carlosalbertoteixeiraDeixe um comentário em 主題: Mac OS X 的新後門程式

主題: Mac OS X 的新後門程式

Originally shared by null

主題: Mac OS X 的新後門程式

說明:

Mac 的 OS X 系統斷斷續續以來都有零星的病毒災情傳出,只是不像桌上型的 Windows 及行動裝置 Android 般耀眼。(註:這種事還是低調點好!)

近期國外又出現了利用舊手法(舊漏洞)所傳播的新 OS X 後門程式,嚴格上來講比較像是無妄之災。

關鍵手法:

利用安裝在 OS X 上的 Mcrosoft Office for Mac 版本來觸發漏洞,將後門植入在 OS X 中。

Office 漏洞編號:MS09-027

官方說明:http://technet.microsoft.com/en-us/security/bulletin/ms09-027

觸發的條件:

1.using OS X prior to Mountain Lion;

2.using Microsoft Office 2004 prior to 11.5.5 update or;

3.using Microsoft Office 2008 prior to the 12.1.9 update;

4.eventually comfortable with Terminal application.

後門程式會植入的地方:

~/Library/Application Support/.realPlayerUpdate

~/library/launchagents/.systm

~/library/launchagents/apple.plist

~/library/launchagents/realPlayerUpdate.plist

/Library/Application Support/.realPlayerUpdate

/library/LaunchDaemons/.systm

/library/LaunchDaemons/apple.plist

/library/LaunchDaemons/realPlayerUpdate.plist

跳板主機(中繼站):

hxxp://alma.apple.cloudns.org

hxxp://apple12.crab dance.com

hxxp://update.googmail.org

防治措施:

1.安裝Mac版的防毒軟體。

2.阻擋中繼站的網址。

3.修補 Mcrosoft Office for Mac 漏洞。

4.提高警覺。

http://www.intego.com/mac-security-blog/new-targeted-attack-against-uyghur-mac-users-hitting-the-news///cdn.embedly.com/widgets/platform.js

Deixe um comentário

Este site utiliza o Akismet para reduzir spam. Saiba como seus dados em comentários são processados.

search previous next tag category expand menu location phone mail time cart zoom edit close