早在2014年,Shell Shock(CVE-2014-6721)便作為一個高達10級的漏洞受到極大的關注,而利用Shell Shock瘋狂作案的Bashlite惡意軟體在當時已對不少裝置造成了威脅,這其中包括了路由器、手機、可穿戴裝置等。近日,360 QVM團隊又捕獲了該惡意程式的最新變種,並追蹤到了相關多個平臺的惡意程式,相比老版的bashlite,新版支援的平臺更多,且成功率更高,多種智慧裝置將受到Bashlite惡意軟體影響。
檔名
|
檔案型別
|
lnta
|
ELF 32-bit LSB executable, ARM, version 1, dynamically linked (uses shared libs), not stripped
|
lntb
|
ELF 32-bit LSB executable, ARM, version 1, dynamically linked (uses shared libs), not stripped
|
lntc
|
ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
|
lntd
|
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
|
lnte
|
ELF 32-bit MSB executable, Motorola 68020, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
|
lntf
|
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
|
lntg
|
ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), dynamically linked (uses shared libs), not stripped
|
lnth
|
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), dynamically linked (uses shared libs), not stripped
|
lnti
|
ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
|
lntj
|
ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
|
lntk
|
ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
|
lntl
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), not stripped
|
nt.sh
|
POSIX shell script text executable
|
slnta
|
ELF 32-bit LSB executable, ARM, version 1, statically linked, not stripped
|
slntb
|
ELF 32-bit LSB executable, ARM, version 1, statically linked, not stripped
|
slntc
|
ELF 32-bit LSB executable, ARM, version 1 (SYSV), statically linked, not stripped
|
slntd
|
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
|
slnte
|
ELF 32-bit MSB executable, Motorola 68020, version 1 (SYSV), statically linked, not stripped
|
slntf
|
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
|
slntg
|
ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
|
slnth
|
ELF 32-bit MSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, not stripped
|
slnti
|
ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, not stripped
|
slntj
|
ELF 32-bit MSB executable, PowerPC or cisco 4500, version 1 (SYSV), statically linked, not stripped
|
slntk
|
ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), statically linked, not stripped
|
slntl
|
ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
|
Bashlite危害較大,其新版本不光會影響到裝置的效能,佔用大量網路資源,還有可能會造成隱私洩露等危害,360QVM小組提醒各智慧裝置廠商做好防範措施,韌體使用高版本的BASH,且不要使用弱口令作為驗證手段。管理員們要時刻注意主機的異常程式和網路流量情況。