È¤Ï¹¶·âÂоݤ«¤éƨ¤ì¤ëÅÀ¤Ç¤Ï¡¢Í­¸ú¤ÊÂбþºö¤Î£±¤Ä¤È¸À¤¨¤Þ¤¹¡£

¤Á¤Ê¤ß¤Ë¡¢¤³¤ì¤é¤Î¸¡º÷·ë²Ì¤Ë¤ÏWordpress¤Ê¤É¤ÎCMS¤Î¾ðÊó¤â´Þ¤Þ¤ì¤Æ¤¤¤Þ¤¹¡£¥á¥¸¥ã¡¼¤ÊCMS¤ÏÀȼåÀ­¤â¿¤¯Êó¹ð¤µ¤ì¤Æ¤¤¤ë¤³¤È¤«¤é¡¢É¸Åª¤È¤Ê¤ë²ÄǽÀ­¤¬¹â¤¤¤È¹Í¤¨¤é¤ì¤Þ¤¹¤¿¤á¡¢³Î¼Â¤ËÂкö¤ò¼Â»Ü¤·¤Æ¤¯¤À¤µ¤¤¡£
¢¨Wordpress¤äMovable Type¤Ë´Ø¤·¤Æ¤ÏIPA¤«¤é¤âÃí°Õ´­µ¯¤¬¤µ¤ì¤Æ¤¤¤Þ¤¹¤Î¤Ç»²¾È¤¯¤À¤µ¤¤¡£
http://www.ipa.go.jp/security/topics/alert20130913.html

¾°¡¢Google Hacking¤Ï¥­¥ã¥Ã¥·¥å¤«¤éÄ´ºº¤·¤Æ¤¤¤Þ¤¹¡£¤½¤Î¤¿¤á¡¢É¸Åª¤Î¹Ê¤ê¹þ¤ß¤ÎÃʳ¬¤Ç¥¦¥§¥Ö¥µ¡¼¥Ð¤ËÂФ·¤ÆÌÀ¤é¤«¤Ë¹¶·â¤ÈȽÃǤǤ­¤ëÄÌ¿®¤ÏȯÀ¸¤·¤Þ¤»¤ó¡£

¼ÂºÝ¤ËÆüËÜÁÈ¿¥¤òÁÀ¤Ã¤¿Â絬ÌϤʥµ¥¤¥Ð¡¼¹¶·â¤¬¤¢¤ë¤«¤Ïʬ¤«¤ê¤Þ¤»¤ó¡£¤·¤«¤·¡¢Ëèǯ¹±Îã¤Î¤³¤È¤Ç¤¹¤Î¤Ç¡¢ÈòÆñ·±Îý¤Î¤Ä¤â¤ê¤Ç¥¨¥¹¥«¥ì¡¼¥·¥ç¥ó¡¦¥Á¥§¥Ã¥¯¤Ê¤É¤ò¼Â»Ü¤·¤Æ¤âÎɤ¤¤«¤È»×¤¤¤Þ¤¹¡£
¸½ºß¤Î¤È¤³¤í¡¢DDoS¹¶·â¤ä¿¿ô¤Î¥¦¥§¥Ö¥µ¥¤¥È²þãâ¤Ê¤É¤ÎÌÜΩ¤Ã¤¿Æ°¤­¤¬Êó¹ð¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¤¬¡¢ÌÜΩ¤Ã¤¿¾ðÊó¤¬ÆÀ¤é¤ì¤Þ¤·¤¿¤é¿ï»þÄɵ­¤·¤Æ¤¤¤­¤¿¤¤¤È»×¤¤¤Þ¤¹¡£


¡ÚÄɵ­ 9/18¡Û
Ê£¿ô¤Î¥¦¥§¥Ö²þã⤬³Îǧ¤µ¤ì»Ï¤á¤Þ¤·¤¿¡£
¥¦¥§¥Ö¥µ¡¼¥Ð¤Î¥³¥ó¥Æ¥ó¥Ä¤ËÆüËܤòĩȯ¤¹¤ë¤è¤¦¤Ê¥Õ¥¡¥¤¥ë¤¬¤¢¤ê¤Þ¤·¤¿¤é¡¢¿¯Æþ¤µ¤ì¤Æ¤¤¤ë²ÄǽÀ­Âç¤Ç¤¹¡£
Î㤨¤Ð¡¢Fuck-JP.html ¤Ê¤É¤Ç¤¹¡£
Ç°¤Î¤¿¤á¡¢ÉÔ¿³¤Ê¥³¥ó¥Æ¥ó¥Ä¤¬Äɲ䵤ì¤Æ¤¤¤Ê¤¤¤«³Îǧ¤µ¤ì¤ë¤³¤È¤ò¿ä¾©¤·¤Þ¤¹¡£

1937CnTeam

¤Á¤Ê¤ß¤Ë¡¢µ­ºÜ¤µ¤ì¤Æ¤¤¤ëÆâÍƤÏËþ½£»öÊѤȤÏľÀÜ´Ø·¸¤Î¤¢¤ë¤â¤Î¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£


Android RAT¤Î¥ª¡¼¥×¥ó¥½¡¼¥¹²½¤Ç¹Ô¤­¤Ä¤¯Àè¤Ï¡¦¡¦¡¦


2011ǯ¤ËÃø̾¤ÊBot¤Ç¤¢¤ëZeuS¤Î¥½¡¼¥¹¥³¡¼¥É¤¬Î®½Ð¤·¤¿¤³¤È¤Ïµ­²±¤Ë¿·¤·¤¤¤Ç¤¹¡£¤½¤Î¸å¡¢Citadel¤äKINS¤Ê¤É¤ÎBot¤Î³«È¯¥³¥ß¥å¥Ë¥Æ¥£¤Ï³èÀ­²½¤·¡¢¥µ¥¤¥Ð¡¼ÈȺá¤Ë°­ÍѤµ¤ì¤ëÉÔÀµ¥×¥í¥°¥é¥à¤Ï¤è¤ê¹âÅÙ²½¤·¤¿¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£Ê»¤»¤Æ¡¢Malware as a Service¤Î»Ô¾ì¤â³ÈÂ礷¡¢¥µ¥¤¥Ð¡¼ÈȺáÈï³²¤ÎÁýÂç¤Ë³ê¼Ö¤ò³Ý¤±¤Þ¤·¤¿¡£¡Ê²¼¿Þ¤ÏCitadel Botnet Build Service¤ÎÎã¡Ë

citadel1

¤³¤Î¤è¤¦¤Ê¾õ¶·¤Ë¤Ê¤Ã¤¿Àڤóݤ±¤Ï¡¢Á°½Ò¤·¤¿¥½¡¼¥¹¥³¡¼¥É¤Îή½Ð¤¬Í×°ø¤Î£±¤Ä¤È¹Í¤¨¤é¤ì¤ë¤ï¤±¤Ç¤¹¤¬¡¢¤½¤ì¤¬°Õ¿ÞŪ¤Ç¤¢¤Ã¤¿¤«¤É¤¦¤«¤Ïʬ¤«¤ê¤Þ¤»¤ó¡£¤·¤«¤·¡¢·ë²Ì¤È¤·¤Æ¾ðÊ󤬥ª¡¼¥×¥ó¤Ë¤Ê¤Ã¤¿¤³¤È¤Ç¡¢¤½¤ì¤é¤Î»º¶È¡Ê¡©¡Ë¤ÏÈôÌöŪ¤Ë¿­¤Ó¤¿¤³¤È¤Ï´Ö°ã¤¤¤Ê¤µ¤½¤¦¤Ç¤¹¡£
¤Þ¤¿¡¢ºÇ½é¤«¤éÉÔÀµ¥×¥í¥°¥é¥à¤ò¥ª¡¼¥×¥ó¥½¡¼¥¹¤È¤·¤ÆÇÛÉÛ¤·¤¿¤ê¡¢API¤ò¸ø³«¤¹¤ë¤Ê¤É¤·¥³¥ß¥å¥Ë¥Æ¥£¤«¤é¥¢¥¤¥Ç¥¢¤òÊç¤ë¤³¤È¤Ç³«È¯ÎϤò¹â¤á¤Æ¤¤¤ëÎã¤â¾¯¤Ê¤¯¤¢¤ê¤Þ¤»¤ó¡£

¤³¤Îή¤ì¤ÏPC¤òÂоݤȤ·¤¿¥Þ¥ë¥¦¥§¥¢¤À¤±¤Ç¤Ê¤¯¡¢Android¤Ë¤ª¤¤¤Æ¤â´ö¤Ä¤«³Îǧ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
Î㤨¤Ð¡¢AndroRat¤Ê¤É¤Ï¤½¤Îŵ·¿¤Ç¤¹¡£¤³¤ÎRat¤Ï¥ª¡¼¥×¥ó¥½¡¼¥¹¤È¤·¤ÆÇÛÉÛ¤µ¤ì¤Æ¤ª¤ê¡¢°Æ¤ÎÄê¡¢¸ø³«¤ÈƱ»þ¤Ë°­ÍѤ¬³Îǧ¤µ¤ì¡¢ÈȺáÍøÍѤÎÁýÂ礬·üÇ°¤µ¤ì¤Æ¤¤¤Þ¤¹¡£¡Ê²¼¿Þ¤ÏAndroRat¤Î¥½¡¼¥¹¥³¡¼¥É¤Î°ìÉô¡Ë

androrat1

¤Þ¤¿¡¢º£¸åÄɲ䵤ì¤ë¤Ç¤¢¤í¤¦µ¡Ç½¤Ë¤Ä¤¤¤Æ¤âÃíÌܤµ¤ì¤Æ¤¤¤Þ¤¹¡£À褺¡¢AndroRat¤Îɸ½à¤Îµ¡Ç½¤Ë¤ª¤¤¤Æ¤Ï¡¢¼¡¤Î¤â¤Î¤¬¤¢¤ê¤Þ¤¹¡£
¡ô¾¤ÎRat¤Ç¤â³Îǧ¤Ç¤­¤ëɸ½àŪ¤Êµ¡Ç½¤òÍ­¤·¤Æ¤¤¤ë¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£
  • Get contacts (and all theirs informations)
  • Get call logs
  • Get all messages
  • Location by GPS/Network
  • Monitoring received messages in live
  • Monitoring phone state in live (call received, call sent, call missed..)
  • Take a picture from the camera
  • Stream sound from microphone (or other sources..)
  • Streaming video (for activity based client only)
  • Do a toast
  • Send a text message
  • Give call
  • Open an URL in the default browser
  • Do vibrate the phone
¤³¤ì¤ËÂФ·¡¢Â¾¤Î¥ª¡¼¥×¥ó¥½¡¼¥¹¤ÎAndroid Rat¤ÇÄɲä¬Í½Äꤵ¤ì¤Æ¤¤¤¿µ¡Ç½¤È¤·¤Æ¼¡¤Î¤è¤¦¤Ê¤â¤Î¤¬¤¢¤ê¤Þ¤¹¡£¤³¤ì¤é¤Î¥¢¥¤¥Ç¥¢¤¬AndroRat¤Ë¼è¤ê¹þ¤Þ¤ì¤ë¤«¤Ïʬ¤«¤ê¤Þ¤»¤ó¤¬¡¢¾¯¤Ê¤¯¤È¤â¤³¤¦¤¤¤Ã¤¿µ¡Ç½¤òÍ­¤¹¤ëRAT¤¬Åо줹¤ë²ÄǽÀ­¤Ï¤¢¤ë¡¢¤È¤Ï¸À¤¨¤½¤¦¤Ç¤¹¡£
¡ô¤Á¤Ê¤ß¤Ë¡¢¤³¤Î³«È¯¥×¥í¥¸¥§¥¯¥È¤Ï¸½ºß¥¹¥È¥Ã¥×¤·¤Æ¤¤¤Þ¤¹¡£
  • Facebook Poster
  • Twitter Poster
  • Password Stealer 
  • Screenshot look
  • Root All Android Devices! (With 30 Working official verizon/at&t/sprint/Phonebooth ROMS)
  • Look At cam
  • LOAD ALARM
  • Time Changer
  • Text Reader
  • File Manager
¤³¤ÎÃæ¤Ç¸Ä¿ÍŪ¤Ëµ¤¤Ë¤Ê¤Ã¤¿¤Î¤Ï¡¢¥Ñ¥¹¥ï¡¼¥É¡¦¥¹¥Æ¥£¡¼¥é¡¼¤ä¥¹¥¯¥ê¡¼¥ó¥·¥ç¥Ã¥È¤Î±ÜÍ÷¡¢¥ë¡¼¥È²½¤Ç¤·¤ç¤¦¤«¡£¸½ºß¡¢Android¤ò¤Ï¤¸¤á¤È¤·¤¿¥¹¥Þ¡¼¥È¥Ç¥Ð¥¤¥¹¤«¤é¡¢¶âÍ»µ¡´Ø¡Ê¶ä¹Ô¤ä¾Ú·ô²ñ¼Ò¤Ê¤É¡Ë¤ò´Þ¤áÍÍ¡¹¤Ê¼è°ú¤­¤¬²Äǽ¤Ç¤¹¡£¤³¤ÎÅÀ¤òƧ¤Þ¤¨¤Þ¤¹¤È¡¢¾å½Ò¤Îµ¡Ç½¤ÏÈó¾ï¤Ë¶¼°Ò¤Ç¤¹¡£
¤³¤ì¤é¤Î¥¢¥¤¥Ç¥¢¤¬Â¾¤ÎAndroid¥Þ¥ë¥¦¥§¥¢¤Ë¤É¤ÎÄøÅÙ¼è¤ê¹þ¤Þ¤ì¤ë¤«¤Ïʬ¤«¤ê¤Þ¤»¤ó¡£¤·¤«¤·¡¢Android¥Þ¥ë¥¦¥§¥¢¤Î¥½¡¼¥¹¥³¡¼¥É¤Î¸ø³«¤Ë¤è¤ê¡¢¤³¤Î¾¤Ë¤â¥µ¥¤¥Ð¡¼ÈȺá¤ÎÉßµï¤ò²¼¤²¤ë¤è¤¦¤Êµ¡Ç½¤¬¤¬¼¡¡¹¤ÈÅо줹¤ë¤Î¤Ï»þ´Ö¤ÎÌäÂ꤫¤â¤·¤ì¤Þ¤»¤ó¡£¡Ê¹Í¤¨²á¤®¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡£¡£¡£¡Ë
¤Á¤Ê¤ß¤Ë¡¢AndroRat¤Ï¥³¥ó¥Ñ¥¤¥ë¥µ¡¼¥Ó¥¹¤¬³Îǧ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£Android¥Þ¥ë¥¦¥§¥¢¤Ë´Ø¤·¤Æ¤â¶á¤¤¾­Íè¡¢ËܳÊŪ¤ÊMalware as a Service¤Ê¤É¤¬Ä󶡤µ¤ì¤ë¤è¤¦¤Ë¤Ê¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£




