2014年9月14日 星期日

[資安] What is Blackhole exploit kit?

圖片來源:itpro


這一陣子一直聽到Exploit kit 這個駭客用來攻擊伺服器的名詞,但是實際運作原理是什麼一直不清楚,最近終於有時間看了一下wiki - Blackhole exploit kit 的介紹,心裡才大概有了個譜,攻擊步驟大概如下:

  1. The customer licenses the Blackhole exploit kit from the authors and specifies various options to customize the kit.
  2. A potential victim loads a compromised web page or opens a malicious link in a spammed email.
  3. The compromised web page or malicious link in the spammed email sends the user to a Blackhole exploit kit server's landing page.
  4. This landing page contains obfuscated JavaScript that determines what is on the victim's computers and loads all exploits to which this computer is vulnerable and sometimes a Java applet tag that loads a Java Trojan horse.
  5. If there is an exploit that is usable, the exploit loads and executes a payload on the victim's computer and informs the Blackhole exploit kit server which exploit was used to load the payload.

所以Blackhole Ecploit kit主要功能還是引導你到他們的laning page 透過某些技術來掃描你系統已知的弱點,然後在針對這個弱點再下載相對應的破解/後門/木馬程式到你電腦....然後你的電腦就被俘虜了...如果不及早處理,你的電腦就會變成殭屍大軍,或是變成下一個攻擊別人電腦的跳板....

聽起來也很像所有防毒軟體的運作模式?XD




張貼留言