{"id":3439,"date":"2015-09-14T03:01:04","date_gmt":"2015-09-14T03:01:04","guid":{"rendered":"http:\/\/www.kaspersky.com.cn\/blog\/?p=3439"},"modified":"2020-02-27T00:17:45","modified_gmt":"2020-02-26T16:17:45","slug":"security-week-37-bug-bugzilla-carbanak-is-back-and-%d1%81c-gone-fishing","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.cn\/blog\/security-week-37-bug-bugzilla-carbanak-is-back-and-%d1%81c-gone-fishing\/3439\/","title":{"rendered":"\u300a\u5b89\u5168\u5468\u62a5\u300b\u7b2c37\u671f\uff1a bugzilla\u7684 bug\u4fe1\u606f\u5916\u6cc4\u3001Carbanak&#8221;\u5377\u571f\u91cd\u6765&#8221;\u4ee5\u53ca\u5229\u7528\u0421&amp;C\u5b9e\u65bd\u7f51\u7edc\u9493\u9c7c"},"content":{"rendered":"<p>\u5728\u6211\u4eec<u><a href=\"https:\/\/www.kaspersky.com.cn\/blog\/?s=%E5%AE%89%E5%85%A8%E5%91%A8%E6%8A%A5&amp;submit=Search\" target=\"_blank\" rel=\"noopener\">\u7206\u70b8\u6027\u7684\u70ed\u95e8\u65b0\u95fb\u7cfb\u5217\u201dInfosec news\u201d<\/a><\/u>\u7684\u65b0\u4e00\u671f\u4e2d\uff0c\u6211\u4eec\u5c06\u4e3a\u60a8\u5e26\u6765\u4ee5\u4e0b\u5185\u5bb9\uff1a<\/p>\n<ul>\n<li>Bugzilla\u906d\u9ed1\u5ba2\u653b\u7834\u7ed9\u6211\u4eec\u6572\u54cd\u4e86\u8b66\u949f\uff1a\u5b8c\u5168\u6709\u5fc5\u8981\u8bbe\u7f6e\u9ad8\u5f3a\u5ea6\u548c\u552f\u4e00\u5bc6\u7801\u3002<\/li>\n<li>\u5bfc\u81f4\u7f51\u7edc\u653b\u51fb\u8005\u4ece\u5404\u5927\u91d1\u878d\u7ec4\u7ec7\u7a83\u53d6\u6570\u767e\u4e07\u7f8e\u5143\u7684Carbanak\u9ed1\u5ba2\u6d3b\u52a8\u5728\u6b27\u6d32\u548c\u7f8e\u56fd\u201d\u5377\u571f\u91cd\u6765\u201d\u3002<\/li>\n<li>\u5361\u5df4\u65af\u57fa\u5b9e\u9a8c\u5ba4\u7814\u7a76\u53d1\u73b0\u4e86\u4e00\u79cd\u589e\u5f3a\u7f51\u7edc\u95f4\u8c0dC&amp;C\u670d\u52a1\u5668\u9690\u79d8\u7ea7\u522b\u7684\u65b9\u6cd5\uff0c\u53ef\u4ece\u201d\u975e\u5e38\u96be\u4ee5\u8ffd\u8e2a\u201d\u7ea7\u522b\u63d0\u9ad8\u81f3\u201d\u6839\u672c\u65e0\u6cd5\u8ffd\u8e2a\u201d\u7ea7\u522b\u3002<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/97\/2015\/09\/06151135\/security-week-37-glass.jpg\" alt=\"\" width=\"1280\" height=\"840\"><\/p>\n<p>\u518d\u6b21\u91cd\u7533\u6211\u4eec\u300a\u5b89\u5168\u5468\u62a5\u300b\u7684\u7f16\u8f91\u539f\u5219\uff1a\u6bcf\u5468<u><a href=\"https:\/\/threatpost.com\/\" target=\"_blank\" rel=\"noopener nofollow\">Threatpost<\/a><\/u>\u56e2\u961f\u90fd\u4f1a\u7cbe\u5fc3\u6458\u9009\u4e09\u6761\u5f53\u5468\u8981\u95fb\uff0c\u5e76\u52a0\u4e0a\u672c\u4eba\u7684\u8f9b\u8fa3\u8bc4\u8bba\u3002<\/p>\n<p><strong>Bugzilla<\/strong><strong>\u7684<\/strong><strong>bug<\/strong><strong>\u6570\u636e\u5e93\u906d\u9ed1\u5ba2\u653b\u7834<\/strong><\/p>\n<p><u><a href=\"https:\/\/threatpost.com\/attacker-compromised-mozilla-bug-system-stole-private-vulnerability-data\/114552\/\" target=\"_blank\" rel=\"noopener nofollow\">\u65b0\u95fb<\/a><\/u>\u3002\u6709\u5173\u8fd9\u4e00\u7f51\u7edc\u653b\u51fb\u7684<u><a href=\"https:\/\/ffp4g1ylyit3jdyti1hqcvtb-wpengine.netdna-ssl.com\/security\/files\/2015\/09\/bugzillafaq.pdf\" target=\"_blank\" rel=\"noopener nofollow\">\u5e38\u89c1\u95ee\u9898<\/a><\/u>\u3002<\/p>\n<p>\u5728\u4e0a\u4e00\u671f\u7684\u300a\u5b89\u5168\u5468\u62a5\u300b\u4e2d\uff0c\u6211\u63d0\u51fa\u4e86\u6240\u8c13<u><a href=\"https:\/\/www.kaspersky.com.cn\/blog\/security-week-34-one-cannot-simply-patch\/3385\/\" target=\"_blank\" rel=\"noopener\">\u201c\u8d1f\u8d23\u4efb\u7684\u4fe1\u606f\u62ab\u9732\u201d\u7684\u95ee\u9898<\/a><\/u>\uff0c\u540c\u65f6\u8fd8\u5217\u4e3e\u4e86\u7f51\u7edc\u516c\u53f8\u5bf9\u62ab\u9732\u6240\u53d1\u73b0bug\u76f8\u5173\u4fe1\u606f\u7684\u4e0d\u540c\u610f\u613f\u3002\u6709\u5173Mozilla\u7684bug\u8ffd\u8e2a\u5668\u906d\u9ed1\u5ba2\u653b\u7834\u7684\u65b0\u95fb\u53ef\u8c13\u662f\u8fd9\u65b9\u9762\u7684\u5b8c\u7f8e\u8303\u4f8b\uff1a\u6709\u65f6\u5019\u9690\u85cf\u5b58\u5728\u6f0f\u6d1e\u7684\u4fe1\u606f\u672a\u5c1d\u4e0d\u662f\u597d\u4e8b\u3002<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Attacker Compromised <a href=\"https:\/\/twitter.com\/hashtag\/Mozilla?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Mozilla<\/a> Bug System, Stole Private Vulnerability Data: <a href=\"https:\/\/t.co\/FyAMl8wUyB\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/FyAMl8wUyB<\/a> via <a href=\"https:\/\/twitter.com\/threatpost?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@threatpost<\/a> <a href=\"http:\/\/t.co\/yXThX1mBlC\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/yXThX1mBlC<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/641304539791011840?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 8, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u663e\u7136\u8fd9\u4e00\u95ee\u9898\u5e76\u672a\u5f97\u89e3\u51b3\u3002\u57288\u6708\u4efd\uff0cMozilla<a href=\"https:\/\/threatpost.com\/mozilla-patches-bug-used-in-active-attacks\/114172\/\" target=\"_blank\" rel=\"noopener