¿Íµ¤¤ÎJava Exploit¤Ë²þ¤á¤ÆÃí°Õ

¸½ºß¡¢UG¥Þ¡¼¥±¥Ã¥È¤Ç¤ÏJava¤ÎÀȼåÀ­¤Ë´ØÏ¢¤·¤¿¾¦Éʤ䥵¡¼¥Ó¥¹¤ËÃíÌܤ¬½¸¤Þ¤Ã¤Æ¤¤¤Þ¤¹¡£
²¼¿Þ¤Î¤è¤¦¤ËJava¤ÎÀȼåÀ­¤òɸŪ¤È¤·¤¿EaaS¡ÊExploit Pack as a Service¡Ë¤¬Ä󶡤µ¤ì¤ë¤Ê¤É¡¢¤½¤ÎÃíÌÜÅ٤ι⤵¤¬±®¤¨¤Þ¤¹¡£¤³¤Î¥µ¡¼¥Ó¥¹¤Ç¤Ï¡¢BASIC¤ÈPROFESSIONAL¤ÇÄ󶡤µ¤ì¤ëExploit¥³¡¼¥É¤Î¥¿¥¤¥×¤¬°Û¤Ê¤ê¤Þ¤¹¡£Ã¼Åª¤Ë¤¤¤¨¤Ð¡¢PROFESSIONALÈǤÎÊý¤ÏɸŪ¤Ëµ¤ÉÕ¤«¤ì¤Å¤é¤¤ºî¤ê¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£6¥ö·î´Ö¤Ç50USD¤Îº¹³Û¤ò¤É¤¦¹Í¤¨¤ë¤«¤Ç¤¹¤¬¡¢¥Ó¥¸¥Í¥¹¤È¤·¤Æ¥µ¥¤¥Ð¡¼¹¶·â¤ò¹Ô¤Ã¤Æ¤¤¤ë¥°¥ë¡¼¥×¤Ë¤Ï°Â¤¤Ç㤤ʪ¤Ç¤·¤ç¤¦¡£

security pack


¤³¤Î¤è¤¦¤ÊÇطʤ¬¤¢¤Ã¤Æ¤«¤ï¤«¤ê¤Þ¤»¤ó¤¬¡¢2012ǯ¤ÏÆüËܹñÆâ¤ò´Þ¤á¡¢¥¦¥§¥Ö²þãâÈï³²¤¬ÂçÊÑ¿¤¯Êó¹ð¤µ¤ì¤Æ¤¤¤Þ¤¹¡£ÀèÆü¡¢IPA¤è¤ê¥¦¥§¥Ö¥µ¥¤¥È¤Î²þãâ¤ËÂФ·¤ÆÃí°Õ´­µ¯¤¬½Ð¤Æ¤ª¤ê¡¢2013ǯ¤âÁý²Ã¤·Â³¤±¤Æ¤¤¤Þ¤¹¡£¹ñ³°¤Î¾õ¶·¤ò´Þ¤áÄ´ºº¤·¤Þ¤¹¤È¡¢¤³¤ì¤é¤ÎÈï³²¥µ¥¤¥È¤Î¿¤¯¤Ë¤Ï°­À­¥³¡¼¥É¤¬ÁÞÆþ¤µ¤ì¤¿¤ê¡¢ÀßÃÖ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£Ê£¿ô¤Î¥¦¥§¥Ö¥µ¥¤¥È¤Ë¤ª¤¤¤Æ¡¢Îà»÷¥±¡¼¥¹¤â³Îǧ¤µ¤ì¤Æ¤¤¤ë¤³¤È¤«¤é¡¢EaaS¤äSpreaderÅù¤Î¥µ¡¼¥Ó¥¹¤¬ÍøÍѤµ¤ì¤¿²ÄǽÀ­¤Ï¹â¤¤¤È¹Í¤¨¤é¤ì¤Þ¤¹¡£

¤³¤Î¤è¤¦¤Ê¸½¾õ¤ËÂФ·¡¢IPA¤Ç¤Ï¤³¤ÎÃí°Õ´­µ¯¤ÎÃæ¤Ç¤Ï¡¢Âкö¤È¤·¤Æ¼ç¤Ë¼¡¤Î3ÅÀ¤ò²þ¤á¤Æ¿ä¾©¤·¤Æ¤¤¤Þ¤¹¡£
¡¦Windows¤Î¼«Æ°¹¹¿·¤òÍ­¸ú¤Ë
¡¦³Æ¼ï¥×¥í¥°¥é¥à¤òºÇ¿·¤Ë
¡¦¥¢¥ó¥Á¥¦¥¤¥ë¥¹°Ê³°¤Îµ¡Ç½¤â»ý¤Ä¡ÖÅý¹ç·¿¥»¥­¥å¥ê¥Æ¥£¥½¥Õ¥È¡×¤Î³èÍÑ

¤¤¤º¤ì¤â´ðËÜŪ¤ÊÂкö¤Ç¤¢¤ê¡¢³î¤ÄÂçÊѽÅÍפÊÂкö¤Ç¤¹¡£¾å¿Þ¤Ç¤â³Îǧ¤Ç¤­¤ë¤è¤¦¤Ë¡¢EaaS¤ä°ìÉô¤ÎWeb Exploit Pack¤Ç¤Ï¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥½¥Õ¥È¤ò²óÈò¤¹¤ë¤¿¤á¤Ë¡¢ÍøÍѤ¹¤ëExploit¥³¡¼¥É¤äÉÔÀµ¥×¥í¥°¥é¥àÅù¤ò¥Á¥§¥Ã¥¯¤¹¤ë¤¿¤á¤Î¥Ä¡¼¥ë¤¬Ä󶡤µ¤ì¤Æ¤¤¤Þ¤¹¡£¤½¤Î¤¿¤á¡¢¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥¹¥­¥ã¥ó¤Î¤ß¤Ç¤Î¸¡½Ð¤¬Æñ¤·¤¤¾ì¹ç¤¬¤¢¤ê¤Þ¤¹¡£
¤³¤ÎÅÀ¤òƧ¤Þ¤¨¤Þ¤¹¤È¡¢¾å½Ò¤ÎÂкö¤ÏºÇÄã¸Â¼Â»Ü¤·¤Æ¤ª¤­¤¿¤¤¤È¤³¤í¤Ç¤¹¡£
¤Þ¤¿¡¢UG¥Þ¡¼¥±¥Ã¥ÈÆâ¤Ç¤ÎJava Exploit¤Î¿Íµ¤¤ò¹Í¤¨¤Þ¤¹¤È¥¦¥§¥Ö¥Ö¥é¥¦¥¶¤ÎJava¤ò̵¸ú²½Åù¤ÎÂкö¤â¼Â»Ü¤·¤Æ¤ª¤¯¤È¤µ¤é¤Ë°Â¿´¤Ç¤¹¡£

²¿¤Ï¤È¤â¤¢¤ì¡¢¤³¤ì¤é¤ÎÇطʤòƧ¤Þ¤¨¤Þ¤¹¤È¡¢
¡¦PC¤ÏJava¤Ø¤ÎÂбþºö¤ÏËüÁ´¤«
¡¦¥¦¥§¥Ö¥µ¡¼¥Ð¤Ë³Ð¤¨¤Î̵¤¤¥³¥ó¥Æ¥ó¥Ä¤¬ÀßÃÖ¤µ¤ì¤Æ¤¤¤Ê¤¤¤«
¡¦¥¢¥¯¥»¥¹¥í¥°¤ËÉÔ¿³¤Ê¥í¥°¤Ï̵¤¤¤«¡Ê¤½¤â¤½¤âŬÀÚ¤Ë¥í¥°¤¬¼èÆÀ¤µ¤ì¤Æ¤¤¤ë¤«¡Ë

¤Ê¤É²þ¤á¤Æ³Îǧ¤µ¤ì¤Æ¤ß¤Æ¤ÏÇ¡²¿¤Ç¤·¤ç¤¦¤«¡£
Ê»¤»¤Æ¡¢¹¶·â¥È¥ì¥ó¥É¤ÎÊѲ½¤ËÉÕ¤¤¤Æ¤¤¤±¤ë¤è¤¦¤ËExploit¥³¡¼¥É¤äÉÔÀµ¥×¥í¥°¥é¥àÅù¤Î¾ðÊó¥Á¥§¥Ã¥¯¤â˺¤ì¤º¤Ë¡£


g01pack¤¬¥·¥§¥¢³ÈÂç¤ÎÃû¤·

¿Ãʹ¶·â¤ò²ð¤·¤Æ¥Ú¥¤¥í¡¼¥É¤òÇÛÉÛ¤¹¤ë¤³¤È¤¬Êó¹ð¤µ¤ì¤¿¤Ð¤«¤ê¤Îg01pack exploit kit¤¬¥·¥§¥¢¤ò¿­¤Ð¤·¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£
4·î¾å½Ü¤¯¤é¤¤¤Þ¤Ç¤ÏBlackHole exploit kit¤Î²þ¤¶¤óÈï³²¤¬Á꼡¤¤¤Ç¤¤¤Þ¤·¤¿¤¬¡¢¤³¤³¿ôÆü¤Î´Ö¤ËÊѲ½¤¬¸«¤é¤ì¤Æ¤¤¤Þ¤¹¡£

Web Exploit Kit¤ÎÅý·×¾ðÊó¤ò³Îǧ¤·¤Þ¤¹¤È¡¢3·î¡Á4·î¾å½Ü¤Þ¤Ç¤Ï¡¢ÌÀ¤é¤«¤ËBlackHole exploit kit¤Î¸¡½ÐΨ¤¬Â¿¤¤¤³¤È¤¬Ê¬¤«¤ê¤Þ¤¹¡£

g02pack1

¤È¤³¤í¤¬¡¢¤Û¤Ü1¥ö·î¤¬·Ð²á¤·¤¿4·î23Æüº¢¤«¤ég01pack exploit kit¤Î·ï¿ô¤¬Áý²Ã¤·»Ï¤á¤Æ¤¤¤Þ¤¹¡£
¡ôǤ°Õ¤Î¥¹¥­¥ã¥ó·ë²Ì¤Ç¤¹¤Î¤ÇÌÖÍåÀ­¤Ï¤¢¤ê¤Þ¤»¤ó¡£


g01pack2
»²¹Í¡§urlquery.net¤Î¥¹¥­¥ã¥ó·ë²Ì¤è¤ê

¤³¤ì¤é¤Î³èÆ°¤¬Blackhole exploit kit¤Ë´Ø·¸¤·¤¿¤â¤Î¤Ç¤¢¤ë¤«¤ÏÉÔÌÀ¤Ç¤¹¤¬¡¢g01pack exploit kit¤Î¥·¥§¥¢¤¬³ÈÂ礷¤Æ¤¤¤ë²ÄǽÀ­¤Ï¤¢¤ê¤½¤¦¤Ç¤¹¡£
¤È¤ê¤¢¤¨¤º¡¢Âбþ¤Î¤ª¤µ¤é¤¤¤ò°Ê²¼¤Ëµ­ºÜ¤·¤Þ¤¹¡£

¢£Ã¼Ëö¤Ø¤ÎÂбþ
Java¤ÎÀȼåÀ­¡ÊCVE-2012-1723¡Ë¤¬°­ÍѤµ¤ì¤Æ¤¤¤ë¤³¤È¤¬³Îǧ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£´û¤ËÂкöºÑ¤ß¤Ç¤¢¤ëÁÈ¿¥¤¬Â¿¤¤¤È¤Ï»×¤¤¤Þ¤¹¤¬¡¢Ç°¤Î¤¿¤áºÇ¿·¤ÎÀȼåÀ­¤ËÂФ·¤Æ¤âÂбþ¤·¤Æ¤ª¤¯¤³¤È¤ò¿ä¾©¤·¤Þ¤¹¡£

»²¹ÍURL:
Oracle Java ¤ÎÀȼåÀ­Âкö¤Ë¤Ä¤¤¤Æ(CVE-2013-2383Åù)
https://www.ipa.go.jp/security/ciadr/vul/20130417-jre.html
2013ǯ4·î Oracle Java SE ¤Î¥¯¥ê¥Æ¥£¥«¥ë¥Ñ¥Ã¥Á¥¢¥Ã¥×¥Ç¡¼¥È (ÄêÎã) ¤Ë´Ø¤¹¤ëÃí°Õ´­µ¯
https://www.jpcert.or.jp/at/2013/at130021.html
Web¥Ö¥é¥¦¥¶¤ÇJava¤ò̵¸ú¤Ë¤¹¤ë¤Ë¤Ï¤É¤¦¤¹¤ì¤Ð¤è¤¤¤Ç¤¹¤«¡£
https://www.java.com/ja/download/help/disable_browser.xml


¢£¥µ¡¼¥Ð¤Ø¤ÎÂбþ
²þ¤¶¤ó¤µ¤ì¤¿¥¦¥§¥Ö¥µ¥¤¥È¤Ø¤ÎÂбþ¤Ç¤¹¤¬¡¢¸½ºß¤Î¤È¤³¤í¼ê¸ý¤¬Ê¬¤«¤Ã¤Æ¤¤¤Þ¤»¤ó¡£´ðËÜŪ¤ÊÂбþ¤È¤·¤Æ¡¢
¡¦¥»¥­¥å¥ê¥Æ¥£¥Ñ¥Ã¥Á¤ÎŬÍѾõ¶·
¡¦¥¢¥¯¥»¥¹À©¸Â
¡¦¥Ñ¥¹¥ï¡¼¥É¤Î¶¯ÅÙ
¤Ê¤É¤Ï¸«Ä¾¤·¤Æ¤ª¤¯¤È°Â¿´¤Ç¤¹¡£¤Þ¤¿¡¢¥Û¥¹¥Æ¥£¥ó¥°¥µ¡¼¥Ó¥¹¤ä¥¯¥é¥¦¥É¥µ¡¼¥Ó¥¹¤Ê¤É¤òÍøÍѤ·¤Æ¤¤¤ë¾ì¹ç¤Ç¤¹¤¬¡¢´ÉÍýÍѤΥ¢¥×¥ê¥±¡¼¥·¥ç¥ó¡ÊParallels Plesk Panel¤Ê¤É¡Ë¤â¹¶·âÂоݤȤʤê¤Þ¤¹¤Î¤ÇÃí°Õ¤¬É¬ÍפǤ¹¡£

¢£IDS/IPSÅù¤Ç¤ÎÂбþ
g01pack exploit kit¤Ë´Ø¤¹¤ë¥·¥°¥Í¥Á¥ã¤Ï¼ç¤Ê¥»¥­¥å¥ê¥Æ¥£ÂкöÀ½Éʤˤè¤êÂбþºÑ¤ß¤Ç¤¹¡£Ëü°ì¡¢Âбþ¤µ¤ì¤Æ¤¤¤Ê¤¤¾ì¹ç¤Ï¡¢Snort¤Ê¤É¤Î¥·¥°¥Í¥Á¥ã¤ò»²¾È¤¯¤À¤µ¤¤¡£

»²¹Í¡§
http://pulsifer.ca/drop/CNDA/snort/snort.doc
https://lists.emergingthreats.net/pipermail/emerging-sigs/2012-September/020415.html


ºòǯ¤«¤é³¤¤¤Æ¤¤¤¿BlackHole exploit kit¤ÎÂ絬Ìϲþ¤¶¤ó¤ÈƱÍͤˡ¢g01pack exploit kit¤â²áµî¤ËÂ絬ÌϤʥ¦¥§¥Ö²þ¤¶¤ó¤Ë¤è¤êÀßÃÖ¤·¤¿·Ð°Þ¤¬¤¢¤ê¤Þ¤¹¡£
¶²¤é¤¯°ìÄê¤ÎÁàºî¤Ï¼«Æ°²½¤µ¤ì¤Æ¤¤¤ë¤³¤È¤¬¹Í¤¨¤é¤ì¡¢Æ±Íͤι¶·â¤Ï·Ñ³¤·¤Æ¹Ô¤ï¤ì¤ë²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£
ÉÔÀµ¤ËÀßÃÖ¤µ¤ì¤¿¥¦¥§¥Ö¥³¥ó¥Æ¥ó¥Ä¤Î̵ͭ¤ä¡¢SSH¤Ê¤É¤Î¥á¥ó¥Æ¥Ê¥ó¥¹·ÐÏ©¤Ê¤É¤ËÂкö¤ÎÉÔÈ÷¤¬Ìµ¤¤¤«ºÆ³Îǧ¤µ¤ì¤ë¤³¤È¤ò¤ª´«¤á¤·¤Þ¤¹¡£
²¿¤«¿·¤·¤¤Æ°¤­¤¬¤¢¤ê¤Þ¤·¤¿¤é¡¢¿ï»þÄɵ­¤·¤Æ¤¤¤³¤¦¤È»×¤¤¤Þ¤¹¡£





¥·¥¹¥Æ¥àÇ˲õ¤ÎËÜÅö¤ÎÌÜŪ¤Ï¡©

´Ú¹ñ¤Ç¤Î¥µ¥¤¥Ð¡¼¹¶·âÈï³²¤¬ÏÃÂê¤Ç¤¹¡£ATM¥Í¥Ã¥È¥ï¡¼¥¯¤Ø¤Î¿¯ÆþÊýË¡¤ä¡¢¤½¤ÎÌÜŪ¤Ê¤ÉÉÔÌÀ¤ÊÅÀ¤¬¤¢¤ê¡¢Á´ÍƲòÌÀ¤Ë¤Ï¤â¤¦¾¯¤·»þ´Ö¤¬¤«¤«¤ê¤½¤¦¤Ç¤¹¡£ Æä˴ڹñ¤Ø¤Î¥ï¥¤¥Ñ¡¼¹¶·â¤ÎÎò»Ë¤Ç¤â¿¨¤ì¤é¤ì¤¿¡¢MBRÎΰ衢¥Õ¥¡¥¤¥ë¥·¥¹¥Æ¥àÎΰè¤Î¾å½ñ¤­Áàºî¤Ë¤Ä¤¤¤Æ¤ÏÈó¾ï¤Ë¶½Ì£¿¼¤¤¤È¤³¤í¤Ç¤¹¡£

