This article is an automated machine-translation of an article in English. We know the translation isn't perfect, but we hope it's useful for people who don't read English.

如何更棒的蠕虫病毒迅速传播,因此

Filed Under: Featured, Malware, Social networks, Spam, Vulnerability

更棒的蠕虫尽管Tumblr是清洁的页面,而今天的蠕虫影响 ,SophosLabs的是能简要地探讨如何感染扩散。

看来,该蠕虫病毒利用了的更棒的reblogging功能,这意味着,任何人登录到贴吧会自动一个reblog感染后,如果他们参观了一个有问题的页面。

每个受影响的职位有一些恶意代码嵌入到他们:

从恶意更棒的文章守则

base 64字符串的实际编码的JavaScript,里面藏着一个iFrame是肉眼看不到的,拖着一个URL的内容。一旦解码,其意图的代码变得更加清晰。

更棒的蠕虫所使用的代码,

此代码解释了为什么有些用户看到一个弹出消息,看似来自更棒的:

弹出消息

如果您没有登录到贴吧时,您的浏览器访问的网址,它会简单地重定向到标准登录页面。但是,如果您的计算机登录到贴吧,它会导致在GNAA的内容reblogged自己的Tumblr还。

Reblogged post on Tumblr

(顺便说一下,Sophos是现在保护客户通过阻止访问的strangled.net的URL)

它不应该是可能的人成为一个更棒的职位发布此类恶意的JavaScript -我们的假设是,攻击者设法绕过更棒的防御掩饰他们的代码,通过使用base 64编码,并将其嵌入在一个 src =“数据”标签属性。

由于SophosLabs的专家弗雷泽霍华德这篇文章中提供的帮助。

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Follow him on Twitter: @gcluley.