nofollow\"><u>\u53d1\u5e03\u4e86\u9488\u5bf9<\/u><u>Firefox<\/u><u>\u7684\u8865\u4e01<\/u><\/a>\uff0c\u5e76\u6210\u529f\u4fee\u590d\u4e86\u5b58\u5728\u4e8e\u5185\u7f6ePDF\u67e5\u770b\u5668\u7684bug\u3002\u4e00\u540d\u906d\u53d7\u6f0f\u6d1e\u5229\u7528\u7684\u53d7\u5bb3\u7528\u6237\u53d1\u73b0\u4e86\u8fd9\u4e00bug\u5e76\u968f\u5373\u62a5\u544a\u4e86\u8be5\u6f0f\u6d1e\u3002\u8fd9\u4e00\u7f51\u7edc\u653b\u51fb\u7684\u5207\u5165\u70b9\u662f\u7279\u522b\u8bbe\u8ba1\u7684\u6a2a\u5e45\u5e7f\u544a\uff0c\u4f7f\u5f97\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\u80fd\u7a83\u53d6\u7528\u6237\u7684\u4e2a\u4eba\u6570\u636e\u3002<\/p>\n<p>\u6211\u59cb\u7ec8\u8ba4\u4e3a\u5728\u5f00\u53d1\u4eba\u5458\u7f16\u5199\u8865\u4e01\u65f6\uff0c\u4ed6\u4eec\u5c31\u5df2\u7ecf\u610f\u8bc6\u5230\u4e86bug\u3002Bugzilla\u4e5f\u542b\u6709\u5173\u4e8e\u8be5bug\u7684\u4fe1\u606f\uff0c\u4f46\u5374\u4fdd\u5b58\u5728\u7cfb\u7edf\u7684\u79c1\u7528\u90e8\u5206\u3002\u4e0a\u5468\u6240\u53d1\u751f\u7684\u72b6\u51b5\u8bc1\u5b9e\u4e86\u4eba\u4eec\u5bf9\u975e\u6cd5\u8bbf\u95ee\u7684\u6000\u7591\u3002\u4e8b\u5b9e\u4e0a\uff0cBugzilla\u5e76\u672a\u88ab\u201d\u9ed1\u5ba2\u653b\u7834\u2019\uff1a\u53ea\u662f\u7f51\u7edc\u653b\u51fb\u8005\u53d1\u73b0\u4e86\u7279\u6743\u7528\u6237\u5e76\u5728\u53e6\u4e00\u4e2a\u53d7\u611f\u67d3\u6570\u636e\u5e93\u627e\u5230\u4e86\u4ed6\u7684\u5bc6\u7801\u2013\u800c\u8fd9\u5404\u5bc6\u7801\u6070\u5de7\u5c31\u662f\u8bbf\u95eeBugzilla\u7684\u5bc6\u7801\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/97\/2015\/09\/06151134\/security-week-37-man.jpg\" alt=\"\" width=\"1280\" height=\"850\"><\/p>\n<p>\u7ed3\u679c\u662f\uff0c\u7f51\u7edc\u653b\u51fb\u8005\u65e9\u57282013\u5e749\u6708\u5c31\u6210\u529f\u8bbf\u95ee\u4e86\u9690\u79d8\u7684bug\u6570\u636e\u5e93\u3002\u5728\u8be5\u7f51\u7edc\u653b\u51fb\u7684\u5e38\u89c1\u95ee\u9898\u4e2d\u8be6\u7ec6\u8bb0\u8f7d\u4e86\u5728\u8fd9\u4e00\u671f\u95f4\uff0c\u9ed1\u5ba2\u603b\u5171\u8bbf\u95ee\u4e86185\u4e2abug\u7684\u76f8\u5173\u4fe1\u606f\uff0c\u5176\u4e2d53\u4e2abug\u6781\u5ea6\u5371\u9669\u3002\u5728\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\u975e\u6cd5\u8bbf\u95ee\u6570\u636e\u5e93\u540e\uff0c\u5728\u88ab\u76d7\u7684bug\u6e05\u5355\u4e2d\u603b\u5171\u670943\u4e2a\u6f0f\u6d1e\u6253\u4e0a\u4e86\u8865\u4e01\u3002<\/p>\n<p>\u5728\u5269\u4e0b\u4fe1\u606f\u906d\u6cc4\u9732\u7684bug\u4e2d\uff0c\u5176\u4e2d\u6709\u4e24\u4e2abug\u7684\u4fe1\u606f\u5728\u6cc4\u9732\u4e00\u5468\u5185\u53ef\u80fd\u88ab\u6253\u4e0a\u4e86\u5b89\u5168\u8865\u4e01\uff1b\u4ece\u7406\u8bba\u4e0a\u8bf4\uff0c\u5176\u4e2d5\u4e2abug\u53ef\u80fd\u5df2\u88ab\u5b9e\u65bd\u6f0f\u6d1e\u5229\u7528\uff0c\u56e0\u4e3a\u5728\u4fe1\u606f\u5916\u6cc4\u540e\u7684\u4e00\u5468\u5230\u4e00\u4e2a\u6708\u5185\u624d\u53d1\u5e03\u4e86\u76f8\u5173\u8865\u4e01\u3002\u5269\u4e0b\u7684\u6f0f\u6d1e\u5728\u8fc7\u4e86335\u5929\u540e\u624d\u53d1\u5e03\u4e86\u6709\u9488\u5bf9\u6027\u7684\u8865\u4e01\uff0c\u5728\u8fd9\u671f\u95f4\u603b\u5171\u88ab\u6f0f\u6d1e\u5229\u7528\u4e86131,157\u6b21\u3002\u8fd9\u662f\u6709\u5173\u9ed1\u5ba2\u653b\u51fb\u6700\u53ef\u6015\u7684\u65b0\u95fb\uff1b\u7136\u800c\uff0cMozilla\u5f00\u53d1\u8005\u5e76\u6ca1\u6709\u2019\u8bc1\u636e\u8868\u660e\u8fd9\u4e9b\u6f0f\u6d1e\u90fd\u5df2\u906d\u5230\u6f0f\u6d1e\u5229\u7528\u3002\u2019\u572850\u591a\u4e2abug\u4e2d\uff0c\u53ea\u6709\u4e00\u4e2a\u66fe\u906d\u5230\u6f0f\u6d1e\u5229\u7528\u3002<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">How strong is your <a href=\"https:\/\/twitter.com\/hashtag\/password?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#password<\/a>? Check it here: <a href=\"http:\/\/t.co\/9ILaxq503k\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/9ILaxq503k<\/a>  <a href=\"https:\/\/t.co\/P9Pm0SGc4n\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/P9Pm0SGc4n<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/internet?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#internet<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/security?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#security<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/infosec?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#infosec<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/634790730138054656?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">August 21, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u5176\u4e2d\u7684\u9053\u7406\u5f88\u7b80\u5355\uff0c\u6211\u771f\u7684\u975e\u5e38\u60f3\u767b\u4e0a\u9ad8\u53f0\u5927\u58f0\u75be\u547c\uff1a\u201d\u670b\u53cb\u4eec\uff01\u5144\u5f1f\u4eec\uff0c\u59d0\u59b9\u4eec\uff01\u5973\u58eb\u4eec\uff0c\u5148\u751f\u4eec\uff01\u8bf7\u52a1\u5fc5\u5bf9\u6bcf\u4e2a\u5355\u72ec\u7f51\u7edc\u670d\u52a1\u4f7f\u7528\u552f\u4e00\u5bc6\u7801\uff01\u201d\u7136\u800c\uff0c\u8fd9\u5e76\u6ca1\u6709\u8868\u9762\u770b\u4e0a\u53bb\u7684\u90a3\u4e48\u7b80\u5355\uff1a\u6b64\u7c7b\u65b9\u6cd5\u80af\u5b9a\u8fd8\u8981\u7528\u5230\u5bc6\u7801\u7ba1\u7406\u5668\u3002\u5c3d\u7ba1\u53ef\u80fd\u4f60\u5df2\u7ecf\u6709\u4e86\u5bc6\u7801\u7ba1\u7406\u5668\uff0c\u4f46\u4f60\u4f9d\u7136\u9700\u8981\u9759\u4e0b\u5fc3\u6765\u51c6\u786e\u5e76\u5f7b\u5e95\u66f4\u6539\u6240\u6709\u4f60\u4f7f\u7528\u9891\u7387\u8f83\u9ad8\u7684\u7f51\u7edc\u8d44\u6e90\u7684\u5bc6\u7801\uff0c\u5982\u679c\u662f\u5168\u90e8\u7f51\u7edc\u8d44\u6e90\u7684\u8bdd\u5f53\u7136\u66f4\u597d\u3002\u800c\u6765\u81ea\u6211\u4eec\u7684\u7edf\u8ba1\u6570\u636e\u663e\u793a\u53ea\u67097%\u7684\u4eba\u4f7f\u7528\u5bc6\u7801\u7ba1\u7406\u5668\u3002<\/p>\n<p><strong>\u5168\u65b0<\/strong><strong>Carbanak<\/strong><strong>\u7248\u672c\u201d\u5377\u571f\u91cd\u6765\u201d\uff0c\u518d\u6b21\u5bf9\u7f8e\u56fd\u548c\u6b27\u6d32\u5b9e\u65bd\u7f51\u7edc\u653b\u51fb<\/strong><\/p>\n<p><u><a href=\"https:\/\/threatpost.com\/new-versions-of-carbanak-banking-malware-seen-hitting-targets-in-u-s-and-europe\/114522\/\" target=\"_blank\" rel=\"noopener nofollow\">\u65b0\u95fb<\/a><\/u>\u3002\u5361\u5df4\u65af\u57fa\u5b9e\u9a8c\u5ba4\u76842\u6708\u4efd<u><a