õ©¡Õø¢þÜäÚ╗æÕ«óÕ£¿Õì½µÿƒ Õø¢Úÿ▓ÕÆîþöÁõ┐íÕà¼ÕÅ©ÕåàÚâ¿Þ┐øÞíîÚ╗æÕ«óµö╗Õç╗

ÞÁøÚù¿ÚôüÕàï(Symantec)þÜäþáöþ®Âõ║║ÕæÿÞí¿þñ║´╝îÕ£¿Þ┐çÕÄ╗õ©ÇÕ╣┤Úçî´╝îõ©ÇÕ£║µ║ÉÞç¬õ©¡Õø¢þÜäÕàêÞ┐øÚ╗æÕ«óÞíîÕè¿´╝îõ©Çþø┤Õ£¿µ©ùÚÇÅþ¥ÄÕø¢ÕÆîõ©£Õìùõ║ÜþÜäÕì½µÿƒÞ┐ÉÞÉÑÕòåÒÇüÕø¢Úÿ▓µë┐ÕîàÕòåõ╗ÑÕÅèþöÁõ┐íÕà¼ÕÅ©ÒÇé

ÞÁøÚù¿ÚôüÕàïþÜäþáöþ®Âõ║║ÕæÿÕ£¿õ©Çõ╗¢µèÑÕæèõ©¡þº░´╝îµö╗Õç╗ÞÇàõ©ôÚù¿Õ»╗µë¥ÕÆîµäƒµƒôõ║åõ©Çõ©¬þö¿õ║ÄþøæÞºåÕÆîµÄºÕêÂÕì½µÿƒþÜäÞ«íþ«ùµ£║ÒÇéÕæ¿õ║îÕÅæÞí¿þÜäÕìÜÕ«óµûçþ½áÒÇé Õ£░þÉåþ®║Úù┤õ║ºõ©ÜþÜäþ¼¼õ║îõ©¬þø«µáçÞó½Ú╗æÕ«óµö╗Õç╗´╝îÚøåõ©¡Õ£¿Õ«âõ¢┐þö¿þÜäÞ¢»õ╗ÂÕ╝ÇÕÅæÕÀÑÕàÀõ©èÒÇéÕ»╣Þ┐Öõ║øµ£¬ÕàÀÕÉìÕà¼ÕÅ©Þ┐ÉÞÉѵû╣ÚØóþÜäÕà│µ│¿Þí¿µÿÄ´╝îÚ╗æÕ«óõ©ìõ╗àÕ»╗µ▒éµïªµê¬Þâ¢Õèø´╝îÞ┐ÿÕÅ»Þ⢵ö╣ÕÅÿõ╝üõ©ÜÕÆîµÂêÞ┤╣ÞÇàÕÅæÚÇüþÜäÚÇÜõ┐íµÁüÚçÅÒÇé

ÞÁøÚù¿ÚôüÕàï(Symantec)þÜäþáöþ®Âõ║║ÕæÿÕåÖÚüô´╝ÜÔÇ£Úù┤Þ░ìÞíîõ©║ÕÅ»Þ⢵ÿ»Þ»ÑÚøåÕøóþÜäÕ迵£║´╝îõ¢åÞÇâÞÖæÕê░Õ«âÕ»╣ÕªÑÕìŵôìõ¢£þ│╗þ╗ƒþÜäÕà┤ÞÂú´╝îÕ«âõ╣ƒÕÅ»Þâ¢ÚççÕÅûµø┤ÕàÀõ¥ÁþòѵǺÒÇüµø┤ÕàÀþá┤ÕØŵǺþÜäÕº┐µÇü´╝îÕªéµ×£Õ«âÚÇëµï®Þ┐ÖµáÀÕüÜþÜäÞ»ØÒÇéÔÇØ

