Fareit木马分析与防护

11月5日,绿盟威胁分析系统TAC在某行截获未知病毒样本,随即进行样本分析,后续该病毒被命名为Fareit木马。Fareit木马,主要是通过发送垃圾邮件,骗取用户点击运行exe文件来入侵目标主机,进而窃取FTP客户端保存的站点信息与用户密码。

本文对该木马的执行过程及行为进行了详细分析,并从执行检测、网络防护、终端防护等方面给出方法及整体解决方案。文章中呈现的分析过程较为详细,可以成为木马分析的实操手册,并可以为类似的信息窃取类木马分析及防护提供经验借鉴。

阅读全文 “Fareit木马分析与防护” »

An Analysis of the vBulletin 5.x Remote Code Execution Exploit

vBulletin is a commercial Internet forum software package, boasting tens of thousands of users which are growing rapidly worldwide. It is written in the PHP web language and uses the MySQL database. Owing to its large user base, vBulletin is frequently reported to have vulnerabilities. In NSFOCUS Vulnerability Database (NSVD), there are 49 entries related to vBulletin, most of which are SQL injection vulnerabilities. The vulnerability disclosed this time is of a relatively high risk level, known as remote code execution (RCE). Theoretically, an attacker can exploit this vulnerability to execute arbitrary code or even take complete control of a forum that uses this program. 阅读全文 “An Analysis of the vBulletin 5.x Remote Code Execution Exploit” »