href=\"https:\/\/www.kaspersky.com.cn\/blog\/the-greatest-heist-of-the-century-hackers-stole-1-bln\/2592\/\" target=\"_blank\" rel=\"noopener\">\u7814\u7a76<\/a><\/u>\u3002CSIS\u66f4\u65b0<u><a href=\"https:\/\/www.csis.dk\/en\/csis\/blog\/4710\/\" target=\"_blank\" rel=\"noopener nofollow\">\u7814\u7a76<\/a><\/u>\u3002<\/p>\n<p>\u6211\u4eec\u5c06\u5f15\u7528\u6211\u4eec\u57282\u6708\u4efd\u5bf9\u2019\u53f2\u4e0a\u6700\u4e25\u91cd\u6570\u636e\u76d7\u7a83\u2019\u6240\u53d1\u8868\u7684\u58f0\u660e\uff1a<\/p>\n<p>\u201c\u7f51\u7edc\u653b\u51fb\u8005\u6709\u80fd\u529b\u5c06\u7a83\u53d6\u7684\u8d44\u91d1\u8f6c\u79fb\u5230\u4ed6\u4eec\u81ea\u5df1\u7684\u94f6\u884c\u8d26\u6237\u5e76\u7acb\u5373\u7be1\u6539\u4f59\u989d\u62a5\u8868\uff0c\u8fd9\u6837\u53ef\u4ee5\u9632\u6b62\u8be5\u653b\u51fb\u88ab\u8bb8\u591a\u5f3a\u5927\u7684\u5b89\u5168\u7cfb\u7edf\u53d1\u73b0\u3002\u8fd9\u4e00\u64cd\u4f5c\u7684\u6210\u529f\u662f\u5efa\u7acb\u5728\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\u5bf9\u94f6\u884c\u5185\u90e8\u7cfb\u7edf\u5b8c\u5168\u638c\u63a7\u7684\u60c5\u51b5\u4e0b\u3002\u8fd9\u4e5f\u662f\u4e3a\u4ec0\u4e48\u5728\u6210\u529f\u653b\u7834\u94f6\u884c\u7cfb\u7edf\u540e\uff0c\u7f51\u7edc\u5206\u5b50\u4f7f\u7528\u4e86\u5927\u91cf\u60c5\u62a5\u6280\u672f\u4ee5\u6536\u96c6\u6709\u5173\u94f6\u884c\u57fa\u7840\u8bbe\u65bd\u5de5\u4f5c\u65b9\u5f0f\uff08\u5305\u62ec\uff1a\u89c6\u9891\u6355\u6349\uff09\u7684\u5fc5\u8981\u4fe1\u606f\u3002\u201d<\/p>\n<p>\u5728\u4e0e\u6267\u6cd5\u673a\u6784\u7684\u5171\u540c\u52aa\u529b\u4e0b\uff0c\u53d1\u73b0\u4e86\u591a\u5bb6\u94f6\u884c\u56e0\u53d7\u5230\u590d\u6742\u4e14\u591a\u5c42\u7684Carbanak\u653b\u51fb\u800c\u906d\u53d7\u8d44\u91d1\u635f\u5931\uff0c\u603b\u91d1\u989d\u8fbe\u523010\u4ebf\u7f8e\u5143\uff0c\u4e14\u603b\u5171\u6709\u8d85\u8fc7100\u591a\u5bb6\u5927\u578b\u91d1\u878d\u673a\u6784\u4e0d\u5e78\u6210\u4e3a\u53d7\u5bb3\u8005\u3002\u4f46\u4e0a\u8ff0\u7f51\u7edc\u653b\u51fb\u53d1\u751f\u57282\u6708\u4efd\uff0c\u800c\u57288\u6708\u672b\u7684\u65f6\u5019\u4e39\u9ea6CSIS\u7814\u7a76\u4eba\u5458\u518d\u6b21\u53d1\u73b0\u4e86Carbanak\u7684\u5168\u65b0\u6539\u8fdb\u7248\u672c\u3002<\/p>\n<p>\u65b0\u65e7\u7248\u672c\u4e4b\u95f4\u7684\u533a\u522b\u5e76\u4e0d\u5927\uff1a\u53ea\u662f\u5c06\u57df\u540d\u66ff\u6362\u6210\u4e86\u9759\u6001IP\u5730\u5740\u3002\u81f3\u4e8e\u6570\u636e\u76d7\u7a83\u6240\u7528\u7684\u63d2\u4ef6\uff0c\u4e0e2\u6708\u4efd\u4f7f\u7528\u7684\u5e76\u65e0\u5dee\u5f02\u3002<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">In what may be the greatest heist of the century, hackers steal billions from hundreds of banks: <a href=\"http:\/\/t.co\/W3CofvF5ta\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/W3CofvF5ta<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/567373823473745920?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">February 16, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u636eCSIS\u79f0\uff0c\u65b0\u7248\u672c\u7684Crabanak\u5c06\u653b\u51fb\u76ee\u6807\u9501\u5b9a\u4e3a\u6b27\u6d32\u548c\u7f8e\u56fd\u7684\u5927\u578b\u516c\u53f8\u3002<\/p>\n<p><strong>Turla APT<\/strong><strong>\u653b\u51fb\uff1a\u5982\u4f55\u501f\u52a9\u536b\u661f\u7f51\u7edc\u9690\u85cf<\/strong><strong>C&amp;C<\/strong><strong>\u670d\u52a1\u5668<\/strong><\/p>\n<p><u><a href=\"https:\/\/threatpost.com\/turla-apt-group-abusing-satellite-internet-links\/114586\/\" target=\"_blank\" rel=\"noopener nofollow\">\u65b0\u95fb<\/a><\/u>\u3002\u53e6\u4e00\u7bc7<u><a href=\"https:\/\/threatpost.com\/epic-operation-kicks-off-multistage-turla-apt-campaign\/107612\/\" target=\"_blank\" rel=\"noopener nofollow\">\u65b0\u95fb<\/a><\/u>\u3002<u><a href=\"https:\/\/securelist.com\/blog\/research\/72081\/satellite-turla-apt-command-and-control-in-the-sky\/\" target=\"_blank\" rel=\"noopener\">\u7814\u7a76<\/a><\/u>\u3002<\/p>\n<p>\u5305\u62ec\u5361\u5df4\u65af\u57fa\u5b9e\u9a8c\u5ba4\u7814\u7a76\u4e13\u5bb6\u5728\u5185\u7684\u4f17\u591ainfosec\u7814\u7a76\u4eba\u5458\u957f\u671f\u5bf9Turla APT\u7f51\u7edc\u95f4\u8c0d\u6d3b\u52a8\u8fdb\u884c\u7814\u7a76\u3002\u53bb\u5e74\uff0c\u6211\u4eec\u516c\u5e03\u4e86\u9488\u5bf9\u9ed1\u5ba2\u653b\u7834\u53d7\u5bb3\u4eba\u8ba1\u7b97\u673a\u3001\u6536\u96c6\u6570\u636e\u5e76\u53d1\u9001\u81f3C&amp;C\u670d\u52a1\u5668\u65b9\u6cd5\u7684\u6781\u5176<u><a href=\"https:\/\/securelist.com\/analysis\/publications\/65545\/the-epic-turla-operation\/\" target=\"_blank\" rel=\"noopener\">\u8be6\u7ec6\u7684\u7814\u7a76<\/a><\/u>\u3002<\/p>\n<p>\u8fd9\u4e00\u590d\u6742\u7684\u7f51\u7edc\u95f4\u8c0d\u6d3b\u52a8\u6bcf\u4e2a\u9636\u6bb5\u90fd\u9700\u8981\u7528\u5230\u8bb8\u591a\u5de5\u5177\uff0c\u5305\u62ec\uff1a\u501f\u52a9\u96f6\u65e5\u6f0f\u6d1e\u5229\u7528\u53d7\u611f\u67d3\u6587\u6863\u7684\u2019\u9c7c\u53c9\u5f0f\u7f51\u7edc\u9493\u9c7c\u2019\uff1b\u75c5\u6bd2\u611f\u67d3\u7f51\u7ad9\uff1b\u6839\u636e\u653b\u51fb\u76ee\u6807\u7684\u590d\u6742\u7a0b\u5ea6\u548c\u6570\u636e\u4e34\u754c\u6027\u7684\u5404\u79cd\u6570\u636e\u6316\u6398\u6a21\u5757\uff08\u624b\u52a8\u6311\u9009\uff09\uff1b\u4ee5\u53ca\u76f8\u5f53\u9ad8\u7ea7\u7684C&amp;C\u670d\u52a1\u5668\u7f51\u7edc\u3002\u7ed3\u679c\u662f\uff0c\u622a\u6b628\u6708\u4efd\uff0c\u8be5\u7f51\u7edc\u95f4\u8c0d\u6d3b\u52a8\u58f0\u79f0\u5df2\u572845\u4e2a\u56fd\u5bb6\uff08\u6b27\u6d32\u548c\u4e2d\u4e1c\u5730\u533a\u5360\u4e86\u5927\u90e8\u5206\uff09\u81f4\u4f7f\u6570\u767e\u540d\u7528\u6237\u4e0d\u5e78\u6210\u4e3a\u53d7\u5bb3\u4eba\u3002<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">RT <a href=\"https:\/\/twitter.com\/threatpost?