°ì¸«¡¢´Ú¹ñ¹ñÆâ¤Îº®Íð¤òÁÀ¤Ã¤¿¹¶·â¤Ç¤¢¤ë¤È¤Î¸«Êý¤¬¶¯¤¤¤è¤¦¤Ç¤¹¤¬¡¢ËÜÅö¤ÎÌÜŪ¤Ï°Õ³°¤Ê¤â¤Î¤«¤â¤·¤ì¤Þ¤»¤ó¡£¤½¤³¤Ç¡¢¤³¤Î¤è¤¦¤Ê¥·¥¹¥Æ¥àÇ˲õ¹Ô°Ù¤ò¤¹¤ë¾ì¹ç¡¢¤½¤ÎÌÜŪ¤ò£³¤Ä¹Í¤¨¤Æ¤ß¤Þ¤·¤¿¡£
 
¡Ê£±¡ËÍøÍѼԤؤÎ˸³²¤Î¤¿¤á¡Ê¶¼Ç÷¡¢Ìû²÷ÈÈ¡¢¥Æ¥í¡¢etc¡Ë
¡Ê£²¡Ë¾Úµò¤ò±£Êä·¤¿¤¤¤¿¤á
¡Ê£³¡ËÃíÌܤò½¸¤á¤¿¤¤¤¿¤á¡ÊÃí°Õ¤ò°ï¤é¤·¤¿¤¤¤¿¤á¡Ë

º£²ó¤Î¤è¤¦¤ÊÂ硹Ū¤Ê»ö·ï¤È¤Ê¤ê¤Þ¤¹¤È¡¢¡Ê£±¡Ë¤Î¥±¡¼¥¹¤¬»×¤¤É⤫¤Ù¤Æ¤·¤Þ¤¤¤Þ¤¹¡£¤·¤«¤·¡¢¡Ê£²¡Ë¡Ê£³¡Ë¤Î¥±¡¼¥¹¤âÁÛÄꤹ¤Ù¤­¤³¤È¤Î¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£

¼ÂºÝ¤Ë¡Ê£²¡Ë¤Ï¤·¤Ð¤·¤ÐÌܤˤ·¤Þ¤¹¡£¹¶·â¼Ô¤¬ÌÜŪ¤òãÀ®¤·¡¢¼«¿È¤Îº¯Àפò¾Ã¤·¤¿¤¤¾ì¹ç¤Ë¹Ô¤¤¤Þ¤¹¡£¤³¤Î¾ì¹ç¤ÏMBRÎΰè¤ÎÇ˲õ¤¯¤é¤¤¤¬°ìÈÌŪ¤Ç¤¹¡£°ì¸«¡¢OS¤Î¾ã³²¤Ë¸«¤»¤«¤±¡¢ÍøÍѼԤËÉüµì¤òÂ¥¤¹ºÝ¤Ë¹Ô¤ï¤ì¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£²¼¿Þ¤ÏMBRÎΰ褬Ç˲õ¤µ¤ì¤¿Ã¼Ëö¤«¤é³Îǧ¤µ¤ì¤¿¹¶·â¼Ô¤ÎÁàºîº¯ÀפǤ¹¡£

kill_os

¤³¤Î¾ì¹ç¤Ï¤³¤Ã¤½¤ê¤ÈÁàºî¤·¤Ê¤¤¤È°ÕÌ£¤¬¤¢¤ê¤Þ¤»¤ó¤Î¤Ç¡¢º£²ó¤Î´Ú¹ñ¤Î¥±¡¼¥¹¤Ë¤ÏÅö¤Æ¤Ï¤Þ¤é¤Ê¤½¤¦¤Ç¤¹¤¬¡£¡£¡£
¼¡¤Ë¡Ê£³¡Ë¤Ç¤¹¤¬¡¢ÃíÌܤò½¸¤á¤¿¤¤¤Î¤ÇÇɼê¤ËÇ˲õ¤¹¤ëɬÍפ¬¤¢¤ê¤½¤¦¤Ç¤¹¡£ËÜÍè¤ÎÌÜŪ¤¬ÌÜΩ¤Ä¤â¤Î¤Ç¤¢¤ì¤Ð¤¢¤ë¤Û¤É¡¢Ãí°Õ¤ò°ï¤é¤¹¤¿¤á¤ËÂ礭¤Ê²Ö²Ð¤òÂǤÁ¾å¤²¤ëɬÍפ¬¤¢¤ê¤Þ¤¹¡£
ËÜÅö¤Î¤È¤³¤í¤ÏÁ´¤¯Ê¬¤«¤ê¤Þ¤»¤ó¤¬¡¢²¿¤È¤Ê¤¯¡Ê£³¡Ë¤ò´ª¤°¤Ã¤Æ¤·¤Þ¤¤¤Þ¤¹¡£¹Í¤¨²á¤®¤Ç¤·¤ç¤¦¤«¤Í¡©
¤·¤Ð¤é¤¯¡¢´Ú¹ñ¤Î¥Ë¥å¡¼¥¹¤«¤éÌܤ¬Î¥¤»¤Þ¤»¤ó¤Í¡ª

¥°¥ê¡¼¥Æ¥£¥ó¥°¥«¡¼¥É¤òÁõ¤Ã¤¿É¸Åª·¿¥á¡¼¥ë¤ËÃí°Õ

¥°¥ê¡¼¥Æ¥£¥ó¥°¥«¡¼¥É¤òÁõ¤Ã¤¿É¸Åª·¿¥á¡¼¥ë¤¬Ê£¿ô³Îǧ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
¼Âºß¤¹¤ë¥µ¡¼¥Ó¥¹¤Ê¤Î¤Ç¡¢¤Ä¤¤¥¯¥ê¥Ã¥¯¤·¤Æ¤·¤Þ¤¤¤½¤¦¤Ç¤¹¤Î¤Ç¤´Ãí°Õ¤¯¤À¤µ¤¤¡ª

greeting_card

º£²ó¡¢³Îǧ¤·¤¿¥±¡¼¥¹¤Ç¤Ïµ­ºÜ¤µ¤ì¤¿URL¤Ø¥¢¥¯¥»¥¹¤·¤Þ¤¹¤È¡¢CVE-2013-0422¡ÊJava¤ÎÀȼåÀ­¡Ë¤ò°­ÍѤ¹¤ë¹¶·â¥³¡¼¥É¤¬¼Â¹Ô¤µ¤ì¤ë»ÅÁȤߤȤʤäƤ¤¤Þ¤·¤¿¡£
Java¤ÎÀȼåÀ­¤òÁÀ¤Ã¤¿¹¶·â¤Ïº£¸å¤â·Ñ³¤¹¤ë¤³¤È¤¬Í½ÁÛ¤µ¤ì¤Þ¤¹¤Î¤Ç¡¢ÆäËɬÍפΤʤ¤¥æ¡¼¥¶¤Ï¥¢¥ó¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤ª¤¤¤¿Êý¤¬ÂÅÅö¤«¤â¤·¤ì¤Þ¤»¤ó¡£

¤Á¤Ê¤ß¤Ë¡¢¥À¥¦¥ó¥í¡¼¥É¤µ¤ì¤ë¹¶·â¥³¡¼¥É¤Ïmetasploit¤Ë¤è¤êºîÀ®¤µ¤ì¤¿²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£
metasploitÍѤ˳«È¯¤µ¤ì¤¿¹¶·â¥³¡¼¥É¤Î¿¤¯¤Ï¸¦µæ¤·¿Ô¤¯¤µ¤ì¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢É¸Åª·¿¹¶·â¤ÇÍøÍѤµ¤ì¤ë¤Î¤ÏÄÁ¤·¤¤¥±¡¼¥¹¤À¤Ê¤¡¡¢¤È»×¤¤¤Þ¤·¤¿¡£¡Ê¹­ÈϰϤËÂФ·¤Æ¤Î¹¶·â¤À¤Ã¤¿¤Î¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡£¡Ë
¤â¤·¤«¤¹¤ë¤È¡¢¼Â¸³Åª¤Ê¹¶·â¤Ê¤Î¤«¤â¤·¤ì¤Þ¤»¤ó¤Í¡£

jar


GhostShell¤ÎÂè6¼¡¥×¥í¥¸¥§¥¯¥È¤Ë¤Ä¤¤¤Æ

10·î¤ËÀ¤³¦Ãæ¤Î100¤ÎÂç³Ø¡ÊÆüËܤò´Þ¤à¡Ë¤Î¥µ¡¼¥Ð¤«¤éÀà¼è¤·¤¿¾ðÊó¤ò¥Í¥Ã¥È¾å¤Ë·ÇºÜ¤·ÏÃÂê¤È¤Ê¤Ã¤¿¡ÖGhostShell¡×¤¬¼¡¤Î¥×¥í¥¸¥§¥¯¥Èͽ¹ð¤ò¤·¤¿¤³¤È¤¬ÃíÌܤµ¤ì¤Æ¤¤¤Þ¤¹¡£
#¾¯¤·»þ´Ö¤¬·Ð¤Ã¤Æ¤¤¤Þ¤¹¤¬¡¦¡¦¡¦


ghostshell_20121106


²áµî¤Î¹¶·â¼ê¸ý¤«¤é¡¢¶²¤é¤¯º£²ó¤âSQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¤ä´ÉÍý¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎÀȼåÀ­¤Ê¤É¤òÁÀ¤Ã¤¿¹¶·â¤ò¹Ô¤¦¤Î¤Ç¤Ï¤Ê¤¤¤«¡¢¤È¤Î¸«Êý¤¬¶¯¤¤¤è¤¦¤Ç¤¹¡£
¸½ºß¤Î¤È¤³¤í¶ñÂÎŪ¤ÊɸŪ¤Ê¤É¤Î¾ÜºÙ¾ðÊó¤Ï·ÇºÜ¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¤¬¡¢Ç°¤Î°Ù¸ø³«¥µ¡¼¥Ð·²¤Î¥»¥­¥å¥ê¥Æ¥£¡¦¥Á¥§¥Ã¥¯¤ò¤·¤Æ¤ª¤¯¤³¤È¤ò¤ª´«¤á¤·¤Þ¤¹¡£
Î㤨¤Ð¡¢
¡¦¥¦¥§¥Ö¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÎÀȼåÀ­¤Î½¤Àµ
¡¦¥Ç¡¼¥¿¥Ù¡¼¥¹¤ä¥³¥ó¥Æ¥ó¥Ä´ÉÍý¥·¥¹¥Æ¥à¤Ê¤É¤Ø¤Î¥¢¥¯¥»¥¹À©¸Â
¡¦IPS¤äWAF¤ÎÆ°ºî³Îǧ¡Ê¸¡ÃΤ·¤Ê¤«¤Ã¤¿¤é°ÕÌ£¤¬¤¢¤ê¤Þ¤»¤ó¤Î¤Ç¡Ë
¤Ê¤É¤Ê¤É¡¢³Îǧ¤¹¤Ù¤­¤³¤È¤Ï¿¤¤¤è¤¦¤Ë»×¤¤¤Þ¤¹¡£

¤Á¤Ê¤ß¤Ë¡¢GhostSehll¤Î²áµî¤Î¥×¥í¥¸¥§¥¯¥È¤ÏPastbin¤Ë·ÇºÜ¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
º£²ó¤â¥×¥í¥¸¥§¥¯¥È¤Ë´Ø¤¹¤ë¾ðÊó¤¬Pastbin¤Ë·ÇºÜ¤µ¤ì¤ë¤«¤Ï¤ï¤«¤ê¤Þ¤»¤ó¤¬¡¢µ¤¤Ë¤Ê¤ë¤è¤¦¤Ç¤·¤¿¤é»²¾È¤·¤Æ¤ª¤¯¤ÈÎɤ¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£

http://pastebin.com/u/TeamGhostShell

¥×¥í¥¸¥§¥¯¥È¤¬¼Â¹Ô¤µ¤ì¤Ê¤¤¤³¤È¤¬°ìÈÖÎɤ¤¤Î¤Ç¤¹¤¬¡£¡£¡£

Äɵ­
12·î10ÆüÉÕ¤±¤Ç·ÇºÜ¤µ¤ì¤¿¤è¤¦¤Ç¤¹¤Í¡£
#ProjectWhiteFox
http://pastebin.com/agUFkEEa

Oracle Java 7¤ÎÀȼåÀ­¤òÁÀ¤Ã¤¿¹¶·â¤Ë¤Ä¤¤¤Æ

28Æü¤ËJVN¤ËÅÐÏ¿¤µ¤ì¤¿Java¤ÎÀȼåÀ­¡Ê0day¡Ë¤¬ÏÃÂê¤Ç¤¹¡£
±Æ¶ÁÈϰϤϡ¢Java 7 (Java SE7, JDK 7, JRE 7)¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
´û¤Ë¹¶·â¥³¡¼¥É¤ò°­ÍѤ·¤¿¥¦¥§¥Ö¥µ¥¤¥È¤âÊ£¿ôÊó¹ð¤µ¤ì¤Æ¤ª¤ê¡¢·Ù²ü¤¬É¬Íפʾõ¶·¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£

JVN¤Ë¤âµ­ºÜ¤µ¤ì¤Æ¤¤¤Þ¤¹¤¬¡¢¸½ºß¤Î¤È¤³¤íOracle¼Ò¤«¤é¤Ï¥»¥­¥å¥ê¥Æ¥£¡¦¥Ñ¥Ã¥Á¤¬ÇÛÉÛ¤µ¤ì¤Æ¤¤¤Þ¤»¤ó¡£¤½¤Î¤¿¤á¡¢°ì»þŪ¤ÊÂкö¤È¤·¤Æ¥¦¥§¥Ö¥Ö¥é¥¦¥¶¤ÎJava Plug-in¤ò̵¸ú²½¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤Þ¤¹¡£

¸½ºß³Îǧ¤µ¤ì¤Æ¤¤¤ë°­À­¥µ¥¤¥È¤Ë¤Ï¡¢¼¡¤Î¤è¤¦¤Ê¥³¡¼¥É¤¬´Þ¤Þ¤ì¤Æ¤ª¤ê¡¢Java¤ÎÀȼåÀ­¤ò°­ÍѸå¤ËDrive-by Download¤Ë¤è¤ê¥Þ¥ë¥¦¥§¥¢¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Þ¤¹¡£
¢¨¼ÂºÝ¤ÏDadong's JSXX 0.44 VIP¤Ë¤è¤ê°Å¹æ²½¤µ¤ì¤Æ¤¤¤Þ¤¹¡£Dadong's JSXX¤Ï²áµî¤ËChinese Pack¤È¸Æ¤Ð¤ì¤ëExploit Kit¤¬ÍøÍѤ·¤Æ¤¤¤¿¤³¤È¤Ç¤âÃΤé¤ì¤Æ¤¤¤Þ¤¹¡£

js_java0day

º£²ó³Îǧ¤µ¤ì¤¿°­À­¥µ¥¤¥È¤è¤ê¥À¥¦¥ó¥í¡¼¥É¤µ¤ì¤ë¥Þ¥ë¥¦¥§¥¢¤Ë´Ø¤·¤Æ¤Ï¡¢ËؤɤΥ¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¥¦¥§¥¢¤¬Âбþ¤·¤Æ¤¤¤Þ¤¹¡£
¡Ê¤Á¤Ê¤ß¤Ë¡¢F-Secure¤Ç¤ÏGen:Trojan.Heur.FU.bqW@a4uT4@bb¤Ç¸¡½Ð¤·¤Þ¤¹¡£¡Ë
¾°¡¢É®¼Ô¤¬³Îǧ¡Ê28Æü19»þº¢¡Ë¤·¤¿¤È¤³¤í¡¢¤Þ¤À°ìÉô¤Î°­À­¥µ¥¤¥È¤Ï¥¢¥¯¥Æ¥£¥Ö¤Ê¤è¤¦¤Ç¤¹¡£

¡ÚWindows¤Ç¤ÎJava Plug-in¤Î̵¸ú²½¡Û
IE¤Î¾ì¹ç¤Ï¡¢¼¡¤Î¥µ¥¤¥È¤Î¾ðÊ󤬻²¹Í¤Ë¤Ê¤ê¤Þ¤¹¡£´ö¤Ä¤«ÊýË¡¤¬¾Ò²ð¤µ¤ì¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢»²¹Í¤Ë¤Ê¤ì¤Ð¤È»×¤¤¤Þ¤¹¡£

http://www.kb.cert.org/vuls/id/636312
http://kb.iu.edu/data/ahqx.html
https://krebsonsecurity.com/how-to-unplug-java-from-the-browser/
     
