mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-02-03 23:40:14 +08:00
[work complete]This new worm targets Linux PCs and embedded devices
This commit is contained in:
chenjintao_ii
parent
8523c32944
commit
bdd3868606
@ -1,40 +0,0 @@
|
|||||||
[this is bazz2, if you wanna translate this article, no way :P]
|
|
||||||
This new worm targets Linux PCs and embedded devices
|
|
||||||
================================================================================
|
|
||||||
**The malware spreads by exploiting a 2012 vulnerability in PHP, Symantec researchers said**
|
|
||||||
|
|
||||||
IDG News Service - A new worm is targeting x86 computers running Linux and PHP, and variants may also pose a threat to devices such as home routers and set-top boxes based on other chip architectures.
|
|
||||||
|
|
||||||
According to security researchers from Symantec, the malware spreads by exploiting a vulnerability in php-cgi, a component that allows PHP to run in the Common Gateway Interface (CGI) configuration. The vulnerability is tracked as CVE-2012-1823 and was patched in PHP 5.4.3 and PHP 5.3.13 in May 2012.
|
|
||||||
|
|
||||||
The new worm, which was named Linux.Darlloz, is based on proof-of-concept code released in late October, the Symantec researchers said Wednesday in a [blog post][1].
|
|
||||||
|
|
||||||
"Upon execution, the worm generates IP [Internet Protocol] addresses randomly, accesses a specific path on the machine with well-known ID and passwords, and sends HTTP POST requests, which exploit the vulnerability," the Symantec researchers explained. "If the target is unpatched, it downloads the worm from a malicious server and starts searching for its next target."
|
|
||||||
|
|
||||||
The only variant seen to be spreading so far targets x86 systems, because the malicious binary downloaded from the attacker's server is in ELF (Executable and Linkable Format) format for Intel architectures.
|
|
||||||
|
|
||||||
However, the Symantec researchers claim the attacker also hosts variants of the worm for other architectures including ARM, PPC, MIPS and MIPSEL.
|
|
||||||
|
|
||||||
These architectures are used in embedded devices like home routers, IP cameras, set-top boxes and many others.
|
|
||||||
|
|
||||||
"The attacker is apparently trying to maximize the infection opportunity by expanding coverage to any devices running on Linux," the Symantec researchers said. "However, we have not confirmed attacks against non-PC devices yet."
|
|
||||||
|
|
||||||
The firmware of many embedded devices is based on some type of Linux and includes a Web server with PHP for the Web-based administration interface. These kinds of devices might be easier to compromise than Linux PCs or servers because they don't receive updates very often.
|
|
||||||
|
|
||||||
Patching vulnerabilities in embedded devices has never been an easy task. Many vendors don't issue regular updates and when they do, users are often not properly informed about the security issues fixed in those updates.
|
|
||||||
|
|
||||||
In addition, installing an update on embedded devices requires more work and technical knowledge than updating regular software installed on a computer. Users have to know where the updates are published, download them manually and then upload them to their devices through a Web-based administration interface.
|
|
||||||
|
|
||||||
"Many users may not be aware that they are using vulnerable devices in their homes or offices," the Symantec researchers said. "Another issue we could face is that even if users notice vulnerable devices, no updates have been provided to some products by the vendor, because of outdated technology or hardware limitations, such as not having enough memory or a CPU that is too slow to support new versions of the software."
|
|
||||||
|
|
||||||
To protect their devices from the worm, users are advised to verify if those devices run the latest available firmware version, update the firmware if needed, set up strong administration passwords and block HTTP POST requests to -/cgi-bin/php, -/cgi-bin/php5, -/cgi-bin/php-cgi, -/cgi-bin/php.cgi and -/cgi-bin/php4, either from the gateway firewall or on each individual device if possible, the Symantec researchers said.
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: http://www.computerworld.com/s/article/9244409/This_new_worm_targets_Linux_PCs_and_embedded_devices?taxonomyId=122
|
|
||||||
|
|
||||||
译者:[译者ID](https://github.com/译者ID) 校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[1]:http://www.symantec.com/connect/blogs/linux-worm-targeting-hidden-devices
|
|
||||||
@ -0,0 +1,39 @@
|
|||||||
|
新蠕虫能感染 Linux 系统和嵌入式设备!