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@threatpost<\/a>: Agent.btz <a href=\"https:\/\/twitter.com\/hashtag\/Malware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Malware<\/a> May Have Served as Starting Point for Red October, <a href=\"https:\/\/twitter.com\/hashtag\/Turla?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#Turla<\/a> \u2013 <a href=\"http:\/\/t.co\/6x98OI4afx\" target=\"_blank\" rel=\"noopener nofollow\">http:\/\/t.co\/6x98OI4afx<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/444069305643462656?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">March 13, 2014<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u5c31\u5728\u672c\u5468\uff0c\u5361\u5df4\u65af\u57fa\u7814\u7a76\u4eba\u5458<a href=\"https:\/\/twitter.com\/stefant\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/twitter.com\/stefant<\/a>\u516c\u5e03\u4e86<u><a href=\"https:\/\/securelist.com\/blog\/research\/72081\/satellite-turla-apt-command-and-control-in-the-sky\/\" target=\"_blank\" rel=\"noopener\">\u8be5\u7f51\u7edc\u653b\u51fb\u6700\u540e\u4e00\u9636\u6bb5\u7684\u6570\u636e<\/a><\/u>\uff0c\u4e5f\u5c31\u662f\u5c06\u76d7\u7a83\u6570\u636e\u53d1\u9001\u81f3C&amp;C\u670d\u52a1\u5668\u7684\u65f6\u5019\u3002\u4e3a\u4e86\u80fd\u8fdb\u884c\u6570\u636e\u6316\u6398\uff0cTurla\u50cf\u4e4b\u524d\u7684\u8bb8\u591aAPT\u9ed1\u5ba2\u5c0f\u7ec4\u4e00\u6837\uff0c\u4f7f\u7528\u4e86\u5404\u79cd\u4e0d\u540c\u65b9\u6cd5\u2013\u6bd4\u5982\uff0c\u6ee5\u7528\u9632\u6258\u7ba1\u3002\u800c\u4e00\u65e6\u5c06\u76d7\u53d6\u6570\u636e\u53d1\u9001\u5230\u5728\u7279\u5b9a\u670d\u52a1\u5668\u4e0a\u6258\u7ba1\u7684\u7279\u5b9aC&amp;C\uff0c\u90a3\u65e0\u8bba\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\u8bbe\u7f6e\u4f55\u79cd\u4ee3\u7406\uff0c\u90fd\u6781\u5927\u53ef\u80fd\u4f1a\u906d\u5230\u6267\u6cd5\u673a\u6784\u902e\u6355\u6216\u88ab\u670d\u52a1\u63d0\u4f9b\u5546\u963b\u6b62\u3002<\/p>\n<p>\u800c\u8fd9\u65f6\u5019\u5c31\u9700\u8981\u7528\u5230\u536b\u661f\u7f51\u7edc\u3002\u4f7f\u7528\u536b\u661f\u7f51\u7edc\u7684\u4f18\u52bf\u5728\u4e8e\u53ea\u8981\u5728\u536b\u661f\u8986\u76d6\u8303\u56f4\u5185\uff0c\u5c31\u53ef\u4ee5\u5728\u4efb\u4f55\u5730\u70b9\u5efa\u7acb\u6216\u79fb\u9664\u670d\u52a1\u5668\u3002\u4f46\u8fd9\u91cc\u8fd8\u6709\u4e2a\u95ee\u9898\uff1a\u79df\u7528\u5bb9\u91cf\u591f\u7528\u7684\u53cc\u5411\u536b\u661f\u4fe1\u9053\u4e0d\u4ec5\u79df\u91d1\u6602\u8d35\uff0c\u800c\u4e14\u4e00\u65e6\u8e2a\u8ff9\u88ab\u53d1\u73b0\u5c06\u5f88\u5bb9\u6613\u66b4\u9732\u670d\u52a1\u5668\u7684\u4f4d\u7f6e\u3002\u6211\u4eec\u7814\u7a76\u4e13\u5bb6\u53d1\u73b0\u7684\u653b\u51fb\u65b9\u6cd5\u5e76\u672a\u4f7f\u7528\u5230\u79df\u8d41\u6a21\u5f0f\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/97\/2015\/09\/06151133\/security-week-37-featured-1.jpg\" alt=\"\" width=\"1280\" height=\"840\"><\/p>\n<p>\u53ea\u9700\u5bf9\u536b\u661f\u901a\u4fe1\u7ec8\u7aef\u7684\u8f6f\u4ef6\u7a0d\u52a0\u4fee\u6539\u5c31\u80fd\u8fdb\u884c\u201d\u536b\u661f\u9493\u9c7c\u201d\uff0c\u4e0d\u4ec5\u4e0d\u4f1a\u62d2\u7edd\u4e0d\u5c5e\u4e8e\u4efb\u4f55\u7279\u5b9a\u7528\u6237\u7684\u6570\u636e\u5305\uff0c\u540c\u65f6\u4e5f\u4f1a\u8fdb\u884c\u6536\u96c6\u3002\u7ed3\u679c\u662f\uff0c\u201d\u536b\u661f\u9493\u9c7c\u8005\u201d\u53ef\u80fd\u4f1a\u6536\u96c6\u5230\u5176\u4ed6\u4eba\u7684\u7f51\u9875\u3001\u6587\u4ef6\u548c\u6570\u636e\u3002\u8fd9\u4e00\u65b9\u6cd5\u53ea\u6709\u5728\u4e00\u79cd\u60c5\u51b5\u4e0b\u6709\u6548\uff1a\u536b\u661f\u4fe1\u9053\u5e76\u672a\u52a0\u5bc6\u3002<\/p>\n<p>Turla\u653b\u51fb\u91c7\u7528\u4e86\u76f8\u540c\u7684\u65b9\u6cd5\uff0c\u4f46\u53ea\u5bf9\u4e00\u4e2a\u5730\u65b9\u7a0d\u4f5c\u4fee\u6539\uff1a\u7f51\u7edc\u653b\u51fb\u8005\u5728\u63a2\u6d4b\u6d41\u91cf\u65f6\uff0c\u4e0d\u4ec5\u9700\u786e\u8ba4\u53d7\u5bb3\u4ebaIP\u5730\u5740\uff0c\u8fd8\u9700\u8ba9\u53d7\u75c5\u6bd2\u611f\u67d3\u7684\u8bbe\u5907\u53d1\u9001\u6570\u636e\u81f3\u5c5e\u4e8e\u5408\u6cd5\u3001\u597d\u610f\u4e14\u672a\u77e5\u7684\u536b\u661f\u901a\u4fe1\u7ec8\u7aef\u62e5\u6709\u8005\u7684IP\u3002<\/p>\n<p>\u5728\u5b9e\u65bd\u7f51\u7edc\u653b\u51fb\u671f\u95f4\uff0c\u9ed1\u5ba2\u4f7f\u7528\u4e86\u7279\u5b9a\u901a\u4fe1\u7aef\u53e3\uff0c\u8fd9\u4e9b\u7aef\u53e3\u901a\u5e38\u62d2\u7edd\u6570\u636e\u5305\uff0c\u4e14\u666e\u901a\u7cfb\u7edf\u5f80\u5f80\u4e5f\u9ed8\u8ba4\u5173\u95ed\u8fd9\u4e9b\u7aef\u53e3\u3002\u4f46\u63a2\u6d4b\u6d41\u91cf\u7684\u7f51\u7edc\u9ed1\u5ba2\u5374\u53ef\u80fd\u5728\u4e0d\u66b4\u9732\u81ea\u5df1\u4f4d\u7f6e\u7684\u60c5\u51b5\u4e0b\u52ab\u6301\u8fd9\u4e9b\u6570\u636e\u3002<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Russian-speaking cyber spies exploit satellites <a href=\"https:\/\/t.co\/EIhfVg2aRD\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/EIhfVg2aRD<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/turla?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#turla<\/a> <a href=\"http:\/\/t.co\/b8LTv4t041\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/b8LTv4t041<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/641606357309882368?