¡ÚMacOSX¤Ç¤ÎJava Plug-in¤Î̵¸ú²½¡Û
OSX¤Î¾ì¹ç¤Ï¤³¤Á¤é¤¬»²¹Í¤Ë¤Ê¤ê¤Þ¤¹¡£
http://www.maclife.com/article/howtos/how_disable_java_your_mac_web_browser
https://krebsonsecurity.com/how-to-unplug-java-from-the-browser/

safari_javaoff
                Safari¤ÎJava Plug-in̵¸ú²½¤ÎÎã

SANS Internet Storm Center¤Îµ­»ö¤Ë¤â¤¢¤ëÄ̤ꡢ¥»¥­¥å¥ê¥Æ¥£¡¦¥Ñ¥Ã¥Á¤¬¸ø³«¤µ¤ì¤ë¤Þ¤Ç»þ´Ö¤¬¤«¤«¤ê¤½¤¦¤Ç¤¹¡£
The next patch cycle from Oracle isn't scheduled for another two months (October.)
¶²¤é¤¯Web Exploit Pack¤Ê¤É¤Ë¤âÁȤ߹þ¤Þ¤ì¤ë¤Î¤â»þ´Ö¤ÎÌäÂê¤Èͽ¬¤µ¤ì¤Þ¤¹¤¿¤á¡¢Áá¤á¤ÎÂкö¤ò¿ä¾©¤·¤Þ¤¹¡£ÆäËBlackhole Exploit Kit ¤Ê¤É¤ÏÈó¾ï¤ËÉÔµ¤Ì£¤Ç¤¹¡£

¤Þ¤¿¡¢IPS¤ä¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥²¡¼¥È¥¦¥§¥¤¤Ê¤É¤Î¥»¥­¥å¥ê¥Æ¥£µ¡´ï¤Ë¤è¤ëÂкö¤Ç¤¹¤¬¡¢¥Ñ¥Ã¤È»×¤¤¤Ä¤¤¤¿Âкö¤ò3¤Äµó¤²¤Þ¤¹¤È¡¢¤¢¤ê¤­¤¿¤ê¤Ç¤¹¤¬¼¡¤ÎÂкö¤ò¼Â»Ü¤·¤Æ¤ÏÇ¡²¿¤Ç¤·¤ç¤¦¤«¡£
¡Ê£±¡ËWeb Exploit Pack¤Î¸¡ÃΥ롼¥ë¤ò³Îǧ¤¹¤ë¡ÊÇ°¤Î°Ù¡Ë
¡Ê£²¡Ë´ûÃΤι¶·â¥³¡¼¥É¤Î¸¡ÃΥ롼¥ë¤òŬÍѤ¹¤ë
¡Ê£³¡Ë´ûÃΤΰ­À­¥µ¥¤¥È¤ò¥Ö¥é¥Ã¥¯¥ê¥¹¥È¤ËÅÐÏ¿¤¹¤ë
¤È¤ê¤¢¤¨¤º¡¢¸½ºßÊó¹ð¤µ¤ì¤Æ¤¤¤ë¥É¥á¥¤¥ó¤Ï¼¡¤Î3¤Ä¤¬¤¢¤ê¤Þ¤¹¡£
ok.aa24.net
59.120.154.62
62.152.104.149

¡Ê£²¡Ë¤ÏMetasploit¤Ë¤è¤êÀ¸À®¤µ¤ì¤¿¹¶·â¥³¡¼¥É¤È¸½ºß³Îǧ¤µ¤ì¤¿°­À­¥µ¥¤¥È¤Ç°­ÍѤµ¤ì¤¿¹¶·â¥³¡¼¥É¤ÎξÊý¤òÁÛÄꤷ¤Æ¤ª¤¤¤¿Êý¤¬Îɤ¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£
º£²ó³Îǧ¤µ¤ì¤¿°­À­¥µ¥¤¥È¤Ë´Ø¤·¤Æ¤Ï¡¢ÆÃħ¤È¤·¤ÆDadong's JSXX Script¤òÍøÍѤ·¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢´û¸¤ÎSnort¤Î¥ë¡¼¥ë¤ò»²¹Í¤Ë¤·¤ÆºîÀ®¤·¤Æ¤ß¤ë¤Î¤â¼ê¤À¤È»×¤¤¤Þ¤¹¡£
alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"ET CURRENT_EVENTS JavaScript Obfuscation Using Dadong JSXX Script"; flow:established,to_client; file_data; content:"Encrypt By Dadong"; distance:0; classtype:bad-unknown; sid:2014155; rev:2;)

º£¸å¡¢¤³¤ÎÀȼåÀ­¤ò°­ÍѤ¹¤ë¹¶·â¥µ¥¤¥È¤¬Áý²Ã¤¹¤ë¤³¤È¤¬Í½ÁÛ¤µ¤ì¤Þ¤¹¡£
¸½¾õ¤Ç¤Ï¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¥¦¥§¥¢¤ÎÄêµÁ¥Õ¥¡¥¤¥ë¤òºÇ¿·¤Î¾õÂ֤ˤ¹¤ë¤Ê¤É¤Î°ìÈÌŪ¤ÊÂкö¤ò¸«Ä¾¤¹¤³¤È¤â˺¤ì¤º¤Ë¼Â»Ü¤·¤Æ¤ª¤­¤¿¤¤¤È¤³¤í¤Ç¤¹¡£
ÅöÌÌ¡¢´ØÏ¢¾ðÊ󤬥»¥­¥å¥ê¥Æ¥£´ØÏ¢¥µ¥¤¥È¤Ë¼¡¡¹¤È¥¢¥Ã¥×¥Ç¡¼¥È¤µ¤ì¤Æ¤¤¤¯¤È»×¤¤¤Þ¤¹¤Î¤Ç¡¢¾ðÊó¼ý½¸¤â¤ªËº¤ì¤Ê¤¯¡£¡£¡£

»ä¤â¸ú²Ì¤Î¹â¤¤Âкö¤¬¤¢¤ê¤Þ¤·¤¿¤é¡¢¿ï»þ¹¹¿·¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£
¤Ç¤Ï¤Ç¤Ï¡£

¡Ú»²¹Í¾ðÊó¡Û
http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html
http://labs.alienvault.com/labs/index.php/2012/new-java-0day-exploited-in-the-wild/
http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html

Poison Ivy¤Ë¤ß¤ë¥Þ¥ë¥¦¥§¥¢¤Î±£¤·¾ì½ê


ºÇ¶á¡¢¡Ö¥Þ¥ë¥¦¥§¥¢´¶À÷¤·¤¿¤È»×¤¦¤Î¤À¤¬¡¢¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥½¥Õ¥È¤äÉÔÀµ¥×¥í¥°¥é¥àÃê½Ð¥Ä¡¼¥ëÅù¤ò»î¤·¤¿¤¬²¿¤â¸«¤Ä¤«¤é¤Ê¤¤¡×¤È¤¤¤Ã¤¿Ïäò¤è¤¯¼ª¤Ë¤·¤Þ¤¹¡£
¤½¤Î¿¤¯¤Ï¡¢IDS/IPS¤äURL¥Õ¥£¥ë¥¿¤Ê¤É¤Ë¤è¤êÉÔÀµÄÌ¿®¤ò¸¡½Ð¤·¤Æ¤¤¤ë¤Î¤Ç¤¹¤¬¡¢¤¤¤¶PC¤òÄ´¤Ù¤ë¤È²¿¤â¸«¤Ä¤«¤é¤Ê¤¤¡¢¤È¤¤¤Ã¤¿¤â¤Î¤Ç¤¹¡£
¡ôÅöÁ³¡¢¥Þ¥ë¥¦¥§¥¢ºîÀ®Â¦¤âÇ°Æþ¤ê¤Ë¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥½¥Õ¥ÈÅù¤Ç¤Ï¸¡½Ð¤µ¤ì¤Ê¤¤¤è¤¦¤ËÀ߷פ·¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢¤½¤¦´Êñ¤Ë¤Ï¸«¤Ä¤«¤é¤Ê¤¤¤Ç¤¹¡£

¤½¤³¤Ç¡¢º£²ó¤Ï¸¡½Ð¤µ¤ì¤º¤é¤¤¥Þ¥ë¥¦¥§¥¢±£¤·¾ì½ê¤È¤½¤Î¸¡½ÐÊýË¡¤Î°ìÎã¤ò¾Ò²ð¤·¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£¾¯¤·¤Ç¤â¤ªÌò¤ËΩ¤Æ¤Æ失¤ì¤Ð¹¬¤¤¤Ç¤¹¡£

º£Ç¯¤ËÆþ¤Ã¤Æ¤«¤é¡¢¤È¤­¤É¤­¸«¤«¤±¤ë¤â¤Î¤È¤·¤Æ¡¢¸ÅŵŪ¤Ê¼êË¡¤Ç¤¹¤¬¡¢ADS¡ÊNTFSÂåÂإǡ¼¥¿¥¹¥È¥ê¡¼¥à¡Ë¤òÍøÍѤ·¤Æ¥Þ¥ë¥¦¥§¥¢¤ÎËÜÂΤò±£¤¹¼ê¸ý¤Ç¤¹¡£
¤³¤Î¼ê¸ý¤ò°­ÍѤ¹¤ë¤â¤Î¤È¤·¤Æ¡¢Î㤨¤ÐºÇ¶á¿Íµ¤¡Ê¡©¡Ë¤ÎPoison Ivy¡Ê¥È¥í¥¤¤ÎÌÚÇϡˤʤɤ¬¤¢¤ê¤Þ¤¹¡£
Poison Ivy¤Îµ¡Ç½¤Ë¼è¤ê¹þ¤Þ¤ì¤¿¤Î¤Ï¡¢Èæ³ÓŪºÇ¶á¤Î¥Ð¡¼¥¸¥ç¥ó¡Ê2.3.0¡Á¡Ë¤«¤é¤Ç¤¹¤Î¤Ç¡¢¹¶·â¼Ô¤«¤é¸«¤ì¤Ð¤½¤ì¤Ê¤ê¤Ë¸ú²Ì¤¬´üÂԤǤ­¤ë¤È¤¤¤¦¤³¤È¤Ê¤Î¤Ç¤·¤ç¤¦¡£

Poison Ivy¤Î¾ì¹ç¡¢¥Õ¥¡¥¤¥ë¤ò±£¤¹¤¿¤á¤ËÍøÍѤµ¤ì¤ë¥Õ¥©¥ë¥À¤Ï¡¢Windows¥Õ¥©¥ë¥À¤Èsystem¥Õ¥©¥ë¥À¤Ë¸ÂÄꤵ¤ì¤Æ¤¤¤Þ¤¹¡£
¥Ç¥£¥¹¥¯¥¨¥Ç¥£¥¿Åù¤Ç³Îǧ¤¹¤ë¤È¡¢²¼¿Þ¤Îhkcmds.exe¡ÊC:¥Windows¥system32:hkcmds.exe¡Ë¤Î¤è¤¦¤Ê¾õÂ֤Ȥʤê¤Þ¤¹¡£
¡ôADS¤Ë¤è¤ê±£¤µ¤ì¤¿¥Õ¥¡¥¤¥ë¤Ï¡¢Ä̾ï¤ÎWindows¤Î¥¨¥¯¥¹¥×¥í¡¼¥é¡¼Åù¤ÎÁàºî¤Ç¤Ï¸«¤¨¤Þ¤»¤ó¡£

ads

¤³¤Î±£¤µ¤ì¤¿¥Þ¥ë¥¦¥§¥¢¤ËÂФ·¡Ê£±¡Ë¡Á¡Ê£³¡Ë¤ÎÁàºî¤Ë¤è¤ê¸¡½Ð¤ª¤è¤ÓÃê½Ð¤ò»î¤ß¤Þ¤¹¡£
¡Ê£±¡ËWindows¤Î¥Õ¥¡¥¤¥ë¸¡º÷
¡Ê£²¡Ë¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥½¥Õ¥È¤Ë¤è¤ë¥Õ¥ë¥¹¥­¥ã¥ó
¡Ê£³¡ËADS¥Õ¥¡¥¤¥ë¸¡º÷¥Ä¡¼¥ë

¤³¤ì¤é¤ÎÁàºî¤Î·ë²Ì¤Ï¡¢
¡Ê£±¡Ë¤Ç¤Ï¸«¤Ä¤±¤é¤ì¤Þ¤»¤ó¡£¶²¤é¤¯¡¢Windows API¤òÍøÍѤ·¤Æ¤¤¤ë»ñ»º´ÉÍý¥Ä¡¼¥ëÅù¤Ç¤â¸«¤Ä¤«¤é¤Ê¤¤¤È»×¤¤¤Þ¤¹¡£¡Ê̤³Îǧ¡Ë
¡Ê£²¡Ë¤Ï5¤Ä¤Î¥½¥Õ¥È¥¦¥§¥¢¤ò¥Æ¥¹¥È¤·¤¿¤È¤³¤í¡¢2¤Ä¤¬¸¡½Ð¤µ¤ì¤Þ¤·¤¿¡£¤¤¤Þ¤¤¤Á³Î¼ÂÀ­¤Ë˳¤·¤¤¤Ç¤¹¡£
¡Ê£³¡Ë¤Ï³Î¼Â¤ËÃê½Ð¤¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£ADS¤ò¸¡½Ð¤¹¤ë¤³¤È¤ËÆò½¤·¤Æ¤Þ¤¹¤Î¤ÇÅöÁ³¤Ç¤¹¤Í¡£

¾¤Ë¥ì¥¸¥¹¥È¥ê¤ò³Îǧ¤¹¤ë¤³¤È¤Ç¸¡Æ¤¤ò¤Ä¤±¤ë¤³¤È¤Ï²Äǽ¤Ç¤¹¤¬¡¢¤³¤Îºî¶È¤Ï¤Ê¤«¤Ê¤«¹ü¤¬ÀÞ¤ì¤Þ¤¹¡£
¤Á¤Ê¤ß¤Ë¡¢¾å¤ÎÎã¤Ç¤¹¤È¥ì¥¸¥¹¥È¥ê¤Ï¼¡¤Î¤è¤¦¤ÊÆâÍƤ¬½ñ¤­²Ã¤¨¤é¤ì¤Æ¤¤¤Þ¤·¤¿¡£

Key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
 Value Name: HotKeyscmd
 New Value: “C:\WINDOWS\system32:hkcmds.exe”


¡ô´¶À÷Æü»þ¤¬¤¢¤ëÄøÅÙÌÜÀ±¤¬¤Ä¤¤¤Æ¤ª¤ê¡¢´¶À÷üËö¤ÎÊÝÁ´¾õ¶·¤¬Îɤ¤¤ÈÈæ³ÓŪÍưפ˸«¤Ä¤±¤é¤ì¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£

º£Ç¯¤ËÆþ¤Ã¤Æ¤«¤é¡¢ËÜ¥±¡¼¥¹¤Î¤è¤¦¤Ê»öÎã¤Ï¾¯¤Ê¤¯¤¢¤ê¤Þ¤»¤ó¡£¤â¤·¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥½¥Õ¥ÈÅù¤Ç¤Ï²¿¤â¸¡½Ð¤µ¤ì¤Æ¤¤¤Ê¤¤¤¬¡¢ÉÔ¿³¤ÊÄÌ¿®¤ò¹Ô¤Ã¤Æ¤¤¤ë¡¢¤Ê¤É¤ÎµóÆ°¤¬¤¢¤ê¤Þ¤·¤¿¤é°ì±þADS¤â¥Á¥§¥Ã¥¯¤·¤Æ¤ª¤¯¤ÈÎɤ¤¤«¤â¤·¤ì¤Þ¤»¤ó¡£
¤Þ¤¿¡¢²¿¤«¶½Ì£¿¼¤¤»öÎãÅù¤¢¤ê¤Þ¤·¤¿¤éÅê¹Æ¤·¤¿¤¤¤È»×¤¤¤Þ¤¹¡£
¤Ç¤Ï¤Ç¤Ï¡£

