圖片來源:itpro
這一陣子一直聽到Exploit kit 這個駭客用來攻擊伺服器的名詞,但是實際運作原理是什麼一直不清楚,最近終於有時間看了一下wiki - Blackhole exploit kit 的介紹,心裡才大概有了個譜,攻擊步驟大概如下:
- The customer licenses the Blackhole exploit kit from the authors and specifies various options to customize the kit.
- A potential victim loads a compromised web page or opens a malicious link in a spammed email.
- The compromised web page or malicious link in the spammed email sends the user to a Blackhole exploit kit server's landing page.
- This landing page contains obfuscated JavaScript that determines what is on the victim's computers and loads all exploits to which this computer is vulnerable and sometimes a Java applet tag that loads a Java Trojan horse.
- If there is an exploit that is usable, the exploit loads and executes a payload on the victim's computer and informs the Blackhole exploit kit server which exploit was used to load the payload.
所以Blackhole Ecploit kit主要功能還是引導你到他們的laning page 透過某些技術來掃描你系統已知的弱點,然後在針對這個弱點再下載相對應的破解/後門/木馬程式到你電腦....然後你的電腦就被俘虜了...如果不及早處理,你的電腦就會變成殭屍大軍,或是變成下一個攻擊別人電腦的跳板....
聽起來也很像所有防毒軟體的運作模式?XD
沒有留言:
張貼留言