ÚØáÕ£ƒÕ£░þöƒµ┤╗

ÞÁøÚù¿ÚôüÕàïÞç¬2013Õ╣┤Úªûµ¼íÞó½ÕÅæþÄ░þ¡ûÕêÆõ©ÇÕ£║Úù┤Þ░ìµ┤╗Õè¿õ╗ѵØÑ´╝îÕ░▒õ©Çþø┤Õ£¿ÞÀƒÞ©¬Þ┐ÖÕ«Âõ©¡Õø¢Ú╗æÕ«óÚøåÕøóÒÇéÞÁøÚù¿ÚôüÕàïµëÇþº░þÜäSCRIP´╝îÕ£¿Õ¢ôµùÂõ©╗Þªüõ¢┐þö¿Þç¬Õ«Üõ╣ëÕ╝ÇÕÅæþÜäµüµäÅÞ¢»õ╗ÂÕÀÑÕàÀÒÇéÕ£¿µ£ÇÞ┐æþÜäÞíîÕè¿õ©¡´╝îÕí×ÚçîµÖ«ÚççÕÅûõ║åõ©ÇþºìÕ«ëÕà¿þáöþ®Âõ║║Õæÿþº░õ╣ïõ©║ÔÇ£ÚØáÕ£ƒÕ£░þöƒµ┤╗ÔÇØþÜäþ¡ûþòÑ´╝îÞ┐Öþºìþ¡ûþòÑõ¥ØÚØáÕÉêµ│òþÜäÕÀÑÕàÀÕÆîµôìõ¢£þ│╗þ╗ƒÕèƒÞ⢵ØѵĺÕêÂþø«µáçþÜäþ¢æþ╗£ÒÇéÚÇÜÞ┐çõ¢┐þö¿þø«µáçþ¢æþ╗£õ©¡ÕÀ▓þ╗ÅÕ¡ÿÕ£¿þÜäþø©ÕÉîÕÀÑÕàÀ´╝îµö╗Õç╗ÞÇàþÜäµüµäŵ┤╗Õè¿õ©Äþø«µáçþÜäÕÉêµ│òÞ┐øþ¿ïµÀÀÕÉêÕ£¿õ©ÇÞÁÀÒÇé

Thripõ¢┐þö¿þÜäÕà│Úö«ÕÀÑÕàÀÕîàµï¼þö¿õ║ĵĺÕêÂþ¢æþ╗£Þ┐×µÄÑþÜäÞ«íþ«ùµ£║þÜäMicrosoft SysInalsÕÀÑÕàÀpsExecÒÇüMicrosoftÞäܵ£¼ÕÀÑÕàÀPowerShellÒÇüÕ╝ǵ║ÉFTPÕ«óµêÀþ½»WinSCPÕÆîÞ┐£þ¿ïÞ«┐Úù«Þ¢»õ╗ÂLogMeInÒÇéÞ»Ñþ╗äþ╗çÞ┐ÿõ¢┐þö¿õ║åÕàìÞ┤╣µÅÉõ¥øþÜäMimiKatzÚ╗æÕ«óÕÀÑÕàÀÒÇéõ©ÇµùªÞ»Ñþ╗äþ╗çµë¥Õê░õ║åµäƒÕà┤ÞÂúþÜäþë╣Õ«ÜÞ«íþ«ùµ£║´╝îÕ«âÕ░åÚâ¿þ¢▓Þç¬Õ«Üõ╣ëµüµäÅÞ¢»õ╗´╝îÕàÂõ©¡Õîàµï¼Trojan.Rikamanu´╝îÞ»ÑÞ¢»õ╗µù¿Õ£¿þ¬âÕÅûÞ«┐Úù«Õç¡Þ»üÕÆîÕàÂõ╗ûµòŵ䃵ò░µì«´╝øInfosteWar.Catchamas´╝îÕ»╣Trojan.RikamanuþÜäÞíÑÕàà´╝îÕîàÕɽþö¿õ║ÄÚÜÉþºÿÕÆîµò░µì«µìòÞÄÀþÜäÚÖäÕèáÕèƒÞ⢴╝øõ╗ÑÕÅèTrojan.Mycicil´╝îõ©Çþºìþö▒õ©¡Õø¢Õ£░õ©ïÚ╗æÕ«óÕêøÕ╗║þÜäÚö«þøÿÞ«░Õ¢òÕÖ¿ÒÇé