|
||||||
|
================================================================================
|
||||||
|
**来自𧶼门铁克研究员的消息,这个病毒通过2012年出现的 PHP 漏洞传播**
|
||||||
|
|
||||||
|
据美国国际数据集团(IDG)的新闻 —— 一个新的蠕虫病毒将目标指向那些运行了 Linux 和 PHP 的 x86 架构计算机,其变种还会对运行在其他芯片架构上的设备(诸如家用路由器和机顶盒)造成威胁。
|
||||||
|
|
||||||
|
根据𧶼门铁克研究员的介绍,这种病毒利用 php-cgi 上的一个漏洞进行传播,这个 php-cgi 组件的功能是允许 PHP 代码在通用网关接口(CGI)的配置环境下被执行。此漏洞的代号为 CVE-2012-1823(通过这个漏洞,攻击者可以远程执行任意代码,所以这个漏洞又叫“程任意代码执行漏洞” —— 译者注)。2012年5月份,PHP 5.4.3 和 PHP 5.3.13 这两个版本被打上补丁,修复了这个漏洞。
|
||||||
|
|
||||||
|
这个𧶼门铁克的研究员在[博客][1]中写道:这个名为“Linux.Darlloz”的新蠕虫病毒基于去年10月份放出的 PoC 代码(PoC:proof of concept,概念验证。利用目标计算机的漏洞,为对其进行攻击而设计的代码称为 exploit,而一个没有充分利用漏洞的 exploit,就是 PoC —— 译者注)。
|
||||||
|
|
||||||
|
“在传播过程中,这段蠕虫代码会随机产生 IP 地址,通过特殊途径,利用普通的用户名密码发送 HTTP POST 请求,探测漏洞”,研究员解释道:“如果一个目标没有打上 CVE-2012-1823 的补丁,这台机器就会从病毒服务器下载蠕虫病毒,之后寻找下一个目标。”
|
||||||
|
|
||||||
|
这个唯一的蠕虫变种目前为止只感染了 x86 系统,这是因为这个病毒的二进制格式为 Intel 架构下的 ELF (Executable and Linkable Format)格式。
|
||||||
|
|
||||||
|
然而这个研究员警告说,黑客也为其他架构开发了病毒,包括 ARM,PPC,MIPS 和 MIPSEL。
|
||||||
|
|
||||||
|
这些计算机架构主要用于诸如家用路由器、网络监视器、机顶盒以及其他嵌入式设备。
|
||||||
|
|
||||||
|
“攻击者显然试图在最大范围内感染运行 Linux 的设备”,研究员又说:“然而我们还没有证实他们有没有攻击非 PC 设备。”
|
||||||
|
|
||||||
|
很多嵌入式设备的固件都使用 Linux 作为操作系统,并且使用 PHP 作为 Web 服务管理界面。这些设备比 PC 机 或服务器更容易被攻陷,因为它们不会经常更新软件。
|
||||||
|
|
||||||
|
在嵌入式设备为一个漏洞打上补丁,从来都不是件容易的事。很多厂商都不会定期公布更新信息,而当他们公布时,用户也不会被告知说这些更新解决了哪些安全问题。
|
||||||
|
|
||||||
|
并且,在嵌入式设备上更新软件比在计算机上需要更多的工作,以及更多的技术知识。用户需要知道哪些网站能提供这些更新,然后下载下来,通过 Web 界面更新到他们的设备中。
|
||||||
|
|
||||||
|
“很多用户也许压根就不知道他们家里或办公室的设备存在漏洞,”啰嗦的研究员说:“我们面临的另一个问题是,即使用户注意到他们用的是有漏洞的设备,这些设备的供应商却没有提供补丁,原因是技术落后,或者完全就是硬件的限制:内存不足,或 CPU 太慢,不足以支持这些软件的新版本。”
|
||||||
|
|
||||||
|
“为了保护他们的设备免受蠕虫感染,用户需要确认这些设备是否运行在最新的固件版本上,必要的话,升级固件,设置高强度的管理员密码,在防火墙那儿,或任何独立的设备那儿,屏蔽任何对 -/cgi-bin/php, -/cgi-bin/php5, -/cgi-bin/php-cgi, -/cgi-bin/php.cgi and -/cgi-bin/php4 的 HTTP POST 请求。”没完没了的𧶼门铁克研究员说道。
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: http://www.computerworld.com/s/article/9244409/This_new_worm_targets_Linux_PCs_and_embedded_devices?taxonomyId=122
|
||||||
|
|
||||||
|
译者:[bazz2](https://github.com/bazz2) 校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[1]:http://www.symantec.com/connect/blogs/linux-worm-targeting-hidden-devices
|
||||||
Loading…
Reference in New Issue
Block a user