Ãæ¹ñ¤Ç³«È¯¤µ¤ì¤¿Hacktool¤Î¸¡ÃΤËÃí°Õ

Hacktool¤äNetTool¤È¤¤¤Ã¤¿¥¦¥¤¥ë¥¹¤¬¸¡½Ð¤µ¤ì¤¿¤³¤È¤Ï¤¢¤ê¤Þ¤»¤ó¤«¡©
¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¤Ë¤è¤Ã¤Æ¤Ï¡¢HackTool¤È¤«NetTool¡¢xxx_Transmit¡Êxxx¤ÏBackdoor¤äTrojan¡Ë¤Î¤è¤¦¤Ê¸¡ÃÎ̾¤¬ÉÕ¤±¤é¤ì¤Æ¤¤¤Þ¤¹¡£

lcx

¤³¤ì¤é¤Î¥Ä¡¼¥ë¤Ï´¶À÷µ¡Ç½¤Ï»ý¤¿¤º¡¢¹¶·â¼Ô¤¬C&C¥µ¡¼¥Ð¤Ê¤É¤ÈÄÌ¿®¤ò³ÎΩ¤¹¤ë¤¿¤á¤Ë¡¢¤·¤Ð¤·¤ÐÍøÍѤµ¤ì¤Þ¤¹¡£
Î㤨¤Ð¡¢ºòǯ¤ÎRSA¤Î»ö·ï¤Ç°­ÍѤµ¤ì¤Þ¤·¤¿Backdoor.Liondoor¡ÊHTran¡Ë¤Ê¤É¤¬¤½¤ì¤Ë¤¢¤¿¤ê¤Þ¤¹¡£
¤Á¤Ê¤ß¤Ë¡¢Backdoor.Liondoor¡ÊHTran¡Ë¤Ï¡¢2003ǯº¢¤ËÃæ¹ñ¹ÈµÒÏ¢ÌÁ¤Ë¤è¤ê³«È¯¤µ¤ì¤¿¥Ñ¥±¥Ã¥ÈžÁ÷¥Ä¡¼¥ë¤Ç¤¹¡£
¢¨³«È¯¸µ¤ÏÃæ¹ñ¤Ê¤Î¤Ç¤¹¤¬¡¢Â¾¹ñ¤Î¹¶·â¼Ô¤âÍøÍѤ·¤Æ¤¤¤Þ¤¹¤Î¤Ç¡¢°ì³µ¤ËÃæ¹ñüîµÒ¤Ë¤è¤ë¹¶·â¤È¤Ï¤¤¤¨¤Þ¤»¤ó¡£
¤³¤ì¤é¤Î¥Ä¡¼¥ë¤Ï¡¢¥×¥í¥°¥é¥à¤¬¼«Æ°Åª¤Ë´¶À÷¤ä¥Ð¥Ã¥¯¥É¥¢¤òºîÀ®¤¹¤ë¤³¤È¤Ï¤¢¤ê¤Þ¤»¤ó¡£¹¶·â¼Ô¤ÎÁàºî¤Ë¤è¤ê¥Ð¥Ã¥¯¥É¥¢¤Ë°­ÍѤµ¤ì¤¿¤ê¤¹¤ë¥×¥í¥°¥é¥à¤Ç¤¹¡£
¤Ä¤Þ¤ê¡¢°ìÈÌŪ¤Ê´ë¶È´Ä¶­¡Ê¡©¡Ë¤Ë¤ª¤¤¤ÆHacktool¤¬È¯¸«¤µ¤ì¤¿¾ì¹ç¡¢±ý¡¹¤Ë¤·¤Æ´û¤Ë¹¶·â¼Ô¤¬¿¯Æþ¤·¤Æ¤ª¤ê²¿¤é¤«¤ÎÈï³²¤òÈï¤Ã¤Æ¤¤¤ë²ÄǽÀ­¤¬¹â¤¤¤È¤¤¤¨¤Þ¤¹¡£
¤³¤ÎÊդϸÅŵŪ¤ÊÏäǤ¹¤Î¤Ç¡¢¾ÜºÙ¤Ï³ä°¦¤·¤Þ¤¹¤Í¡£

¤µ¤Æ¡¢¤³¤ÎHacktool¤Ç¤¹¤¬°­ÍѤµ¤ì¤Æ¤¤¤Æ¤âÃ桹¸«¤Ä¤±¤é¤ì¤Ê¤¤¡¢¤È¤¤¤¦ÁêÃ̤ò¤è¤¯¼õ¤±¤ë¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£
°ìÈ̤ˡ¢¤³¤ì¤é¤Î¥Ä¡¼¥ë¤ÏÂçÄñ¤Î¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¤Ç¶î½ü¤Ç¤­¤Þ¤¹¤¬¡¢¶î½ü¤µ¤ì¤º¤Ë°­ÍѤµ¤ì¤Æ¤¤¤ë¤Î¤Ï¤É¤¦¤¤¤¦¤³¤È¤Ç¤·¤ç¤¦¤«¡£
¥Þ¥ë¥¦¥§¥¢´¶À÷¤Î¥¤¥ó¥·¥Ç¥ó¥ÈÂбþÁ´ÈÌŪ¤Ë¸À¤¨¤ë¤³¤È¤Ê¤Î¤«¤â¤·¤ì¤Þ¤»¤ó¤¬¡¢
¤Þ¤º¹Í¤¨¤é¤ì¤ë¤Î¤Ï¡¢"¸¡ÃΤǤ­¤Ê¤¤¾õ¶·"¤Ç¤¢¤ë¤È¤¤¤¦¤³¤È¤¬¡¢Íýͳ¤Î¤Ò¤È¤Ä¤È¤·¤Æµó¤²¤é¤ì¤ë¤È»×¤¤¤Þ¤¹¡£
²¿¸Î¡¢¶î½ü¤Ç¤­¤Ê¤¤¤Î¤«¤ÎÍýͳ¤Ï¿§¡¹¤¢¤ê¤Þ¤¹¤¬¡¢¤è¤¯¸«¤«¤±¤ë¤Î¤Ï¼¡¤Î3¤Ä¤Ç¤¹¡£
­¡¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¤¬Ää»ß¤µ¤ì¤Æ¤¤¤ë
­¢¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¤Î¸¡º÷Âоݳ°¤ÎÎΰ褬ÍøÍѤµ¤ì¤Æ¤¤¤ë
­£¶î½ü¤¹¤Ù¤­Hacktool¤¬Èï³²¥Û¥¹¥È¾å¤Ë̵¤¤

­¡¤Ï¹¶·â¼Ô¤¬´ÉÍý¥µ¡¼¥Ð¤òÉÔÀµÁàºî¤·¤Æ¤¤¤¿¤ê¡¢¥Û¥¹¥È¾å¤ÎÀßÄ꤬Êѹ¹¤µ¤ì¤¿²ÄǽÀ­¤Ê¤É¤¬¹Í¤¨¤é¤ì¤Þ¤¹¡£
­¢¤Ï¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¤ÎÀßÄê¤ä¥æ¡¼¥¶¤ÎÍøÍѴĶ­¤Ê¤É¤Ë°Í¸¤¹¤ë¤³¤È¤¬Â¿¤¤¤Ç¤¹¡£
#À½Éʤˤè¤Ã¤Æ¥ê¥¹¥¯¥¦¥§¥¢¤ò¥¹¥­¥ã¥óÂоݳ°¤Ë¤·¤Æ¤¤¤ë¤È¸¡ÃΤǤ­¤Ê¤¤¾ì¹ç¤¬¤¢¤ê¤Þ¤¹¡£
­£¤ÏÈï³²¥Û¥¹¥È¤È¤Ï°Û¤Ê¤ë¥ê¥â¡¼¥È¡¦¥Û¥¹¥È¾å¤ËHacktool¤¬Â¸ºß¤·¤Æ¤¤¤ë¾ì¹ç¤Ê¤É¤¬¤¢¤ê¤Þ¤¹¡£
#¤³¤Î¾ì¹ç¡¢¹¶·â¼Ô¤¬ÉÔÀµÁàºî¤Îµ¯ÅÀ¤È¤Ê¤Ã¤Æ¤¤¤ë¿Æ¶Ì¤Î¥·¥¹¥Æ¥à¤¬Â¸ºß¤¹¤ë²ÄǽÀ­¤¬¤¢¤ê¤Þ¤¹¡£¤½¤Î¾ì¹ç¡¢¿Æ¶Ì¥·¥¹¥Æ¥à¤Îȯ¸«¤Ë¼ê´Ö¼è¤ê¡¢Èï³²¤¬¼ý«¤¹¤ë¤Þ¤Ç¤Ë»þ´Ö¤òÍפ¹¤³¤È¤¬¤¢¤ê¤Þ¤¹¡£

¤¤¤º¤ì¤Ë¤»¤è¡¢¹¶·â¼Ô¤¬¤¹¤Ç¤ËɸŪ¤Î¥·¥¹¥Æ¥à¤ò¾è¤Ã¼è¤Ã¤¿¸å¤ÎÁàºî¤È¤Ê¤ê¤Þ¤¹¤Î¤Ç¡¢¤³¤ì¤é¤ÎÁàºî¤¬¤µ¤ì¤Æ¤¤¤Æ¤âÉԻ׵ĤǤϤ¢¤ê¤Þ¤»¤ó¡£

¤â¤·Hacktool´ØÏ¢¤Î¸¡ÃÎ¥í¥°¤¬£±¤Ä¤Ç¤â¸«¤Ä¤±¤¿¾ì¹ç¡¢¡Ê¥Í¥Ã¥È¥ï¡¼¥¯Åª¤Ë¡Ë¼þÊդΥۥ¹¥È¤äAD¤Î¥í¥°¤ò»êµÞÄ´ºº¤·¤Æ¤ß¤Æ¤¯¤À¤µ¤¤¡£
¡ô¶È̳¾ðÊó¤Ê¤É¤¬Ï³±Ì¤·¤Æ¤¤¤Ê¤¤¤³¤È¤òµ§¤ê¤Ä¤Ä
¹¶·â¤Îº¯Àפϡ¢¤¢¤Ã¤È¤¤¤¦´Ö¤Ëºï½ü¤µ¤ì¤Þ¤¹¤Î¤Ç¡¢¥¹¥Ô¡¼¥É¾¡Éé¤È¤Ê¤ê¤Þ¤¹¤¬¡¢±¿¤¬Îɤ±¤ì¤ÐüîµÒ¹©¶ñ¤òÍøÍѤ·¤¿º¯Àפ¬È¯¸«¤µ¤ì¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£

µ¤¤ò¤Ä¤±¤Æ夭¤¿¤¤¤Î¤Ï¡¢Hacktool¤Îȯ¸«¤Ï¥Í¥Ã¥È¥ï¡¼¥¯¥È¥é¥Õ¥£¥Ã¥¯¤È¥Û¥¹¥È¾å¤Î¥í¥°¤È¤ÎÁê´ØʬÀϤ¬É¬ÍפȤʤ뤳¤È¤¬Â¿¤¤¤Ç¤¹¡£
¤½¤Î¤¿¤á¡¢´ðËܤǤϤ¢¤ê¤Þ¤¹¤¬»öÁ°¤ËOS¤Ê¤É¤Î¥í¥°¤Ë´Ø¤·¤Æ¤â³Î¼Â¤Ë¼èÆÀ¤·¤Æ¤ª¤¯¤³¤È¤ò¤ª´«¤á¤·¤Þ¤¹¡£ÆäËWindows¤Î¥í¥°¥ª¥óÀ®¸ù¤Î¥í¥°¤Ï½ÅÍפǤ¹¡£

²¿¤Ï¤È¤â¤¢¤ì¡¢Hacktool¤¬È¯¸«¤µ¤ì¤¿¾ì¹ç¤ÏLANÆâ¤ÎÊ£¿ô¤Î¥·¥¹¥Æ¥à¤¬¾è¤Ã¼è¤é¤ì¤Æ¤¤¤ë¤³¤È¤òÁ°Äó¤Ë¡¢¿×®¤Ë¥À¥á¡¼¥¸¥³¥ó¥È¥í¡¼¥ë¤ò¿´¤¬¤±¤¿Æ°¤­¤¬½ÅÍפǤ¹¡£
¿¯ÆþÂæ¿ô¤¬¾¯¤Ê¤¤¤³¤È¤òµ§¤ê¤Ä¤Ä¡£

ºÇ¶á¤Î¥Þ¥ë¥¦¥§¥¢´¶À÷¤Îº¯À× - ²èÁü¥Õ¥¡¥¤¥ë¤Ø¤Îµ¶Áõ

ºÇ¶á¤Î¥Þ¥ë¥¦¥§¥¢¤ÏÈó¾ï¤Ë¹ªÌ¯¤Ç¥Ç¥£¥¹¥¯¾å¡¢ÄÌ¿®¤Ê¤É¤«¤é¤Îȯ
¸«¤Ï°ì¶ìÏ«¤Ç¤¹¡£¤½¤Î¤¿¤á¡¢¥Þ¥ë¥¦¥§¥¢´¶À÷¤ÎÁá´üȯ¸«¤¬¡¢º£¤Þ
¤Ç°Ê¾å¤Ë½ÅÍ׻뤵¤ì¤Æ¤¤¤Þ¤¹¡£
¤È¤Ï¤¤¤¨¡¢¥Þ¥ë¥¦¥§¥¢¤ÎÄÌ¿®¤Ë·è¤Þ¤Ã¤¿¥Ñ¥¿¡¼¥ó¤¬¤¢¤ë¤ï¤±¤Ç¤Ï
¤¢¤ê¤Þ¤»¤ó¤Î¤Ç¡¢´Êñ¤Ë¤Ï¸«¤Ä¤«¤é¤Ê¤¤¤Î¤¬¸½¾õ¤Ç¤Ï¤Ê¤¤¤Ç
¤·¤ç¤¦¤«¡£

¤½¤³¤Ç¡¢º£²ó¤Ï¾¯¤·¤Ç¤â»²¹Í¤Ë¤Ê¤ì¤Ð¤È»×¤¤¡¢ºÇ¶áÅÙ¡¹¸«¤«¤±¤ë
¥Þ¥ë¥¦¥§¥¢ÄÌ¿®¤Î¥í¥°¤ò¾Ò²ð¤·¤Æ¤ß¤¿¤¤¤È»×¤¤¤Þ¤¹¡£
Proxy¥í¥°¤Ê¤É¤«¤éHTTP/HTTPS¤Ø¤Î¥ê¥¯¥¨¥¹¥È¥í¥°¤òµù¤ì¤Ð¡¢
¤â¤·¤«¤¹¤ë¤È¡¢Îà»÷¤Î¥í¥°¤¬È¯¸«¤Ç¤­¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£

º£²ó¤Ï¡¢²èÁü¥Õ¥¡¥¤¥ë¤ÎPOST¤Î¤è¤¦¤Ë¸«¤»¤«¤±¡¢¥Þ¥ë¥¦¥§¥¢¤Î
´¶À÷üËö¤Î¥ê¥â¡¼¥ÈÁàºî¤äÀà¼è¤·¤¿¾ðÊó¤Î¥¢¥Ã¥×¥í¡¼¥É¤Ê¤É¤Î
Áàºî¤ò¹Ô¤Ã¤Æ¤¤¤ë¥Ñ¥¿¡¼¥ó¤Ç¤¹¡£
Î㤨¤Ð¡¢¼¡¤ÎPOST¥ê¥¯¥¨¥¹¥È¡ÊÈ´¿è¡Ë¤ÏºÇ¶á¤è¤¯¸«¤«¤±¤ë¤â¤Î
¤Î¤Ò¤È¤Ä¤Ç¤¹¡£

post1

Ãæ±ûÉÕ¶á¤ÎContent-Disposition°Ê²¼¤ò»²¾È¤·¤Þ¤¹¤È¡¢²èÁü¥Õ¥¡¥¤
¥ë¤é¤·¤­¥Õ¥¡¥¤¥ë¡ÊGIF¡Ë¤¬POST¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
¤È¤³¤í¤¬¡¢¤è¤¯¥í¥°¤ò¸«¤Æ¤ß¤ë¤È¡¢²èÁü¥Õ¥¡¥¤¥ë¤Ë¤â´Ø¤ï¤é¤º
Content-Type¤¬¡¢"text/plain" ¤È¤Ê¤Ã¤Æ¤ª¤ê¥Ð¥¤¥Ê¥ê¤Ç¤Ï¤¢¤ê¤Þ
¤»¤ó¡£
# °ìÈÌŪ¤Ë¤Ï image/gif ¤¬ÍøÍѤµ¤ì¤Þ¤¹¡£

¼Â¤Ï¡¢¤³¤Î¥Õ¥¡¥¤¥ë¤ÎÀµÂΤÏDOS¥³¥Þ¥ó¥É¤Î½ÐÎÏ·ë²Ì¤òXOR¤Ç
Éä¹æ²½¤·¤¿¤â¤Î¤Ç¡¢¥Æ¥­¥¹¥È¥Õ¥¡¥¤¥ë¤Ç¤¹¡£
¤½¤Î¤¿¤á¡¢Content-Type¤Ë¤Ï "text/plain" ¤È¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£
# ⤷¡¢¤¤¤í¤¤¤íºÙ¹©¤Ï¤Ç¤­¤Þ¤¹¤Î¤Çɬ¤º¤³¤Î¤è¤¦¤Ë¤Ê¤ë¤È¤Ï¸Â
# ¤ê¤Þ¤»¤ó¡£

