未来以G20峰会为主题的攻击
Flea攻击团体并非是G20峰会期间需要担忧的唯一威胁。威胁制造者总会在G20峰会期间发现合适的攻击机会,向政府、金融和经济发展组织中的个人发起攻击。去年,在俄罗斯圣彼得堡G20峰会召开之前,赛门铁克检测到使用 Poison Ivy 远程访问特洛伊木马 (RAT) 攻击多个组织机构的活动。这些被作为目标的组织机构在未来的G20峰会中很可能会遭遇相同的攻击。毫无疑问,不同的威胁制造者仍旧会继续利用各机构对G20峰会的关注,把他们作为未来的攻击目标。
安全防护
赛门铁克建议用户在打开来自未知发送者的不明电子邮件和附件时保持谨慎。近期,赛门铁克检测到关于G20主题攻击中使用的恶意软件为Infostealer.Hoardy。
入侵指示:
MD5s:
§ 026936afbbbdd9034f0a24b4032bd2f8
§ 069aeba691efe44bfdc0377cd58b16ae
§ 072af79bb2705b27ac2e8d61a25af04b
§ 09b5f55ce2c73883c1f168ec34d70eb9
§ 153b035161c8f50e343f143d0f9d327f
§ 277487587ae9c11d7f4bd5336275a906
§ 2a3da83f4037ad82790b2a6f86e28aa2
§ 2df1fd8d73c39dbdbb0e0cdc6dbd70de
§ 34252b84bb92e533ab3be2a075ab69ac
§ 4c46abe77c752f21a59ee03da0ad5011
§ 4c86634100493f0200bbdaf75efa0ebe
§ 56dd30a460cdd3cf0c5356558550e160
§ 5cc39185b302cc446c503d34ce85bab7
§ 5ee64f9e44cddaa7ed11d752a149484d
§ 5ee81c755aa668fc12a9cbcbab51912f
§ 5ff0cb0184c2bcfbda32354f68ca043c
§ 62af361228a14b310042e69d6bab512c
§ 649691e1d367721f0ff899fd31133915
§ 6af82418fa391ea1c5b9a568cb6486b1
§ 6cb633b371700d1bd6fde49ab38ca471
§ 703c9218e52275ad36147f45258d540d
§ 727ef86947f5e109435298e077296a42
§ 745355bbb33c63ebc87d0c021eebbf67
§ 777aab06646701c2c454db5c06982646
§ 7fd4dcc3ae97a5cd2d229b63f1daa4b6
§ 82b1712156c5af50e634914501c24fb1
§ 89495d7f2f79848693f593ea8385c5cd
§ 8aebcd65ac4a8c10f0f676a62241ca70
§ 8c7cf7baaf20fe9bec63eb8928afdb41
§ 8c8d6518910bc100e159b587a7eb7f8d
§ 98f58f61f4510be9c531feb5f000172f
§ a8d6302b5711699a3229811bdad204ca
§ aa0126970bab1fa5ef150ca9ef9d9e2e
§ abe4a942cb26cd87a35480751c0e50ae
§ b391d47b37841741a1817221b946854a
§ b68a16cef982e6451ddf26568c60833d
§ b9c47a5ccd90fda2f935fc844d73c086
§ be58180f4f7ee6a643ab1469a40ffbca
§ c2c1bc15e7d172f9cd386548da917bed
§ c50116a3360eec4721fec95fe01cf30e
§ c718d03d7e48a588e54cc0942854cb9e
§ d03d53f3b555fe1345df9da63aca0aaf
§ da9f870ef404c0f6d3b7069f51a3de70
§ e0abc2e1297b60d2ef92c8c3a0e66f14
§ e4d8bb0b93f5da317d150f039964d734
§ e75527a20bb75aa9d12a4d1df19b91fa
§ e8c26a8de33465b184d9a214b32c0af8
§ ecc1167a5f45d72c899303f9bbe44bbc
§ feec98688fe3f575e9ee2bd64c33d646
§ 14e79a4db9666e0070fe745551a2a73e
§ 2fc6827c453a95f64862638782ffeb9d
§ 4f2cc578e92cdf21f776cbc3466bad10
§ b2c51b84a0ebb5b8fc13e9ff23175596
§ cc92b45a6568845de77426382edf7eb0
§ 05f854faef3a47b0b3d220adee5ccb45
§ db8e651a2842c9d40bd98b18ea9c4836
§ 15302b87fe0e4471a7694b3bc4ec9192
§ 9ee87ad0842acf7fc0413f2889c1703e
§ 836ea5f415678a07fd6770966c208120
§ ea12d6f883db4415d6430504b1876dc6
§ 88e869f7b628670e16ce2d313aa24d64
指挥和控制服务器(Command-and-control servers):
§ g20news.ns01[.]us
§ news.studenttrail[.]com
§ skyline.ns1[.]name
§ www.trap.dsmtp[.]com
§ ftp.backofficepower[.]com
§ news.freewww[.]info
§ blackberry.dsmtp[.]com
§ adele.zyns[.]com
§ windowsupdate.serveuser[.]com
§ officescan.securitynh[.]com
§ cascais.epac[.]to
§ www.errorreporting.sendsmtp[.]com
§ www.sumba.freetcp[.]com
§ google.winfy[.]info
§ cname.yahoo.sendsmtp[.]com
§ mail.yahoo.sendsmtp[.]com
§ update.msntoole[.]com
§ expo2010.zyns[.]com
§ win7.sixth[.]biz
§ ensun.dyndns[.]org
§ www.spaces.ddns[.]us
§ blog.strancorproduct[.]info
§ belgiquede[.]com
§ brazil.queretara[.]net
§ facebook.proxydns[.]com
§ windows.serveusers[.]com