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 9, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>\u987a\u4fbf\u63d0\u4e00\u4e0b\uff0c\u8001\u5f0f\u7684\u65e0\u7ebf\u7535\u8bdd\u6839\u672c\u65e0\u6cd5\u5bf9\u8bed\u8a00\u6d41\u91cf\u8fdb\u884c\u52a0\u5bc6\uff0c\u539f\u56e0\u5728\u4e8e\u80fd\u5728\u8fd9\u4e00\u9891\u6bb5\u5de5\u4f5c\u7684\u63a5\u6536\u8bbe\u5907\u4ef7\u683c\u90fd\u5341\u5206\u6602\u8d35\u3002\u4f46\u8fd9\u5df2\u7ecf\u662f\u8fc7\u53bb\u5f0f\u4e86\uff0c\u6ca1\u8fc7\u591a\u4e45\u5404\u79cd\u5168\u9891\u6bb5\u63a5\u6536\u8bbe\u5907\u5982\u2019\u96e8\u7af9\u6625\u7b0b\u822c\u2019\u5192\u4e86\u51fa\u6765\uff0c\u4e14\u4ef7\u683c\u4e5f\u76f8\u5f53\u9002\u4e2d\u3002<\/p>\n<p>\u8fd9\u6837\u7684\u6bd4\u8f83\u6beb\u65e0\u5fc5\u8981\uff0c\u56e0\u4e3a\u2019\u4e13\u4e3aTurla\u653b\u51fb\u8bbe\u8ba1\u2019\u7684\u6570\u636e\u6316\u6398\u548c\u5904\u7406\u89e3\u51b3\u65b9\u6848\u6210\u672c\u81f3\u5c11\u5728\u6570\u5343\u7f8e\u5143\u3002\u4f46\u536b\u661f\u7f51\u7edc\u7cfb\u7edf\u672c\u8eab\u5c31\u5b58\u5728\u56fa\u6709\u7f3a\u9677\uff0c\u4e14\u80fd\u4e3a\u7f51\u7edc\u653b\u51fb\u8005\u6240\u5229\u7528\u3002\u5230\u76ee\u524d\u4e3a\u6b62\u8fd8\u672a\u5236\u5b9a\u51fa\u5173\u95ed\u8fd9\u4e00\u6f0f\u6d1e\u7684\u884c\u52a8\u8ba1\u5212\uff0c\u6700\u7ec8\u7684\u7ed3\u679c\u4f9d\u7136\u4e0d\u660e\u786e\u3002<\/p>\n<p>\u7ed3\u679c\u662f\uff0cTurla\u7684C&amp;C\u670d\u52a1\u5668\u5927\u6982\u4f4d\u7f6e\u6070\u5de7\u5728\u536b\u661f\u8fd0\u8425\u5546\u7684\u8986\u76d6\u8303\u56f4\u5185\uff1a<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/97\/2015\/09\/06151131\/Turla_Map_of_Targets1.png\" alt=\"\" width=\"1468\" height=\"920\"><\/p>\n<p>\u4f46\u8fd9\u91cc\u6211\u4eec\u65e0\u6cd5\u8ffd\u8e2a\u5230\u3002<\/p>\n<p><strong>\u5176\u5b83\u65b0\u95fb\uff1a<\/strong><\/p>\n<p>\u53e6\u4e00\u79cd<u><a href=\"https:\/\/threatpost.com\/new-android-ransomware-communicates-over-xmpp\/114530\/\" target=\"_blank\" rel=\"noopener nofollow\">\u5b89\u5353\u52d2\u7d22\u8f6f\u4ef6\u88ab\u53d1\u73b0<\/a><\/u>\uff0c\u5b83\u80fd\u901a\u8fc7XMPP\uff08\u53ef\u6269\u5c55\u901a\u8baf\u548c\u8868\u793a\u534f\u8bae\uff09\u4e0eC&amp;C\u670d\u52a1\u5668\u901a\u8baf\u3002\u804a\u5929\u548c\u5176\u4ed6\u5373\u65f6\u901a\u8baf\u5de5\u5177\u5df2\u88ab\u7528\u4e8e\u5404\u79cd\u7535\u8111\u6076\u610f\u8f6f\u4ef6\u4e4b\u95f4\u7684\u901a\u8baf\uff0c\u56e0\u6b64\u8fd9\u4e00\u65b0\u95fb\u4e5f\u8bc1\u5b9e\u4e86\u79fb\u52a8\u6076\u610f\u8f6f\u4ef6\u91c7\u7528\u4e86\u4e0e\u7535\u8111\u6076\u610f\u8f6f\u4ef6\u76f8\u540c\u7684\u901a\u8baf\u65b9\u5f0f\uff0c\u53ea\u662f\u901f\u5ea6\u66f4\u5feb\u800c\u5df2\u3002<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/mobile?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#mobile<\/a> <a href=\"https:\/\/twitter.com\/hashtag\/malware?src=hash&amp;ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">#malware<\/a> New Android Ransomware Communicates over XMPP: <a href=\"https:\/\/t.co\/NaduU8sGbH\" target=\"_blank\" rel=\"noopener nofollow\">https:\/\/t.co\/NaduU8sGbH<\/a> via <a href=\"https:\/\/twitter.com\/threatpost?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">@threatpost<\/a> <a href=\"http:\/\/t.co\/j3sG6zS7xc\" target=\"_blank\" rel=\"noopener nofollow\">pic.twitter.com\/j3sG6zS7xc<\/a><\/p>\n<p>\u2014 Kaspersky (@kaspersky) <a href=\"https:\/\/twitter.com\/kaspersky\/status\/639454422691655680?ref_src=twsrc%5Etfw\" target=\"_blank\" rel=\"noopener nofollow\">September 3, 2015<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><a href=\"https:\/\/threatpost.com\/google-patches-critical-vulnerabilities-in-chrome-45\/114509\/\" target=\"_blank\" rel=\"noopener nofollow\"><u>\u9488\u5bf9<\/u><u>Google Chrome<\/u><u>\u6d4f\u89c8\u5668\u4e25\u91cd\u6f0f\u6d1e\u7684\u53e6\u4e00\u7cfb\u5217\u5b89\u5168\u8865\u4e01<\/u><\/a>\u53d1\u5e03\uff08\u6211\u4eec\u5efa\u8bae\u7528\u6237\u66f4\u65b0\u6d4f\u89c8\u5668\u5e76\u5b89\u88c5V45\u7248\u672c\uff09\u3002<\/p>\n<p>\u5e0c\u6377\u7684\u65e0\u7ebf\u786c\u76d8\u88ab\u53d1\u73b0<a href=\"http:\/\/www.theregister.co.uk\/2015\/09\/07\/files_on_seagate_wireless_disks_can_be_poisoned_purloined\/\" target=\"_blank\" rel=\"noopener nofollow\"><u>\u542b\u6709\u6570\u4e2a\u4e25\u91cd<\/u><u>bug<\/u><\/a>\uff1a\u901a\u8fc7\u8fdc\u7a0b\u767b\u5f55\u5373\u53ef\u8fdb\u884c\u65e0\u6cd5\u52a0\u5bc6\u8bbf\u95ee\uff0c\u540c\u65f6\u8fd8\u80fd\u5bf9root\u8bbf\u95ee\u5bc6\u7801\u8fdb\u884c\u786c\u7f16\u7801\u3002\u8fd9\u4e9bbug\u76f8\u5f53\u5371\u9669\uff0c\u4f46\u6211\u4eec\u5728\u4e0a\u5468\u8ba8\u8bba\u8def\u7531\u5668\u65f6\u5df2<u><a href=\"https:\/\/www.kaspersky.com.cn\/blog\/security-week-36-jailbreak-theft-farewell-to-rc4-and-holes-in-routers\/3420\/\" target=\"_blank\" rel=\"noopener\">\u6d89\u53ca\u4e86\u8fd9\u4e00\u4e3b\u9898<\/a><\/u>\u3002\u8b66\u544a\uff1a\u4efb\u4f55\u80fd\u751f\u6210Wi-Fi\u7f51\u7edc\u7684\u8bbe\u5907\u90fd\u5e94\u53d7\u5230\u4e25\u5bc6\u4fdd\u62a4\u3002\u5982\u4eca\uff0c\u5404\u79cd\u8bbe\u5907\u5747\u80fd\u751f\u6210Wi-Fi\uff0c\u5373\u4f7f\u7167\u76f8\u673a\u4e5f\u4e0d\u4f8b\u5916\u3002<\/p>\n<p><strong>\u8001\u8bdd\u65b0\u63d0\uff1a<\/strong><\/p>\n<p>\u5728\u8fd0\u884c\u65e0\u5bb3\u7684\u5e38\u9a7b\u578b\u75c5\u6bd2\u65f6\u901a\u5e38\u4f1a\u611f\u67d3\u540e\u7f00\u4e3a.COM\u548c.EXE\u7684\u6587\u4ef6\u3002\uff08COMMAND.COM\u6587\u4ef6\u4f1a\u906d\u5230Lehigh\u75c5\u6bd2\u7b97\u6cd5\u611f\u67d3\uff09\u3002\u6b64\u5916\uff0c\u8be5\u75c5\u6bd2\u8fd8\u542b\u6709\u8fd9\u6837\u4e00\u6bb5\u6587\u5b57\uff1a\u201dDark Lord, I summon thee! MANOWAR\u201d\u3002\uff08\u9ed1\u6697\u9886\u4e3b\uff0c\u6211\u53ec\u5524\u4e86\u4e09\u540d\uff01\u6218\u795e\u3002\uff09<\/p>\n<p><span