¤Ä¤Þ¤ê¡¢¤³¤Î¼ê¸ý¤òÍѤ¤¤Æ¤¤¤ë¥Þ¥ë¥¦¥§¥¢¤Ë´Ø¤·¤Æ¸À¤¨¤Ð¡¢POST
¤·¤Æ¤¤¤ë¤Ë¤â´Ø¤ï¤é¤º¡¢Content-Type¤¬Ì·½â¤·¤Æ¤¤¤ë¤â¤Î¤òõ¤»
¤Ð¡¢¸«¤Ä¤±¤é¤ì¤½¤¦¤Ç¤¹¡£
Proxy¤Î¥í¥°½ÐÎϤÎÀßÄê¤Ê¤É¤Ë¤è¤êõ¤»¤Ê¤¤¾ì¹ç¤Ï¡¢ÂåÂؤȤʤë¥í
¥°¤«¤éõ¤·¤Æ¤ß¤Æ¤¯¤À¤µ¤¤¡£¥í¥°¤¬²¿¤â̵¤¤¾ì¹ç¤Ï¡¢¥í¥°¼ý½¸¤«¤é
»Ï¤á¤ë¤·¤«¤¢¤ê¤Þ¤»¤ó¤¬¡¦¡¦¡¦¡£

¾°¡¢¹âÅ٤ʥ¹¥Æ¥¬¥Î¥°¥é¥Õ¥£¤òÍѤ¤¤¿¤â¤Î¤ä¡¢¶ä²Ï·Ï¤Î¾×ÆͤÎ
µ­»ö¤Ç²òÀ⤵¤ì¤Æ¤¤¤ë¤è¤¦¤Ê¥ì¥Ù¥ë¤Î¤â¤Î¤Ï¡¢»ÄÇ°¤Ê¤¬¤éº£²ó¤Î
´Ê°×Ū¤ÊÊýË¡¤Ç¤Ï¡¢¤¹¤°¤Ë¸«¤Ä¤«¤ê¤Þ¤»¤ó¡£¤â¤¦°ì¹©É×ɬÍפǤ¹¡£

¤È¤¤¤¦¤³¤È¤Ç¡¢º£²ó¤ÏÈæ³ÓŪÍưפ˸«¤Ä¤±¤é¤ì¤½¤¦¤Ê¤â¤Î¤ò¾Ò²ð¤·
¤Æ¤ß¤Þ¤·¤¿¡£»²¹Í¤Ë¤Ê¤ì¤Ð¹¬¤¤¤Ç¤¹¡£

¤Ç¤Ï¡¢Îɤ¤¤ªÇ¯¤ò¡ª


¥½¥Ë¡¼¤ÎPSN¤«¤é¤Î¾ðÊóϳ±Ì¤Ë³Ø¤Ö»ö¸åÂбþºö¤Î½ÅÍ×À­

PSN¤«¤é¤Î¾ðÊóϳ±Ì¤ÇÂçÁû¤®Ãæ¤Ç¤¹¤¬¡¢º¹¤·½Ð¤¬¤Þ¤·¤¤¤è¤¦¤Ç¤¹¤¬¡¢»ä¤â¤Ò¤È¤Ä¥³¥á¥ó¥È¤µ¤»¤Æ夭¤Þ¤¹¡£
¤Á¤Ê¤ß¤Ë¡¢»ä¤â¿·Ê¹³Æ»æ¤Ç½Ð¤Æ¤¤¤ë¾ðÊó°Ê³°¤ÏÃΤê¤Þ¤»¤ó¤Î¤Ç°­¤·¤«¤é¤º¡£

ËÜ·ï¤Ï»ö¸åÂбþºö¤òÁ´¤¯¤·¤Æ¤¤¤Ê¤¤¤«¤Ã¤¿Åµ·¿Åª»öÎã¤À¤È»×¤¤¤Þ¤¹¡£
¥»¥­¥å¥ê¥Æ¥£Âкö¤Ï¡¢Í½Ëɺö¤«¤é»ö¸åÂбþºö¤Þ¤Ç¥Ð¥é¥ó¥¹Îɤ¯¼Â»Ü¤Ç¤­¤ì¤Ð¡¢¤½¤ì¤ËĶ¤·¤¿»ö¤Ï¤¢¤ê¤Þ¤»¤ó¡£¤·¤«¤·¡¢±¿ÍÑÌ̤䥳¥¹¥È¡¢¥ê¥½¡¼¥¹¤Ê¤É¤Î²ÝÂê¤ò¹Í¤¨¤ë¤È¡¢Ã桹¤½¤¦¤Ï¤¤¤«¤Ê¤¤¤Î¤¬¸½¼Â¤Ç¤¹¡£

¤È¤³¤í¤¬¡¢Ëü°ì»ö¸Î¤¬È¯À¸¤·¤¿ºÝ¤Ë¡¢³Î¼Â¤Ë¸ÜµÒ¤Î¿®Íê¤ò¼º¤¦¤Î¤Ï¡¢»ö¸åÂбþºö¤òÂդ俾ì¹ç¤Ç¤¹¡£
¤Ê¤¼¤Ê¤é¤Ð¡¢»ö¸åÂбþºö¤¬¤È¤é¤ì¤Æ¤¤¤ëÁÈ¿¥¤Î¾ì¹ç¡¢Èæ³ÓŪ¸¶°øµæÌÀ¤¬Áᤤ¤¿¤á¤Ç¤¹¡£¤½¤Î¤¿¤á¡¢
¡Ö¡û¡û¤Î²ÄǽÀ­¤Ç¿¯Æþ¤µ¤ì¤¿²ÄǽÀ­¤¬¹â¤¤¤¿¤á¡¢³ÎǧÃæ¤Ç¤¹¡£¡×¤ÈÂè°ìÊó¡£
¡Ö¡û¡û¤Ë¸¶°ø¤¬¤¢¤Ã¤¿¤¿¤á¡¢»êµÞÂкö¤ò¼Â»Ü¤·¤Þ¤·¤¿¡£¡×
¤ÈºÇ½ªÊó¹ð¤¬¤·¤ä¤¹¤¤¤ï¤±¤Ç¤¹¡£

¤½¤ì¤ËÂФ·¡¢»ö¸åÂбþºö¤¬ÉÔ½½Ê¬¤Ç¤¢¤ë¾ì¹ç¡¢¤³¤ì¤¬¸À¤¨¤Þ¤»¤ó¡£
¡Ö±Ô°ÕÄ´ººÃæ¤Ç¤¹¡£¡×
¡Ö¶²¤é¤¯¡¢¡û¡û¤¬¸¶°ø¤À¤È»×¤ï¤ì¤Þ¤¹¡£¡×
¡Ö¼è¤ê¹ç¤¨¤º¡¢¥»¥­¥å¥ê¥Æ¥£Âкö¤ò¶¯²½¤·¤Þ¤·¤¿¡£¡×
¤¯¤é¤¤¤ÎÂæ»ì¤¬¤ªÌó«¤Ç¤¹¡£
¤â¤·¡¢¥æ¡¼¥¶¤Ç¤¢¤Ã¤¿¤é¡¢¤É¤Á¤é¤¬°Â¿´´¶¤¬¤¢¤ë¤Ç¤·¤ç¤¦¤«¡£
ÌÞÏÀ¡¢¹­Êó¤Îȯɽ¤Î»ÅÊý¤Ë¤â¤è¤ê¤Þ¤¹¤¬¡¢»ö¸Î¸å¤Î¥¢¥¯¥·¥ç¥ó¼¡Âè¤ÇÁÈ¿¥¤Ø¤Î±Æ¶Á¤ÏÂ礭¤¯ÊѤï¤ë¤â¤Î¤Ç¤¹¡£
¤¤¤¯¤Ä¤â¡¢Îà»÷¤Î»ö·ï¤ò¸«¤Æ¤­¤Þ¤·¤¿¤¬¡¢º£²ó¤Ï¼ºÇÔ¤Îŵ·¿Åª»öÎã¤Ë±Ç¤ê¤Þ¤¹¡£
IPS¡¢WAF¡¢¥¢¥ó¥Á¥¦¥¤¥ë¥¹¤Ê¤É¤ÎͽËɺö¤À¤±¤¬¥»¥­¥å¥ê¥Æ¥£Âкö¤Ç¤Ï̵¤¤¤Î¤Ç¤¹¡£


¾Ã¤¨¤½¤¦¤Ç¾Ã¤¨¤Ê¤¤Android¥Þ¥ë¥¦¥§¥¢¤ÎÅо줫¡ª¡©

ÀèÆü¤Îµ­»ö¤Ë¤â¼è¤ê¾å¤²¤é¤ì¤Æ¤¤¤Þ¤¹DroidDream¡ÊRootcager¡Ë¤Ë¤Ä¤¤¤Æ¤Ç¤¹¡£
µ­»ö¤Ë¤â¤¢¤ê¤Þ¤¹Ä̤ꡢ¡Ö
rageagainstthecage¡×¤òÍøÍѤ·root¸¢¸Â¤òÃ¥¼è¤·¤Þ¤¹¡£
¤½¤Î¸å¤Ë¥Ñ¥Ã¥±¡¼¥¸¤Ê¤É¤ò¥À¥¦¥ó¥í¡¼¥É¤·¤¿¤ê¤·¤Þ¤¹¡£¾ÜºÙ¤Ï¤³¤Á¤é¡£
»²¹ÍURL: ¿·¤¿¤Ê Android ¤Î¶¼°Ò¤Ë¤è¤ëüËö¤Î root ¸¢¸Â¤Î¼èÆÀ

Android Market¤Ç¥Þ¥ë¥¦¥§¥¢Æþ¤ê¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤¬ÇÛÉÛ¤µ¤ì¤¿¤³¤È¤â¶Ã¤­¤Ç¤¹¤¬¡¢¥Þ¥ë¥¦¥§¥¢¤Ë¤è¤ëroot¸¢¸Â¤ÎÃ¥¼è¤Ï¡¢¡Ö¤Ä¤¤¤ËÍ褿¤«¡ª¡×¤È¤¤¤Ã¤¿°õ¾Ý¤ò»ý¤Á¤Þ¤·¤¿¡£
$ pwd
$ SuperSolo/assets
$ ls -l
total 184
-rw-r--r--  1 analysis  staff  15360  3  4 09:55 GuitarData
-rw-r--r--  1 analysis  staff    347  3  4 09:55 Hallelujah
-rw-r--r--  1 analysis  staff    335  3  4 09:55 Hotel California
-rw-r--r--  1 analysis  staff    346  3  4 09:55 House Of The Rising Sun
-rw-r--r--  1 analysis  staff    331  3  4 09:55 Majors
-rw-r--r--  1 analysis  staff    338  3  4 09:55 Minors
-rw-r--r--  1 analysis  staff    590  3  4 09:55 behold.ivt
-rw-r--r--  1 analysis  staff  15295  3  4 09:55 exploid
-rw-r--r--  1 analysis  staff    566  3  4 09:55 galaxy.ivt
-rw-r--r--  1 analysis  staff    470  3  4 09:55 piezoerm.ivt
-rw-r--r--  1 analysis  staff   3868  3  4 09:55 profile
-rw-r--r--  1 analysis  staff   5392  3  4 09:55 rageagainstthecage ←¤³¤ì¡ª
-rw-r--r--  1 analysis  staff  14075  3  4 09:55 sqlite.db
$
Android¤Î¾ì¹ç¡¢¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¡¢Linux¤Ç¤¤¤¦¤È¤³¤í¤Î°ìÈ̥桼¥¶¸¢¸Â¤ÇÆ°ºî¤·¤Æ¤¤¤Þ¤¹¡£¤³¤ì¤Ï³°Éô¤«¤é»ý¤Á¹þ¤Þ¤ì¤¿¥Þ¥ë¥¦¥§¥¢¤Ë¤ª¤¤¤Æ¤âƱÍͤǤ¹¡£¤½¤Î¤¿¤á¡¢²¾¤Ë¥Þ¥ë¥¦¥§¥¢ÉÕ¤­¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ò¥¤¥ó¥¹¥È¡¼¥ë¤·¤Æ¤·¤Þ¤Ã¤¿¾ì¹ç¤Ë¤ª¤¤¤Æ¤â¡¢Ã¼Ëö¤ËÍ¿¤¨¤ëÈï³²ÈϰϤÏÁÛÁü¤¬¤Ä¤­°×¤¤¤Ç¤¹¡£¤·¤«¤·¡¢root¸¢¸Â¤¬Ã¥¼è¤µ¤ì¤Þ¤¹¤È¡¢¥Þ¥ë¥¦¥§¥¢¤Ï¤³¤ÎÀ©¸Â¤¬Ìµ¤¯¤Ê¤ê¡¢¡Ê¸½¾õ¤Ç¤Ï¡ËÌñ²ð¤Ê¤³¤È¤Ê¤ê¤Þ¤¹¡£

Î㤨¤Ð¡¢¥Þ¥ë¥¦¥§¥¢¤¬¥·¥¹¥Æ¥àÎΰè¤ËÀßÃÖ¤µ¤ì¤¿¤È¤·¤¿¤é¤É¤¦¤Ç¤·¤ç¤¦¤«¡£
¤³¤Î¾ì¹ç¡¢°ìÈ̤Υ¢¥ó¥Á¥¦¥¤¥ë¥¹¡¦¥¢¥×¥ê¤Ç¤Ï¶î½ü¤Ç¤­¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£¤Ê¤¼¤Ê¤é¡¢¥¢¥ó¥Á¥¦¥¤¥ë¥¹¡¦¥¢¥×¥ê¤âÉáÄ̤Υ¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÈƱÍͤθ¢¸Â¤·¤«»ý¤Ã¤Æ¤¤¤Ê¤¤¤¿¤á¤Ç¤¹¡£
¡Ê»ä¤Î¼ê¸µ¤Ë¤¢¤ë¥¢¥×¥ê¤Ç¤Ïºï½ü½ÐÍè¤Æ¤¤¤Þ¤»¤ó¡£¡Ë
¼¡¤Ë¥Ç¡¼¥¿½é´ü²½¤ò»î¤ß¤ë¤³¤È¤ò»×¤¤¤Ä¤¯¤Î¤Ç¤Ï¤Ê¤¤¤Ç¤·¤ç¤¦¤«¡£
¤·¤«¤·¡¢»ÄÇ°¤Ê¤¬¤éAndroid¤Î¥Ç¡¼¥¿½é´ü²½¤Ï¥Ç¡¼¥¿Îΰè¤Î¤ß¤Ç¤¢¤ë¤¿¤á¡¢¥·¥¹¥Æ¥àÎΰèÆâ¤Î¥Þ¥ë¥¦¥§¥¢¤Ïºï½ü¤µ¤ì¤Þ¤»¤ó¡£
·ë¶É¡¢SDK¤òÍѤ¤¤Æ¡¢ºï½ü¤¹¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£¡Êroot²½¤¬É¬Íפˤʤê¤Þ¤¹¡Ë

droiddream1

root¸¢¸Â¤ÎÃ¥¼è¤Ë¤è¤ë¹¶·â¼Ô¦¤Î¥á¥ê¥Ã¥È¤ÈAndroid¤Î»ÅÍͤò¹Í¤¨¤Þ¤¹¤È¡¢root¸¢¸Â¤òÃ¥¼è¤¹¤ë¥Þ¥ë¥¦¥§¥¢¤Ïº£¸å¤Î¥È¥ì¥ó¥É¤È¤Ê¤ê¤½¤¦¤Ç¤¹¡£AndroidüËö¤Ë¤è¤ëËܳÊŪ¤Ê¥Ü¥Ã¥È¥Í¥Ã¥È¤Î¹½ÃÛ¤ÏÍèǯ¤«¤Ê¡¢¤È»×¤Ã¤Æ¤Þ¤·¤¿¤¬¡¢°Õ³°¤Ë¶á¤¤Ì¤Í褫¤â¤·¤ì¤Þ¤»¤ó¡£