Õ£¿µ£ÇÞ┐æþÜäÕÉîõ©Çµ¼íThripÞ┐ÉÕè¿õ©¡´╝îÕàÂõ╗ûþø«µáçÕîàµï¼õ©ÇÕ«ÂÕø¢Úÿ▓µë┐ÕîàÕòåÕÆîõ©ëÕ«Âõ©£Õìùõ║ÜþöÁõ┐íÞ┐ÉÞÉÑÕòåÒÇéÕ»╣Õ£░þÉåþ®║Úù┤µêÉÕâÅþ╗äþ╗çþÜäµö╗Õç╗ÚÆêÕ»╣Þ┐ÉÞíîMapXtremeÕ£░þÉåõ┐íµü»þ│╗þ╗ƒÞ¢»õ╗ÂþÜäÞ«íþ«ùµ£║´╝îÞ»ÑÞ¢»õ╗Âþö¿õ║ÄÕ╝ÇÕÅæÕ«ÜÕêÂþÜäÕ£░þÉåþ®║Úù┤Õ║öþö¿þ¿ïÕ║Å´╝îÕ╣ÂÕ░åÕƒ║õ║Äõ¢ìþ¢«þÜäµò░µì«ÚøåµêÉÕê░ÕàÂõ╗ûÕ║öþö¿þ¿ïÕ║Åõ©¡ÒÇéÞ┐Öµ¼íµö╗Õç╗Þ┐ÿÚÆêÕ»╣Þ┐ÉÞíîÞ░Àµ¡îÕ£░þÉâµ£ìÕèíÕÖ¿(GoogleEarthServer)ÕÆîGarminµêÉÕâÅÞ¢»õ╗ÂþÜäµ£║ÕÖ¿ÒÇé

ÞÁøÚù¿ÚôüÕàïÞí¿þñ║´╝îÞ┐Öõ©ÇÞíîÕè¿þÜäþ¼¼õ©Çõ©¬Þ┐╣Þ▒íÕç║þÄ░Õ£¿õ╗èÕ╣┤1µ£ê´╝îÕ¢ôµùÂÞ»ÑÕà¼ÕÅ©þÜäõ©Çµ¼¥õ║ºÕôüÕÅæþÄ░õ║åPsExecÕ£¿õ©£Õìùõ║Üõ©ÇÕ«ÂÕñºÕ×ïþöÁõ┐íõ¥øÕ║öÕòåõ©¡þÜäÕÅ»þûæþö¿ÚÇöÒÇéþáöþ®Âõ║║ÕæÿÕ¥êÕ┐½ÕÅæþÄ░´╝îµö╗Õç╗ÞÇൡúÕ£¿õ¢┐þö¿SysinalsÕÀÑÕàÀÕ£¿þöÁõ┐íµÅÉõ¥øÕòåþ¢æþ╗£ÕåàþÜäÞ«íþ«ùµ£║õ©èÞ┐£þ¿ïÕ«ëÞúàõ©Çõ╗µ¡ñÕëìµ£¬þƒÑþÜäµüµäÅÞ¢»õ╗ÂÒÇéÞÁøÚù¿ÚôüÕàïÕÉĵØÑþí«Þ«ñ޻ѵüµäÅÞ¢»õ╗µÿ»Trojan.RikamanuþÜäµø┤µû░þëêµ£¼ÒÇéÞ┐ÖÚí╣Þ┐ÉÕè¿Þç¬ÕÄ╗Õ╣┤õ╗ѵØÑõ©Çþø┤Õ£¿Þ┐øÞíîÒÇé

Source: ArsTecha