class=\"embed-youtube\" style=\"text-align:center; display: block;\"><iframe class=\"youtube-player\" type=\"text\/html\" width=\"640\" height=\"390\" src=\"https:\/\/www.youtube.com\/embed\/6POUitQf8v8?version=3&amp;rel=1&amp;fs=1&amp;showsearch=0&amp;showinfo=1&amp;iv_load_policy=1&amp;wmode=transparent\" frameborder=\"0\" allowfullscreen=\"true\"><\/iframe><\/span><\/p>\n<p>\u800c\u6781\u5176\u5371\u9669\u7684\u975e\u5e38\u9a7b\u578b\u75c5\u6bd2\u5219\u901a\u5e38\u611f\u67d3\u73b0\u6709\u76ee\u5f55\u4e2d\u540e\u7f00\u662f.COM\u7684\u6587\u4ef6\u3002\u81ea1990\u5e748\u6708\u8d77\uff0c\u6839\u636e\u65f6\u95f4\u7684\u4e0d\u540c\uff0c\u8be5\u75c5\u6bd2\u53ef\u80fd\u4f1a\u5220\u9664\u786c\u76d8\u4e0a\u968f\u673a\u4e24\u4e2a\u6247\u533a\uff0c\u5e76\u542b\u6709\u6587\u5b57\uff1a\u201dIRON MAIDEN\u201d\uff08\u94c1\u5a18\u5b50\uff09\u3002<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignright\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/97\/2015\/09\/06151130\/infosec-digest-32-book1-1.jpg\" alt=\"\" width=\"132\" height=\"169\"><\/p>\n<p>\u00a0<\/p>\n<p><em>\u5f15\u8ff0\u81ea\u4e8e<\/em><em>1992<\/em><em>\u5e74\u51fa\u7248\u7684\u300a<\/em><em>MS-DOS<\/em><em>\u4e2d\u7684\u8ba1\u7b97\u673a\u75c5\u6bd2\u300b\u7b2c<\/em><em>70<\/em><em>\u548c<\/em><em>75<\/em><em>\u9875\uff0c\u8be5\u4e66\u4f5c\u8005\u662f\u5c24\u91d1\u00b7\u5361\u5df4\u65af\u57fa<\/em><\/p>\n<p><em>\u514d\u8d23\u58f0\u660e\uff1a\u672c\u6587\u4ec5\u4ee3\u8868\u4f5c\u8005\u7684\u4e2a\u4eba\u610f\u89c1\u3002\u53ef\u80fd\u4e0e\u5361\u5df4\u65af\u57fa\u5b9e\u9a8c\u5ba4\u7684\u7acb\u573a\u76f8\u7b26\uff0c\u4e5f\u53ef\u80fd\u76f8\u53cd\u3002\u542c\u5929\u7531\u547d\u5427\u3002<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5728\u6211\u4eec\u7206\u70b8\u6027\u7684\u70ed\u95e8\u65b0\u95fb\u7cfb\u5217\u201dInfosec news\u201d\u7684\u65b0\u4e00\u671f\u4e2d\uff0c\u6211\u4eec\u5c06\u4e3a\u60a8\u5e26\u6765\u4ee5\u4e0b\u5185\u5bb9\uff1a Bugzilla\u906d\u9ed1\u5ba2\u653b\u7834\u7ed9\u6211\u4eec\u6572\u54cd\u4e86\u8b66\u949f\uff1a\u5b8c\u5168\u6709\u5fc5\u8981\u8bbe\u7f6e\u9ad8\u5f3a\u5ea6\u548c\u552f\u4e00\u5bc6\u7801\u3002 \u5bfc\u81f4\u7f51\u7edc\u653b\u51fb\u8005\u4ece\u5404\u5927\u91d1\u878d\u7ec4\u7ec7\u7a83\u53d6\u6570\u767e\u4e07\u7f8e\u5143\u7684Carbanak\u9ed1\u5ba2\u6d3b\u52a8\u5728\u6b27\u6d32\u548c\u7f8e\u56fd\u201d\u5377\u571f\u91cd\u6765\u201d\u3002 \u5361\u5df4\u65af\u57fa\u5b9e\u9a8c\u5ba4\u7814\u7a76\u53d1\u73b0\u4e86\u4e00\u79cd\u589e\u5f3a\u7f51\u7edc\u95f4\u8c0dC&amp;C\u670d\u52a1\u5668\u9690\u79d8\u7ea7\u522b\u7684\u65b9\u6cd5\uff0c\u53ef\u4ece\u201d\u975e\u5e38\u96be\u4ee5\u8ffd\u8e2a\u201d\u7ea7\u522b\u63d0\u9ad8\u81f3\u201d\u6839\u672c\u65e0\u6cd5\u8ffd\u8e2a\u201d\u7ea7\u522b\u3002 \u518d\u6b21\u91cd\u7533\u6211\u4eec\u300a\u5b89\u5168\u5468\u62a5\u300b\u7684\u7f16\u8f91\u539f\u5219\uff1a\u6bcf\u5468Threatpost\u56e2\u961f\u90fd\u4f1a\u7cbe\u5fc3\u6458\u9009\u4e09\u6761\u5f53\u5468\u8981\u95fb\uff0c\u5e76\u52a0\u4e0a\u672c\u4eba\u7684\u8f9b\u8fa3\u8bc4\u8bba\u3002 Bugzilla\u7684bug\u6570\u636e\u5e93\u906d\u9ed1\u5ba2\u653b\u7834 \u65b0\u95fb\u3002\u6709\u5173\u8fd9\u4e00\u7f51\u7edc\u653b\u51fb\u7684\u5e38\u89c1\u95ee\u9898\u3002 \u5728\u4e0a\u4e00\u671f\u7684\u300a\u5b89\u5168\u5468\u62a5\u300b\u4e2d\uff0c\u6211\u63d0\u51fa\u4e86\u6240\u8c13\u201c\u8d1f\u8d23\u4efb\u7684\u4fe1\u606f\u62ab\u9732\u201d\u7684\u95ee\u9898\uff0c\u540c\u65f6\u8fd8\u5217\u4e3e\u4e86\u7f51\u7edc\u516c\u53f8\u5bf9\u62ab\u9732\u6240\u53d1\u73b0bug\u76f8\u5173\u4fe1\u606f\u7684\u4e0d\u540c\u610f\u613f\u3002\u6709\u5173Mozilla\u7684bug\u8ffd\u8e2a\u5668\u906d\u9ed1\u5ba2\u653b\u7834\u7684\u65b0\u95fb\u53ef\u8c13\u662f\u8fd9\u65b9\u9762\u7684\u5b8c\u7f8e\u8303\u4f8b\uff1a\u6709\u65f6\u5019\u9690\u85cf\u5b58\u5728\u6f0f\u6d1e\u7684\u4fe1\u606f\u672a\u5c1d\u4e0d\u662f\u597d\u4e8b\u3002 \u663e\u7136\u8fd9\u4e00\u95ee\u9898\u5e76\u672a\u5f97\u89e3\u51b3\u3002\u57288\u6708\u4efd\uff0cMozilla\u53d1\u5e03\u4e86\u9488\u5bf9Firefox\u7684\u8865\u4e01\uff0c\u5e76\u6210\u529f\u4fee\u590d\u4e86\u5b58\u5728\u4e8e\u5185\u7f6ePDF\u67e5\u770b\u5668\u7684bug\u3002\u4e00\u540d\u906d\u53d7\u6f0f\u6d1e\u5229\u7528\u7684\u53d7\u5bb3\u7528\u6237\u53d1\u73b0\u4e86\u8fd9\u4e00bug\u5e76\u968f\u5373\u62a5\u544a\u4e86\u8be5\u6f0f\u6d1e\u3002\u8fd9\u4e00\u7f51\u7edc\u653b\u51fb\u7684\u5207\u5165\u70b9\u662f\u7279\u522b\u8bbe\u8ba1\u7684\u6a2a\u5e45\u5e7f\u544a\uff0c\u4f7f\u5f97\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\u80fd\u7a83\u53d6\u7528\u6237\u7684\u4e2a\u4eba\u6570\u636e\u3002 \u6211\u59cb\u7ec8\u8ba4\u4e3a\u5728\u5f00\u53d1\u4eba\u5458\u7f16\u5199\u8865\u4e01\u65f6\uff0c\u4ed6\u4eec\u5c31\u5df2\u7ecf\u610f\u8bc6\u5230\u4e86bug\u3002Bugzilla\u4e5f\u542b\u6709\u5173\u4e8e\u8be5bug\u7684\u4fe1\u606f\uff0c\u4f46\u5374\u4fdd\u5b58\u5728\u7cfb\u7edf\u7684\u79c1\u7528\u90e8\u5206\u3002\u4e0a\u5468\u6240\u53d1\u751f\u7684\u72b6\u51b5\u8bc1\u5b9e\u4e86\u4eba\u4eec\u5bf9\u975e\u6cd5\u8bbf\u95ee\u7684\u6000\u7591\u3002\u4e8b\u5b9e\u4e0a\uff0cBugzilla\u5e76\u672a\u88ab\u201d\u9ed1\u5ba2\u653b\u7834\u2019\uff1a\u53ea\u662f\u7f51\u7edc\u653b\u51fb\u8005\u53d1\u73b0\u4e86\u7279\u6743\u7528\u6237\u5e76\u5728\u53e6\u4e00\u4e2a\u53d7\u611f\u67d3\u6570\u636e\u5e93\u627e\u5230\u4e86\u4ed6\u7684\u5bc6\u7801\u2013\u800c\u8fd9\u5404\u5bc6\u7801\u6070\u5de7\u5c31\u662f\u8bbf\u95eeBugzilla\u7684\u5bc6\u7801\u3002 \u7ed3\u679c\u662f\uff0c\u7f51\u7edc\u653b\u51fb\u8005\u65e9\u57282013\u5e749\u6708\u5c31\u6210\u529f\u8bbf\u95ee\u4e86\u9690\u79d8\u7684bug\u6570\u636e\u5e93\u3002\u5728\u8be5\u7f51\u7edc\u653b\u51fb\u7684\u5e38\u89c1\u95ee\u9898\u4e2d\u8be6\u7ec6\u8bb0\u8f7d\u4e86\u5728\u8fd9\u4e00\u671f\u95f4\uff0c\u9ed1\u5ba2\u603b\u5171\u8bbf\u95ee\u4e86185\u4e2abug\u7684\u76f8\u5173\u4fe1\u606f\uff0c\u5176\u4e2d53\u4e2abug\u6781\u5ea6\u5371\u9669\u3002\u5728\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\u975e\u6cd5\u8bbf\u95ee\u6570\u636e\u5e93\u540e\uff0c\u5728\u88ab\u76d7\u7684bug\u6e05\u5355\u4e2d\u603b\u5171\u670943\u4e2a\u6f0f\u6d1e\u6253\u4e0a\u4e86\u8865\u4e01\u3002 \u5728\u5269\u4e0b\u4fe1\u606f\u906d\u6cc4\u9732\u7684bug\u4e2d\uff0c\u5176\u4e2d\u6709\u4e24\u4e2abug\u7684\u4fe1\u606f\u5728\u6cc4\u9732\u4e00\u5468\u5185\u53ef\u80fd\u88ab\u6253\u4e0a\u4e86\u5b89\u5168\u8865\u4e01\uff1b\u4ece\u7406\u8bba\u4e0a\u8bf4\uff0c\u5176\u4e2d5\u4e2abug\u53ef\u80fd\u5df2\u88ab\u5b9e\u65bd\u6f0f\u6d1e\u5229\u7528\uff0c\u56e0\u4e3a\u5728\u4fe1\u606f\u5916\u6cc4\u540e\u7684\u4e00\u5468\u5230\u4e00\u4e2a\u6708\u5185\u624d\u53d1\u5e03\u4e86\u76f8\u5173\u8865\u4e01\u3002\u5269\u4e0b\u7684\u6f0f\u6d1e\u5728\u8fc7\u4e86335\u5929\u540e\u624d\u53d1\u5e03\u4e86\u6709\u9488\u5bf9\u6027\u7684\u8865\u4e01\uff0c\u5728\u8fd9\u671f\u95f4\u603b\u5171\u88ab\u6f0f\u6d1e\u5229\u7528\u4e86131,157\u6b21\u3002\u8fd9\u662f\u6709\u5173\u9ed1\u5ba2\u653b\u51fb\u6700\u53ef\u6015\u7684\u65b0\u95fb\uff1b\u7136\u800c\uff0cMozilla\u5f00\u53d1\u8005\u5e76\u6ca1\u6709\u2019\u8bc1\u636e\u8868\u660e\u8fd9\u4e9b\u6f0f\u6d1e\u90fd\u5df2\u906d\u5230\u6f0f\u6d1e\u5229\u7528\u3002\u2019\u572850\u591a\u4e2abug\u4e2d\uff0c\u53ea\u6709\u4e00\u4e2a\u66fe\u906d\u5230\u6f0f\u6d1e\u5229\u7528\u3002 \u5176\u4e2d\u7684\u9053\u7406\u5f88\u7b80\u5355\uff0c\u6211\u771f\u7684\u975e\u5e38\u60f3\u767b\u4e0a\u9ad8\u53f0\u5927\u58f0\u75be\u547c\uff1a\u201d\u670b\u53cb\u4eec\uff01\u5144\u5f1f\u4eec\uff0c\u59d0\u59b9\u4eec\uff01\u5973\u58eb\u4eec\uff0c\u5148\u751f\u4eec\uff01\u8bf7\u52a1\u5fc5\u5bf9\u6bcf\u4e2a\u5355\u72ec\u7f51\u7edc\u670d\u52a1\u4f7f\u7528\u552f\u4e00\u5bc6\u7801\uff01\u201d\u7136\u800c\uff0c\u8fd9\u5e76\u6ca1\u6709\u8868\u9762\u770b\u4e0a\u53bb\u7684\u90a3\u4e48\u7b80\u5355\uff1a\u6b64\u7c7b\u65b9\u6cd5\u80af\u5b9a\u8fd8\u8981\u7528\u5230\u5bc6\u7801\u7ba1\u7406\u5668\u3002\u5c3d\u7ba1\u53ef\u80fd\u4f60\u5df2\u7ecf\u6709\u4e86\u5bc6\u7801\u7ba1\u7406\u5668\uff0c\u4f46\u4f60\u4f9d\u7136\u9700\u8981\u9759\u4e0b\u5fc3\u6765\u51c6\u786e\u5e76\u5f7b\u5e95\u66f4\u6539\u6240\u6709\u4f60\u4f7f\u7528\u9891\u7387\u8f83\u9ad8\u7684\u7f51\u7edc\u8d44\u6e90\u7684\u5bc6\u7801\uff0c\u5982\u679c\u662f\u5168\u90e8\u7f51\u7edc\u8d44\u6e90\u7684\u8bdd\u5f53\u7136\u66f4\u597d\u3002\u800c\u6765\u81ea\u6211\u4eec\u7684\u7edf\u8ba1\u6570\u636e\u663e\u793a\u53ea\u67097%\u7684\u4eba\u4f7f\u7528\u5bc6\u7801\u7ba1\u7406\u5668\u3002 \u5168\u65b0Carbanak\u7248\u672c\u201d\u5377\u571f\u91cd\u6765\u201d\uff0c\u518d\u6b21\u5bf9\u7f8e\u56fd\u548c\u6b27\u6d32\u5b9e\u65bd\u7f51\u7edc\u653b\u51fb \u65b0\u95fb\u3002\u5361\u5df4\u65af\u57fa\u5b9e\u9a8c\u5ba4\u76842\u6708\u4efd\u7814\u7a76\u3002CSIS\u66f4\u65b0\u7814\u7a76\u3002 \u6211\u4eec\u5c06\u5f15\u7528\u6211\u4eec\u57282\u6708\u4efd\u5bf9\u2019\u53f2\u4e0a\u6700\u4e25\u91cd\u6570\u636e\u76d7\u7a83\u2019\u6240\u53d1\u8868\u7684\u58f0\u660e\uff1a \u201c\u7f51\u7edc\u653b\u51fb\u8005\u6709\u80fd\u529b\u5c06\u7a83\u53d6\u7684\u8d44\u91d1\u8f6c\u79fb\u5230\u4ed6\u4eec\u81ea\u5df1\u7684\u94f6\u884c\u8d26\u6237\u5e76\u7acb\u5373\u7be1\u6539\u4f59\u989d\u62a5\u8868\uff0c\u8fd9\u6837\u53ef\u4ee5\u9632\u6b62\u8be5\u653b\u51fb\u88ab\u8bb8\u591a\u5f3a\u5927\u7684\u5b89\u5168\u7cfb\u7edf\u53d1\u73b0\u3002\u8fd9\u4e00\u64cd\u4f5c\u7684\u6210\u529f\u662f\u5efa\u7acb\u5728\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\u5bf9\u94f6\u884c\u5185\u90e8\u7cfb\u7edf\u5b8c\u5168\u638c\u63a7\u7684\u60c5\u51b5\u4e0b\u3002\u8fd9\u4e5f\u662f\u4e3a\u4ec0\u4e48\u5728\u6210\u529f\u653b\u7834\u94f6\u884c\u7cfb\u7edf\u540e\uff0c\u7f51\u7edc\u5206\u5b50\u4f7f\u7528\u4e86\u5927\u91cf\u60c5\u62a5\u6280\u672f\u4ee5\u6536\u96c6\u6709\u5173\u94f6\u884c\u57fa\u7840\u8bbe\u65bd\u5de5\u4f5c\u65b9\u5f0f\uff08\u5305\u62ec\uff1a\u89c6\u9891\u6355\u6349\uff09\u7684\u5fc5\u8981\u4fe1\u606f\u3002\u201d \u5728\u4e0e\u6267\u6cd5\u673a\u6784\u7684\u5171\u540c\u52aa\u529b\u4e0b\uff0c\u53d1\u73b0\u4e86\u591a\u5bb6\u94f6\u884c\u56e0\u53d7\u5230\u590d\u6742\u4e14\u591a\u5c42\u7684Carbanak\u653b\u51fb\u800c\u906d\u53d7\u8d44\u91d1\u635f\u5931\uff0c\u603b\u91d1\u989d\u8fbe\u523010\u4ebf\u7f8e\u5143\uff0c\u4e14\u603b\u5171\u6709\u8d85\u8fc7100\u591a\u5bb6\u5927\u578b\u91d1\u878d\u673a\u6784\u4e0d\u5e78\u6210\u4e3a\u53d7\u5bb3\u8005\u3002\u4f46\u4e0a\u8ff0\u7f51\u7edc\u653b\u51fb\u53d1\u751f\u57282\u6708\u4efd\uff0c\u800c\u57288\u6708\u672b\u7684\u65f6\u5019\u4e39\u9ea6CSIS\u7814\u7a76\u4eba\u5458\u518d\u6b21\u53d1\u73b0\u4e86Carbanak\u7684\u5168\u65b0\u6539\u8fdb\u7248\u672c\u3002 \u65b0\u65e7\u7248\u672c\u4e4b\u95f4\u7684\u533a\u522b\u5e76\u4e0d\u5927\uff1a\u53ea\u662f\u5c06\u57df\u540d\u66ff\u6362\u6210\u4e86\u9759\u6001IP\u5730\u5740\u3002\u81f3\u4e8e\u6570\u636e\u76d7\u7a83\u6240\u7528\u7684\u63d2\u4ef6\uff0c\u4e0e2\u6708\u4efd\u4f7f\u7528\u7684\u5e76\u65e0\u5dee\u5f02\u3002 \u636eCSIS\u79f0\uff0c\u65b0\u7248\u672c\u7684Crabanak\u5c06\u653b\u51fb\u76ee\u6807\u9501\u5b9a\u4e3a\u6b27\u6d32\u548c\u7f8e\u56fd\u7684\u5927\u578b\u516c\u53f8\u3002 Turla