¤ä¤Ã¤Ñ¤ê½Ð¤Æ¤­¤¿¡ªAndroid¥Ü¥Ã¥È

¡Ö¤³¤ì¤Ï·ë¹½¥ä¥Ð¤¤¤Î¤Ç¤Ï¡ª¡©¡×¤ÈÏÃÂê¤Î¡ÖGeinimi¡×¡£
ºòǯËö¤Ë¡¢Lookout Mobile Security¤Îµ­»ö¤ÇÊó¹ð¤µ¤ì¡¢º£¸å¤ÎÆ°¸þ¤¬µ¤¤Ë¤Ê¤ê¤Þ¤¹¡£

¸½ºß¤Î¤È¤³¤í¡¢¥Þ¥ë¥¦¥§¥¢¤ÎÇÛ¿®¸µ¤ÏÃæ¹ñ¤Î¸ø¼°³°¥Þ¡¼¥±¥Ã¥È¤Î¤ß¤Ç¤¹¤Î¤Ç¡¢Èï³²ÈϰϤ⤢¤ëÄøÅÙ¸ÂÄꤵ¤ì¤Æ¤¤¤ë¤È»×¤ï¤ì¤Þ¤¹¡£

º£²ó¡¢ÇÛÉÛ¤µ¤ì¤Æ¤¤¤ë¥µ¥¤¥È¤ÎÆâ¤Î£±¤Ä¤òÄ´¤Ù¤Æ¤ß¤Þ¤¹¤È¡¢Geinimi¤¬º®Æþ¤µ¤ì¤¿¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ÏÈæ³ÓŪ¿®Íê¤Î¤ª¤±¤ë¡Ê¡©¡Ë¥¢¥Ã¥×¥í¡¼¥É¿¦¿Í¤¬¥¢¥Ã¥×¤·¤¿¤â¤Î¤Ë´Þ¤Þ¤ì¤Æ¤¤¤Þ¤·¤¿¡£
¡ô¥µ¥¤¥È¤Î¿®ÍêÅÙ¤ÏÊ̤Ȥ·¤Æ¡¦¡¦¡¦
¶²¤é¤¯¡¢¥¢¥Ã¥×¥í¡¼¥É¤·¤¿¥æ¡¼¥¶¤â¡¢Geinimi¤¬º®Æþ¤µ¤ì¤Æ¤¤¤ë¤³¤È¤Ëµ¤ÉÕ¤¤¤Æ¤¤¤Ê¤¤¤È»×¤ï¤ì¤Þ¤¹¡£
¡Ê¤½¤â¤½¤â¡¢¤³¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¼«ÂΤ¬½¦¤¤Êª¤Î²ÄǽÀ­¤¬Â礭¤¤¤Ç¤¹¤¬¡¦¡¦¡¦¡Ë

¤Þ¤¿¡¢¸½ºßÇÛÉÛ¤µ¤ì¤Æ¤¤¤ëGeinimiÆþ¤ê¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤¬¡¢Æó¼¡ÇÛÉÛ¤µ¤ì¤¿¤â¤Î¤È²¾Äꤷ¤Þ¤¹¤È¡¢¥ª¥ê¥¸¥Ê¥ë¤Ï¤É¤³¤«¤Ë¸ºß¤·¤Æ¤¤¤ë¤³¤È¤Ë¤Ê¤ê¤Þ¤¹¡£
¾ì¹ç¤Ë¤è¤Ã¤Æ¤Ï¡¢Ãæ¹ñ¸ì·÷¤«¤éÆüËܸì·÷¡¢±Ñ¸ì·÷¤È¹¶·âÈϰϤò³ÈÂ礷¤Æ¤¯¤ë¤«¤â¤·¤ì¤Ê¤¤¤Ç¤¹¤Í¡£

geinimi_bbs



Geinimi¤ÎÆ°ºî¤Ï¡¢Â¾¤Î¥µ¥¤¥È¤Ç²òÀ⤵¤ì¤Æ¤ª¤ê¤Þ¤¹¤È¤ª¤ê¡¢¡Ö°ÌÃÖ¾ðÊó¡×¤ä¡ÖüËö¾ðÊó¡ÊüËö¼±ÊÌÈÖ¹æ¤ä²ÃÆþ¼Ô¼±Ê̻ҡˡפʤɤòC&C¥µ¡¼¥Ð¤ØÁ÷¿®¤¹¤ë¤Ê¤É¤·¤Þ¤¹¡£
¥â¥Ð¥¤¥ë¥»¥­¥å¥ê¥Æ¥£¤ÎÀìÌç²È¤Î¤´»ØƳ¤Î¤â¤È¡¢GeinimiÆþ¤ê¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ò¥Ð¥é¤·¤Æ¤ß¤Þ¤·¤¿¡£
¡Êapk³ÈÄ¥»Ò¤ÏZIP·Á¼°¡Ë
Á÷¿®¤µ¤ì¤ë²Õ½ê¤ò»²¾È¤·¤Þ¤¹¤È¡¢Ã¼ËöÆâ¤Î¾ÜºÙ¤Ê¾ðÊó¤¬Á÷¿®¤µ¤ì¤ë¤³¤È¤¬²¿¤È¤Ê¤¯Ê¬¤«¤ë¤È»×¤¤¤Þ¤¹¡£

~/Geinimi_APP/smali/com/dseffects/MonkeyJump2/jump2/e/p.smali ¢« ¤³¤ì
method=post&IMEI=
&IMSI=
&AdID=
&CPID=
&PTID=
&SALESID=
&msgType=
imei=
&imsi=
&sms=
&type=send
&latitude=
&longitude=
&type=receive
&phone=
&MODEL=%s&BOARD=%s&BRAND=%s&CPU_ABI=%s&DEVICE=%s&DISPLAY=%s&FINGERPRINT=%s&HOST=%s&ID=%s&MANUFACTURER=%s&PRODUCT=%s&TAGS=%s&TIME=%s&TYPE=%s&USER=%s&SoftwareVersion=%s&Line1Number=%s&NetworkCountryIso=%s&NetworkOperator=%s&NetworkOperatorName=%s&NetworkType=%s&PhoneType=%s&SimCountryIso=%s&SimOperator=%s&SimOperatorName=%s&SimSerialNumber=%s&SimState=%s&SubscriberId=%s&VoiceMailNumber=%s&CPID=%s&PTID=%s&SALESID=%s&DID=%s&sdkver=%s&autosdkver=%s&shell=%s
¥Ç¡¼¥¿¤ÎÁ÷¿®Àè¤Ï¡¢SANS¤Ç¤â¾Ò²ð¤µ¤ì¤Æ¤¤¤ëÄ̤ꡢ¼¡¤Î¥É¥á¥¤¥ó¤Ç¤¹¡£
¤¤¤º¤ì¤â´û¤ËÀܳ¤Ç¤­¤Þ¤»¤ó¡£
www.widifu.com:8080;www.udaore.com:8080;www.frijd.com:8080;www.islpast.com:8080;
www.piajesj.com:8080;www.qoewsl.com:8080;www.weolir.com:8080;www.uisoa.com:8080;
www.riusdu.com:8080;www.aiucr.com:8080;117.135.134.185:8080

¹¶·â¼Ô¦¤ÎÌÜŪ¤Ï¡¢AndroidüËö¤Î¾ðÊó¤Ç¤¢¤ë¤³¤È¤ÏÍưפËÁÛÁü¤Ç¤­¤Þ¤¹¤¬¡¢¤³¤ì¤é¤Î¾ðÊ󤬲¿¤Ë°­ÍѤµ¤ì¤è¤¦¤È¤·¤Æ¤¤¤ë¤Î¤«¤¬¡¢Èó¾ï¤Ë¶½Ì£¿¼¤¤¤È¤³¤í¤Ç¤¹¡£
ºòǯ¤ÎZeuS¤¬MITMO¡ÊMan in the Mobile¡Ë¤ò»È¤Ã¤Æ¥â¥Ð¥¤¥ë¡¦¥Ð¥ó¥­¥ó¥°¸ýºÂ¤Îǧ¾Ú¤òÇˤ俤³¤È¤¬¤Á¤ç¤Ã¤ÈÏÃÂê¤Ë¤Ê¤ê¤Þ¤·¤¿¡£¤³¤Î¤È¤­¤Î¹¶·âÂоݤϥ֥é¥Ã¥¯¥Ù¥ê¡¼¤Ê¤É¤Ç¤·¤¿¤¬¡¢¤â¤·AndroidüËö¤ò¾è¤Ã¼è¤é¤ì¤¿¤³¤È¤ò¹Í¤¨¤Þ¤¹¤È¡¢ÆüËܤΤ褦¤ÊÊØÍøµ¡Ç½ËþºÜ¤ÊüËö¤ÏÈó¾ï¤Ë¶²¤¤¤Ê¤¡¡¦¡¦¡¦¤È»×¤¦¤Î¤Ï»ä¤À¤±¤Ç¤·¤ç¤¦¤«¡£

º£¸å¡¢¥¹¥Þ¡¼¥È¥Õ¥©¥ó¤ÎÉáµÚΨ¤òƧ¤Þ¤¨¤Þ¤¹¤È¡¢¤µ¤é¤ËAndroidüËö¤òÁÀ¤Ã¤¿¥Þ¥ë¥¦¥§¥¢¤ÏÁý²Ã¤·¤Æ¤¤¤¯¤³¤È¤¬Í½ÁÛ¤µ¤ì¤Þ¤¹¡£
¤½¤Î¿¤¯¤Ï¡¢Geinimi¤Î¤è¤¦¤Ê¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ëº®Æþ¤¹¤ë¥¿¥¤¥×¤¬Â¿¤¤¤È»×¤Ã¤Æ¤¤¤Þ¤¹¡£

¤³¤ì¤é¤ÎÂкö¤È¤·¤Æ¤Ï¡¢Lookout¤Ê¤É¤Ç¤âµ­ºÜ¤µ¤ì¤Æ¤¤¤ë¤è¤¦¤Ë¡¢
¡¦¿®Íê¤Ç¤­¤ë¥µ¥¤¥È¤«¤é¤Î¤ß¥¢¥×¥ê¤ò¥À¥¦¥ó¥í¡¼¥É¤¹¤ë
¡¦¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤ò¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ëºÝ¤Ëɽ¼¨¤µ¤ì¤ë·Ù¹ð¤ò³Îǧ¤¹¤ë
¡¦¥¹¥Þ¡¼¥È¥Õ¥©¥ó¤Ê¤É¤Î¿¶¤ëÉñ¤¤¤Ë°Û¾ï¤¬¤Ê¤¤¤«¤É¤¦¤«¥Á¥§¥Ã¥¯¤¹¤ë
¤ÏÌÞÏÀ¤Î¤³¤È¡¢AndroidüËö¸þ¤±¤Î¥¢¥ó¥Á¥¦¥¤¥ë¥¹¥½¥Õ¥È¥¦¥§¥¢¤ò¥¤¥ó¥¹¥È¡¼¥ë¤Ï˺¤ì¤º¤Ë¤·¤Æ¤ª¤­¤¿¤¤¤È¤³¤í¤Ç¤¹¡£

Íèǯ¤Ë¤Ï¤É¤¦¤Ê¤Ã¤Æ¤¤¤ë¤«¡¦¡¦¡¦Èó¾ï¤Ë¶½Ì£¿¼¤¤¤Ç¤¹¤Í¡ª

¤¢¤Ã¤Á¤Ç¤â¤³¤Ã¤Á¤Ç¤â¥¯¥ê¥¹¥Þ¥¹¡¦¥×¥í¥â¡¼¥·¥ç¥ó

º£Ç¯¤â¥¯¥ê¥¹¥Þ¥¹¡¦¥¢¥¿¥Ã¥¯¤¬¤Á¤é¤Û¤é»Ï¤Þ¤ê¤Þ¤·¤¿¡£
¤ªº×¤ê¤ß¤¿¤¤¤Ê¤â¤Î¤Ê¤Î¤Ç¡¢Êü¤Ã¤Æ¤ª¤­¤Þ¤·¤ç¤¦¡£
¡ô²þ¤¶¤ó¥Ú¡¼¥¸¤Î¥Ç¥¶¥¤¥ó¤â¡¢²¿¤È¤Ê¤¯¹¬¤»¤½¤¦¤Ç¤¹¡¦¡¦¡¦¡£

xmas_deface

¥¯¥ê¥¹¥Þ¥¹¤ËÊؾ褷¤Æ¤¤¤ë¤Î¤Ï¡¢¥¯¥é¥Ã¥«¡¼¤À¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¡£
¿·¤·¤¤¹¶·â¥Ä¡¼¥ë¤ä¤é¥Þ¥ë¥¦¥§¥¢¤â¥¯¥ê¥¹¥Þ¥¹¡¦¥×¥í¥â¡¼¥·¥ç¥ó¤ò¤Ï¤¸¤á¤Æ¤¤¤ë¤è¤¦¤Ç¤¹¡£¡Ê¾Ð¡Ë
¥»¡¼¥ë¤Ï´ü´Ö¸ÂÄê¤Ç¤·¤ç¤¦¤«¤é¡¢°­ÍѤµ¤ì¤À¤¹¤Î¤Ïǯ»Ï°Ê¹ß¤È¿ä¬¤µ¤ì¤Þ¤¹¡£
¤³¤ì¤é¤ÎÃ椫¤é¡¢Íèǯ¥Ö¥ì¥¤¥¯¤¹¤ë¥Þ¥ë¥¦¥§¥¢¤¬½Ð¤Æ¤¯¤ë¤«¤â¤·¤ì¤Þ¤»¤ó¡£

¼è¤ê¹ç¤¨¤º¡¢Ç¯Ëöǯ»Ï¤Î¤ªµÙ¤ß¤ËÆþ¤ëÁ°¤Ë¡¢¥µ¡¼¥Ð¤äPC¤ÎÂçÁݽü¤äÀ°È÷¤â¤ªËº¤ì¤Ê¤¯¡ª

¥ê¥¢¥ë¤È¥µ¥¤¥Ð¡¼¤Î¶¹´Ö¤Ç ¡Á APEC¤«¤é¤ß¤ë¥µ¥¤¥Ð¡¼¥Æ¥í

APEC¤¬Ìµ»ö½ªÎ»¤·¡¢Êª¡¹¤·¤«¤Ã¤¿²£Éͤ⤹¤Ã¤«¤ê¤¤¤Ä¤â¤ÎÉ÷·Ê¤ËÌá¤ê¤Þ¤·¤¿¡£
APEC¤È¤¤¤¨¤Ð¡¢²áµî¤Ë¥¹¥Ú¥¤¥ó¤Ç³«ºÅ¤µ¤ì¤¿ºÝ¤ËÇúÇË¥Æ¥í¤¬»×¤¤½Ð¤µ¤ì¤Þ¤¹¡£¤¢¤Î¤è¤¦¤Ê¥Æ¥í¤¬µ¯¤­¤Ê¤¤¤è¤¦¡¢²£ÉͤηÙÈ÷¤Ï¸·²üÂÖÀª¤Ç¹Ô¤ï¤ì¤Æ¤¤¤¿¤ï¤±¤Ç¤¹¡£¤½¤Î¹ÃÈå¤â¤¢¤ê¡¢Âç»ö¤â¤Ê¤¯Ìµ»öÊIJñ¤·¤Þ¤·¤¿¡£

¤È¤³¤í¤Ç¡¢APEC¤Î»öÁ°»ñÎÁ¤Ç¤¢¤ë¡Ö2010ǯAPEC¤ÎÀ®¸ù¤Ë¸þ¤±¤Æ¡×¤Ë¡¢¥µ¥¤¥Ð¡¼¶õ´Ö¤â·ÙÈ÷ÂоݤȤʤäƤ¤¤¿¤³¤È¤Ï¤´Â¸ÃΤǤ·¤¿¤Ç¤·¤ç¤¦¤«¡©
¥Æ¥í¤È¤¤¤¦¤È²á·ãÇɤΥ¤¥á¡¼¥¸¤¬¤¢¤ê¡¢¤¢¤Þ¤ê¥¤¥ó¥¿¡¼¥Í¥Ã¥È¡¦¥»¥­¥å¥ê¥Æ¥£¤È´Ø·¸¤Ê¤µ¤½¤¦¤Ç¤¹¤è¤Í¡£¤·¤«¤·¡¢¼Â¤ÏStuxnet¤¬ÏÃÂê¤Ë¤Ê¤Ã¤¿¤è¤¦¤Ë¡¢IT¤â¥Æ¥í¤ËÍøÍѤµ¤ì¤ë²ÄǽÀ­¤¬¤¢¤ë¤¿¤á¡¢¥Í¥Ã¥È¾å¤â¸·²üÂÖÀª¡Ê¡©¡Ë¤À¤Ã¤¿¤ï¤±¤Ç¤¹¡£

