This article is an automated machine-translation of an article in English. We know the translation isn't perfect, but we hope it's useful for people who don't read English.

如何更棒的蠕虫病毒迅速传播,因此

Filed Under: Featured, Malware, Social networks, Spam, Vulnerability

更棒的蠕虫尽管Tumblr是清洁的页面,而今天的蠕虫影响 ,SophosLabs的是能简要地探讨如何感染扩散。

看来,该蠕虫病毒利用了的更棒的reblogging功能,这意味着,任何人登录到贴吧会自动一个reblog感染后,如果他们参观了一个有问题的页面。

每个受影响的职位有一些恶意代码嵌入到他们:

从恶意更棒的文章守则

base 64字符串的实际编码的JavaScript,里面藏着一个iFrame是肉眼看不到的,拖着一个URL的内容。一旦解码,其意图的代码变得更加清晰。

更棒的蠕虫所使用的代码,

此代码解释了为什么有些用户看到一个弹出消息,看似来自更棒的:

弹出消息

如果您没有登录到贴吧时,您的浏览器访问的网址,它会简单地重定向到标准登录页面。但是,如果您的计算机登录到贴吧,它会导致在GNAA的内容reblogged自己的Tumblr还。

Reblogged post on Tumblr

(顺便说一下,Sophos是现在保护客户通过阻止访问的strangled.net的URL)

它不应该是可能的人成为一个更棒的职位发布此类恶意的JavaScript -我们的假设是,攻击者设法绕过更棒的防御掩饰他们的代码,通过使用base 64编码,并将其嵌入在一个 src =“数据”标签属性。

由于SophosLabs的专家弗雷泽霍华德这篇文章中提供的帮助。

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.