APT\u653b\u51fb\uff1a\u5982\u4f55\u501f\u52a9\u536b\u661f\u7f51\u7edc\u9690\u85cfC&amp;C\u670d\u52a1\u5668 \u65b0\u95fb\u3002\u53e6\u4e00\u7bc7\u65b0\u95fb\u3002\u7814\u7a76\u3002 \u5305\u62ec\u5361\u5df4\u65af\u57fa\u5b9e\u9a8c\u5ba4\u7814\u7a76\u4e13\u5bb6\u5728\u5185\u7684\u4f17\u591ainfosec\u7814\u7a76\u4eba\u5458\u957f\u671f\u5bf9Turla APT\u7f51\u7edc\u95f4\u8c0d\u6d3b\u52a8\u8fdb\u884c\u7814\u7a76\u3002\u53bb\u5e74\uff0c\u6211\u4eec\u516c\u5e03\u4e86\u9488\u5bf9\u9ed1\u5ba2\u653b\u7834\u53d7\u5bb3\u4eba\u8ba1\u7b97\u673a\u3001\u6536\u96c6\u6570\u636e\u5e76\u53d1\u9001\u81f3C&amp;C\u670d\u52a1\u5668\u65b9\u6cd5\u7684\u6781\u5176\u8be6\u7ec6\u7684\u7814\u7a76\u3002 \u8fd9\u4e00\u590d\u6742\u7684\u7f51\u7edc\u95f4\u8c0d\u6d3b\u52a8\u6bcf\u4e2a\u9636\u6bb5\u90fd\u9700\u8981\u7528\u5230\u8bb8\u591a\u5de5\u5177\uff0c\u5305\u62ec\uff1a\u501f\u52a9\u96f6\u65e5\u6f0f\u6d1e\u5229\u7528\u53d7\u611f\u67d3\u6587\u6863\u7684\u2019\u9c7c\u53c9\u5f0f\u7f51\u7edc\u9493\u9c7c\u2019\uff1b\u75c5\u6bd2\u611f\u67d3\u7f51\u7ad9\uff1b\u6839\u636e\u653b\u51fb\u76ee\u6807\u7684\u590d\u6742\u7a0b\u5ea6\u548c\u6570\u636e\u4e34\u754c\u6027\u7684\u5404\u79cd\u6570\u636e\u6316\u6398\u6a21\u5757\uff08\u624b\u52a8\u6311\u9009\uff09\uff1b\u4ee5\u53ca\u76f8\u5f53\u9ad8\u7ea7\u7684C&amp;C\u670d\u52a1\u5668\u7f51\u7edc\u3002\u7ed3\u679c\u662f\uff0c\u622a\u6b628\u6708\u4efd\uff0c\u8be5\u7f51\u7edc\u95f4\u8c0d\u6d3b\u52a8\u58f0\u79f0\u5df2\u572845\u4e2a\u56fd\u5bb6\uff08\u6b27\u6d32\u548c\u4e2d\u4e1c\u5730\u533a\u5360\u4e86\u5927\u90e8\u5206\uff09\u81f4\u4f7f\u6570\u767e\u540d\u7528\u6237\u4e0d\u5e78\u6210\u4e3a\u53d7\u5bb3\u4eba\u3002 \u5c31\u5728\u672c\u5468\uff0c\u5361\u5df4\u65af\u57fa\u7814\u7a76\u4eba\u5458https:\/\/twitter.com\/stefant\u516c\u5e03\u4e86\u8be5\u7f51\u7edc\u653b\u51fb\u6700\u540e\u4e00\u9636\u6bb5\u7684\u6570\u636e\uff0c\u4e5f\u5c31\u662f\u5c06\u76d7\u7a83\u6570\u636e\u53d1\u9001\u81f3C&amp;C\u670d\u52a1\u5668\u7684\u65f6\u5019\u3002\u4e3a\u4e86\u80fd\u8fdb\u884c\u6570\u636e\u6316\u6398\uff0cTurla\u50cf\u4e4b\u524d\u7684\u8bb8\u591aAPT\u9ed1\u5ba2\u5c0f\u7ec4\u4e00\u6837\uff0c\u4f7f\u7528\u4e86\u5404\u79cd\u4e0d\u540c\u65b9\u6cd5\u2013\u6bd4\u5982\uff0c\u6ee5\u7528\u9632\u6258\u7ba1\u3002\u800c\u4e00\u65e6\u5c06\u76d7\u53d6\u6570\u636e\u53d1\u9001\u5230\u5728\u7279\u5b9a\u670d\u52a1\u5668\u4e0a\u6258\u7ba1\u7684\u7279\u5b9aC&amp;C\uff0c\u90a3\u65e0\u8bba\u7f51\u7edc\u72af\u7f6a\u5206\u5b50\u8bbe\u7f6e\u4f55\u79cd\u4ee3\u7406\uff0c\u90fd\u6781\u5927\u53ef\u80fd\u4f1a\u906d\u5230\u6267\u6cd5\u673a\u6784\u902e\u6355\u6216\u88ab\u670d\u52a1\u63d0\u4f9b\u5546\u963b\u6b62\u3002 \u800c\u8fd9\u65f6\u5019\u5c31\u9700\u8981\u7528\u5230\u536b\u661f\u7f51\u7edc\u3002\u4f7f\u7528\u536b\u661f\u7f51\u7edc\u7684\u4f18\u52bf\u5728\u4e8e\u53ea\u8981\u5728\u536b\u661f\u8986\u76d6\u8303\u56f4\u5185\uff0c\u5c31\u53ef\u4ee5\u5728\u4efb\u4f55\u5730\u70b9\u5efa\u7acb\u6216\u79fb\u9664\u670d\u52a1\u5668\u3002\u4f46\u8fd9\u91cc\u8fd8\u6709\u4e2a\u95ee\u9898\uff1a\u79df\u7528\u5bb9\u91cf\u591f\u7528\u7684\u53cc\u5411\u536b\u661f\u4fe1\u9053\u4e0d\u4ec5\u79df\u91d1\u6602\u8d35\uff0c\u800c\u4e14\u4e00\u65e6\u8e2a\u8ff9\u88ab\u53d1\u73b0\u5c06\u5f88\u5bb9\u6613\u66b4\u9732\u670d\u52a1\u5668\u7684\u4f4d\u7f6e\u3002\u6211\u4eec\u7814\u7a76\u4e13\u5bb6\u53d1\u73b0\u7684\u653b\u51fb\u65b9\u6cd5\u5e76\u672a\u4f7f\u7528\u5230\u79df\u8d41\u6a21\u5f0f\u3002 \u53ea\u9700\u5bf9\u536b\u661f\u901a\u4fe1\u7ec8\u7aef\u7684\u8f6f\u4ef6\u7a0d\u52a0\u4fee\u6539\u5c31\u80fd\u8fdb\u884c\u201d\u536b\u661f\u9493\u9c7c\u201d\uff0c\u4e0d\u4ec5\u4e0d\u4f1a\u62d2\u7edd\u4e0d\u5c5e\u4e8e\u4efb\u4f55\u7279\u5b9a\u7528\u6237\u7684\u6570\u636e\u5305\uff0c\u540c\u65f6\u4e5f\u4f1a\u8fdb\u884c\u6536\u96c6\u3002\u7ed3\u679c\u662f\uff0c\u201d\u536b\u661f\u9493\u9c7c\u8005\u201d\u53ef\u80fd\u4f1a\u6536\u96c6\u5230\u5176\u4ed6\u4eba\u7684\u7f51\u9875\u3001\u6587\u4ef6\u548c\u6570\u636e\u3002\u8fd9\u4e00\u65b9\u6cd5\u53ea\u6709\u5728\u4e00\u79cd\u60c5\u51b5\u4e0b\u6709\u6548\uff1a\u536b\u661f\u4fe1\u9053\u5e76\u672a\u52a0\u5bc6\u3002<\/p>\n","protected":false},"author":53,"featured_media":3445,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1506,1450,1308],"tags":[265,878,543,847,871,804,857,44],"class_list":{"0":"post-3439","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"category-news","9":"category-privacy","10":"tag-apt","11":"tag-bugzilla","12":"tag-carbanak","13":"tag-turla","14":"tag-871","15":"tag-804","16":"tag-857","17":"tag-44"},"hreflang":[{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/security-week-37-bug-bugzilla-carbanak-is-back-and-%d1%81c-gone-fishing\/3439\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.cn\/blog\/tag\/apt\/","name":"APT"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/3439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/users\/53"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/comments?post=3439"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/3439\/revisions"}],"predecessor-version":[{"id":11084,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/posts\/3439\/revisions\/11084"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/media\/3445"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/media?parent=3439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/categories?post=3439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.cn\/blog\/wp-json\/wp\/v2\/tags?post=3439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}