»ä¤É¤â¤¬¡Ê¤³¤Ã¤½¤ê¡Ë¼Â»Ü¤·¤¿Ä´ºº¤Ç¤Ï¡¢°ÊÁ°¤«¤éÉðÁõÁÈ¿¥¤È¿ä¬¤µ¤ì¤ë¥µ¡¼¥Ð¤«¤é¥µ¥¤¥Ð¡¼¹¶·â¤¬¹Ô¤ï¤ì¤Æ¤¤¤¿¤³¤È¤¬Ê¬¤«¤Ã¤Æ¤¤¤Þ¤¹¡£
JSOC¤ËÃßÀѤµ¤ì¤Æ¤¤¤ë¹¶·â¸µ¥Ç¡¼¥¿¡Êº£Ç¯1·î¤«¤é9·î¤Þ¤Ç¡Ë¤È¡¢ÉðÎÏÁÈ¿¥¤¬ÍøÍѤ·¤Æ¤¤¤ë¤È¿ä¬¤µ¤ì¤ëIP¥¢¥É¥ì¥¹¤È¾È¹ç¤·¥Þ¥Ã¥Ô¥ó¥°¤·¤Þ¤¹¤È¡¢ÂçÂΤ³¤ó¤Ê´¶¤¸¤Ë¤Ê¤ê¤Þ¤¹¡£

terro_2010

²¿¤È¤Ê¤¯¤Ç¤¹¤¬¡¢·¹¸þ¤ò¸«¤Þ¤¹¤ÈÂ礭¤ÊÉðÎÏÁÈ¿¥¤Û¤É¹¶·â¥ì¥Ù¥ë¤Ï¹â¤¯¡¢Ëܵ¤ÅÙ¤â¹â¤¤¤è¤¦¤Ë»×¤¤¤Þ¤·¤¿¡£¤Þ¤¿¡¢¹¶·â¤ÎÆâÍƤǤ¹¤¬¡¢SQL¥¤¥ó¥¸¥§¥¯¥·¥ç¥ó¤«¤éTrojan¤ÎÇÛÉÛ¤Þ¤ÇÍÍ¡¹¤Ç¡¢³ÆÁÈ¿¥Ëè¤Ë»×ÏǤ¬°Û¤Ê¤ë¤è¤¦¤Ç¤¹¡£
»ÄÇ°¤Ê¤¬¤é¡¢¹¶·âÌÜŪ¤¬»ñ¶âĴãÌÜÅö¤Æ¤Ê¤Î¤«¡¢Stuxnet¤Î·ï¤Ç±½¤µ¤ì¤ë¤è¤¦¤Ë½ÅÍ×¥¤¥ó¥Õ¥é¤òÁÀ¤Ã¤¿¤â¤Î¤«¤Ï¡¢¸½Ãʳ¬¤Ç¤ÏÉÔÌÀ¤Ç¤¹¡£

¸½ºß¡¢¥Í¥Ã¥ÈÀܳ¤Î½ÐÍè¤Ê¤¤¹ñ¤ÏËؤÉ̵¤¤¤È¸À¤ï¤ì¤Æ¤¤¤Þ¤¹¡£Åö¤¿¤êÁ°¤Ç¤¹¤¬¡¢¤³¤ì¤Ï¤É¤³¤«¤é¤Ç¤â¥µ¥¤¥Ð¡¼¥Æ¥í¤¬¼Â¹Ô²Äǽ¤Ç¤¢¤ë¤È¤¤¤¦¤³¤È¤Ç¤¹¡£
¤µ¤¹¤¬¤Ë¡¢Â¿¤¯¤Î¹¶·â¤Ï¥Æ¥í¤È¤Ï´Ø·¸¤Î¤Ê¤¤¤â¤Î¤À¤È¤Ï»×¤¤¤Þ¤¹¤¬¡¢´ö¤Ä¤«¤Ï¥Æ¥í¤È´ØÏ¢¤·¤¿¹¶·â¤À¤È¤¤¤¦¤³¤È¤Ï¸À¤¨¤½¤¦¤Ç¤¹¡£
¤Ä¤Þ¤ê¡¢¤â¤·¤«¤¹¤ë¤È¼«Ê¬¤Î²ñ¼Ò¤¬º£¼õ¤±¤Æ¤¤¤ë¹¶·â¤Ï¡¢¼Â¤Ï¥Æ¥í¤Î°ìÉô¤Ê¤Î¤«¤â¤·¤ì¤Ê¤¤¤ï¤±¤Ç¤¹¡ª
¤³¤¦¹Í¤¨¤ë¤È¡¢¤Á¤ç¤Ã¤È¤Ï¥Æ¥í¤¬¿È¶á¤Ë´¶¤¸¤é¤ì¤ë¤Î¤Ç¤Ï¤Ê¤¤¤Ç¤·¤ç¤¦¤«¡©¡Ê¾Ð¡Ë
¡ô¤È¤¤¤Ã¤Æ¤â¡¢¼Â´¶¤¬Ìµ¤¤¤Î¤Ç¥ª¥Ð¥±¤Î·Ù¹ð¤ß¤¿¤¤¤Ç¤¹¤¬¡£¡£¡£

¼¡²ó¡¢ÆüËܤÇÂ礭¤Ê¹ñºÝ¥¤¥Ù¥ó¥È¤¬¤¢¤ëºÝ¤Ï¡¢À§Èó¥µ¥¤¥Ð¡¼¥Æ¥íÂкö¤Ë¤âÌܤò¸þ¤±¤Æ¤ß¤Æ¤¯¤À¤µ¤¤¡ª
¤­¤Ã¤È¡¢¥¤¥ó¥¿¡¼¥Í¥Ã¥È¡¦¥»¥­¥å¥ê¥Æ¥£¤òÄ̤¸¤ÆÀ¤³¦¤¬¿È¶á¤Ë´¶¤¸¤é¤ì¤ë¤«¤È»×¤¤¤Þ¤¹¡£

¤½¤ÎApache¤Î¥â¥¸¥å¡¼¥ë¤ÏËÜʪ¤Ç¤¹¤«¡©

ÎÙÉô²°¤Ë³ÖÎ¥Ãæ¤ÎSEKIÂâ°÷Û©¤¯¡¢
Apache¤Î¥â¥¸¥å¡¼¥ë¤¬²þ¤¶¤ó¤µ¤ì¤¿¥¦¥§¥Ö¥µ¥¤¥È¤¬³Îǧ¤µ¤ì¡¢·ë¹½Ìñ²ð¤È¤Î¤³¤È¡£

ºÇ¶á¤Î¥¦¥§¥Ö¥µ¥¤¥È¤Î²þ¤¶¤ó¤È¤¤¤¨¤Ð¡¢iframe¤äJavaScript¤ÎÁÞÆþ¤¬¼çή¤Ç¤¹¡£¤³¤ì¤é¤Ï¡¢ÌÜ»ë¤Ç¤â³Îǧ¤¹¤ë¤³¤È¤¬²Äǽ¤Ç¤¹¡£¤½¤Î¤¿¤á¡¢grep¥³¥Þ¥ó¥É¤ò»È¤Ã¤¿´Ê°×¥Á¥§¥Ã¥¯¤ò¼Â»Ü¤·¤¿Êý¤â¿¤¤¤Î¤Ç¤Ï¤Ê¤¤¤Ç¤·¤ç¤¦¤«¡£¤Þ¤¿¡¢ÁÞÆþ¤ÎÂоݥե¡¥¤¥ë¤Ï¡¢Â¿¤¯¤Î¾ì¹ç¤Ï¥³¥ó¥Æ¥ó¥Ä¥Õ¥©¥ë¥ÀÆâ¤Ê¤Î¤Ç¡¢¥»¥­¥å¥ê¥Æ¥£¥Ä¡¼¥ë¤Ê¤É¤¬²þ¤¶¤ó¤ò¸¡ÃΤ·¤Æ¤¯¤ì¤ë¥±¡¼¥¹¤â¤¢¤Ã¤¿¤«¤È»×¤¤¤Þ¤¹¡£

¤·¤«¤·¡¢²þ¤¶¤óÂоݤ¬Apache¤Î¥â¥¸¥å¡¼¥ë¤È¤Ê¤ë¤È¡¢Ï䬰㤤¤Þ¤¹¡£¤µ¤¹¤¬¤Ë¡¢¥µ¡¼¥Ð¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Î¥â¥¸¥å¡¼¥ë¤Þ¤Ç¥Á¥§¥Ã¥¯¤·¤Æ¤¤¤ë¥¦¥§¥Ö´ÉÍý¼Ô¤Ï¾¯¤Ê¤¤¤Î¤Ç¤Ï¤Ê¤¤¤Ç¤·¤ç¤¦¤«¡£

°ÊÁ°¡¢¾Ò²ð¤·¤¿.htaccess¤Î²þ¤¶¤ó¤âµ¤ÉÕ¤­¤Å¤é¤¤¤Ç¤¹¤¬¡¢Apache¤Î¥â¥¸¥å¡¼¥ë¤Ï¤µ¤é¤Ëµ¤ÉÕ¤­¤Å¤é¤¤¤Ç¤¹¡£¤·¤«¤â¥Ð¥¤¥Ê¥ê¥Õ¥¡¥¤¥ë¤Ç¤¹¤Î¤Ç¡¢¤Á¤ç¤Ã¤ÈÄ´¤Ù¤Æ¤ß¤è¤¦¤«¤Ê¡¢¤Ê¤ó¤Æ»×¤¦µ¤¹ç¤¤¤ÎÆþ¤Ã¤¿¥¦¥§¥Ö¥µ¥¤¥È´ÉÍý¼Ô¤â¿¤¯¤Ï¤Ê¤¤¤Ï¤º¤Ç¤¹¡£

apache_module

¤¤¤¤²Ã¸º¡¢µ¤¤¬ÌÇÆþ¤Ã¤Æ¤­¤Þ¤¹¤è¤Í¡£
¸½ºß¤Î¤È¤³¤í¡¢¿ô·ï¡ÊÊÒ¼ê¤Ç¿ô¤¨¤é¤ì¤ëÄøÅ١ˤ·¤«»öÎã¤ò³Îǧ¤·¤Æ¤ª¤ê¤Þ¤»¤ó¤Î¤Ç¡¢Âçή¹Ô¤È¤¤¤¦¤ï¤±¤Ç¤Ï¤¢¤ê¤Þ¤»¤ó¤¬¡¢Ãí°Õ¤ÏɬÍפ½¤¦¤Ç¤¹¡£
¤ªÂð¤ÎApache¤Ï¡¢Âç¾æÉפ½¤¦¤Ç¤¹¤«¡©
¡ôÆäËÊüÃÖ¤µ¤ì¤¿¥µ¡¼¥Ð¤ÏÍ×¥Á¥§¥Ã¥¯¤Ç¤¹¡ª
¥Ð¥Ã¥¯¥Ê¥ó¥Ð¡¼
¥»¥­¥å¥ê¥Æ¥£´ØÏ¢¥ê¥ó¥¯
¥»¥­¥å¥ê¥Æ¥£µ¡´Ø

À¯ÉÜ´ØÏ¢

¥»¥­¥å¥ê¥Æ¥£´ØÏ¢ÃÄÂÎ

¸¦µæµ¡´Ø¡¦Âç³Ø
¾ÜºÙ¥«¥Æ¥´¥ê
¥á¥Ç¥£¥¢´Ø·¸¼Ô¤Î³§ÍͤØ
¥¨¥Õ¥»¥­¥å¥¢¥Ö¥í¥°¥á¥ó¥Ð¡¼
¥¨¥Õ¥»¥­¥å¥¢¥Ö¥í¥°¥á¥ó¥Ð¡¼
¥ß¥Ã¥³¡¦¥Ò¥Ã¥Ý¥Í¥ó
¥¨¥Õ¥»¥­¥å¥¢ CRO¡Ê¥»¥­¥å¥ê¥Æ¥£¸¦µæ½ê¼çÀʸ¦µæ°÷¡Ë¡Ê¥Ø¥ë¥·¥ó¥­¡Ë
(Twitter¥¢¥«¥¦¥ó¥È)
(¸¦µæ½êTwitter)
¥·¥ç¡¼¥ó¡¦¥µ¥ê¥Ð¥ó
¥¨¥Õ¥»¥­¥å¥¢ ¥»¥­¥å¥ê¥Æ¥£¡¦¥¢¥É¥Ð¥¤¥¶¡¼¡Ê¥Ø¥ë¥·¥ó¥­¡Ë
(Twitter¥¢¥«¥¦¥ó¥È)
¹â´Ö ¹äŵ
¥á¥¿¡¦¥¢¥½¥·¥¨¥¤¥ÄÂåɽ
(¸ø¼°¥Ö¥í¥°)
(Twitter¥¢¥«¥¦¥ó¥È)
À±ß· ͵Æó
³ô¼°²ñ¼Ò¥»¥­¥å¥¢¥Ö¥ì¥¤¥ó ºÇ¹âµ»½ÑÀÕǤ¼Ô
(¸ø¼°¥Ö¥í¥°)
(¿Íʪ¾Ò²ð)
´ä°æ Çî¼ù
¥Ç¥í¥¤¥È ¥È¡¼¥Þ¥Ä ¥ê¥¹¥¯¥µ¡¼¥Ó¥¹³ô¼°²ñ¼Ò (¡Á2013ǯ3·î ³ô¼°²ñ¼Ò¥é¥Ã¥¯) ¾ðÊ󥻥­¥å¥ê¥Æ¥£Âç³Ø±¡Âç³Ø¡¡µÒ°÷¸¦µæ°÷
(Twitter¥¢¥«¥¦¥ó¥È)

(¿Íʪ¾Ò²ð)
Ê¡¿¹ Âç´î
³ô¼°²ñ¼Ò¥µ¥¤¥Ð¡¼¥Ç¥£¥Õ¥§¥ó¥¹¸¦µæ½ê ¾åµéʬÀÏ´±
CDI-CIRT¥á¥ó¥Ð¡¼
(¿Íʪ¾Ò²ð)
±­»ô¡¡Íµ»Ê
³ô¼°²ñ¼ÒFFRI Âåɽ¼èÄùÌò¼ÒĹ
(¿Íʪ¾Ò²ð)
Ê¡ËÜ¡¡²ÂÀ®
³ÚÅ·³ô¼°²ñ¼Ò
¼¹¹ÔÌò°÷
OWASP Japan
¥¢¥É¥Ð¥¤¥¶¥ê¡¼¥Ü¡¼¥É
Rakuten-CERT representative
(¿Íʪ¾Ò²ð)
¿ÀÅÄ µ®²í
¥¨¥Õ¥»¥­¥å¥¢³ô¼°²ñ¼Ò ¥×¥í¥À¥¯¥È¥°¥ë¡¼¥× ÉôĹ
ÉÙ°Â Íβð
¥¨¥Õ¥»¥­¥å¥¢³ô¼°²ñ¼Ò ¥×¥í¥À¥¯¥È¥°¥ë¡¼¥×
¥³¡¼¥Ý¥ì¡¼¥È¥»¡¼¥ë¥¹¥Á¡¼¥à
¥¨¥Õ¥»¥­¥å¥¢³ô¼°²ñ¼Ò
(¥¨¥Õ¥»¥­¥å¥¢¥Ö¥í¥°¸ø¼°Twitter¥¢¥«¥¦¥ó¥È)

³¤³°µ­»öËÝÌõ
³ô¼°²ñ¼Ò¥¤¥á¡¼¥¸¥º¡¦¥¢¥ó¥É¡¦¥ï¡¼¥º
¥¨¥Õ¥»¥­¥å¥¢¥á¡¼¥ë¥Þ¥¬¥¸¥ó

¥Ö¥í¥°¤ËºÜ¤é¤Ê¤¤¥á¥ë¥Þ¥¬¸ÂÄê¾ðÊó¤ä¡¢µ»½Ñ¼Ô¥¤¥ó¥¿¥Ó¥å¡¼¡¢À½ÉʾðÊó¡¢µ»½Ñ²òÀâ¤ò·ÇºÜ¤·¤ÆËè·î°ì²óÇÛ¿®¤·¤Þ¤¹¡£¥¢¥É¥ì¥¹¤Î¤ß¤ÎÅÐÏ¿¤Ç¹ØÆÉ̵ÎÁ¡£

¥¨¥Õ¥»¥­¥å¥¢¥Ö¥í¥°£Ñ£Ò¥³¡¼¥É
QR¥³¡¼¥É