每日安全简讯(20161025)

1、勒索软件首次进入最危险恶意软件TOP3
2、研究人员破解银行木马Sphinx DGA算法
3、恶意软件Hicurdismos假冒微软蓝屏诈骗
4、网上购物系统Prestashop被植入恶意代码
5、已修补BIND DNS远程DoS漏洞仍有影响
6、统计表明iOS应用比安卓应用更易泄露隐私

【安天】搜集整理（来源：softpedia、softpedia、com、softpedia、securityweek、softpedia）

1、勒索软件首次进入最危险恶意软件TOP3
标题：Ransomware Reaches the Malware Top 3 for the First Time
Locky enters the Top 10 most prevalent malware standings

作者信息：Oct 23, 2016 22:30 GMT By Catalin Cimpanu

//BEGIN
According to statistics gathered by Check Point, for the first time ever, ransomware has entered the top 3 of today's most dangerous malware.
按照安全公司CheckPoint的统计数字计算，勒索软件第一次进入了恶意软件排行的前三甲。当然这个排名不包含移动恶意软件。其实很多人都能意识到勒索软件的危害性，但是在2016年以前，绝大部分人都认为这个威胁离我们还很远：勒索也是别人的事情。今年的这个统计数字给大家都敲了警钟。

//END
Below is the full top 10 based on Check Point's data. Only desktop malware is included. The mobile malware top 3 is made up by HummingBad, Triada, and Ztorg.
1. Conficker
2. Sality
3. Locky
4. Cutwail
5. Zeus
6. Chanitor
7. Tinba
8. Cryptowall
9. Blackhole
10. Nivdort
TOP10恶意软件排行，其中的第三名是勒索软件Locky.它是2016年初期出现并逐渐流行起来。
另外移动恶意代码的前三甲是：HummingBad, Triada, and Ztorg.悍马竟然名列榜首。

点评：传统恶意软件再厉害，也是昨日黄花。现在已然是移动的天下。

2、研究人员破解银行木马Sphinx DGA算法
标题：Cracking of Sphinx Trojan DGA Opens the Door for Botnet Takedown
Sphinx botnet much smaller than initially thought

作者信息：Oct 23, 2016 21:30 GMT  By Catalin Cimpanu

//BEGIN
Security researchers from Arbor Networks have cracked the Doman(译者注：此处应为Domain) Generation Algorithm (DGA) used by the Sphinx banking trojan, which, in theory, would allow security firms and authorities to intervene and take down the botnet.
由于安全公司破解了Sphinx网银木马组成的僵尸网络的随机动态域名生成算法DGA，因此从理论上讲，政府部门完全可以在安全公司的协助下，对这个僵尸网络系统进行精准打击，一举端掉这个网银木马系统。

//END
Previously, Arbor Networks researchers had cracked the DGA of the Mad Max botnet, allowing them to accurately guess all the C&C domains names the malware would have used in the upcoming months and years.
其实，已经有先例了，不过，以前是另外一个僵尸网络Mad Max，其同样采用了DGA随机动态域名生成算法。执法部门之所以能将其端掉，很重要的一个原因是在安全公司的协助下，已经推算出了其所有要采用的域名。只要全部封掉这些域名，显然这个僵尸网络就没有存在的空间了。

//备注：
# https://github.com/tildedennis/malware/blob/master/sphinx/dga.py
# tildedennis/malware
# Sphinx Zeus DGA PoC
# Dennis Schwarz, Arbor Networks, ASERT, October 2016
import ctypes
def dga(year, month, day):
    ymd_str = "%d%d%d" % (year, month, day)
    seed = int(ymd_str)
    domains = []
    for idx in range(128):
        domain = []
        for i in range(16):
            seed = (idx + i + ((seed >> 0x18) & 0xff | (seed << 0x8)) + 0x2ab3fea3) & 0xffffffff
            s_seed = ctypes.c_int(seed).value
            domain.append(chr((abs(s_seed) % 0x19) + ord("a")))
        domain = "".join(domain) + ".com"
        domains.append(domain)
    return domains
if __name__ == "__main__":
    domains = dga(2016, 10, 25)
    for domain in domains:
        print domain
DGA算法Python伪代码

点评：僵尸网络是该想办法好好治治了。要不然会反了天：指哪打哪。

3、恶意软件Hicurdismos假冒微软蓝屏诈骗
标题：Microsoft warns of malware dressed up as Security Essentials
Hicurdismos drive-by download tries to trick people into tech support scams.

作者信息：Oct 24 2016 9:28AM  By Juha Saarinen

//BEGIN
A new Windows malware masquerading as a Microsoft Security Essentials (MSE) installer is making the rounds on the internet, attempting to trick users into contacting tech support scammers for paid assistance.
日前，出现了一个假冒微软MSE安全软件的恶意软件。它会以setup.exe安装文件的形式出现，一旦用户安装，会出现一个“蓝屏”提示，其实是让用户拨打一个可能导致财产损失的所谓技术支持电话号码。

//END
Hicurdismos is rated as a severe threat by Microsoft, which has added detection and removal capability against the malware in its Windows Defender security program.
Microsoft suggested Australian users who come across Hicurdismos report the malware to the government's ScamWatch.
微软将这个威胁的级别确定为严重级别。Windows Defender已经可以检测和清除。同时微软公司建议澳洲的客户，当遇到类似情况，请直接报告给政府的诈骗观察ScamWatch组织。

点评：Hicurdismos，一个澳洲人喜欢的名字，群主表示实在记不住呀。相比之下：蓝屏的简称BSoD就好记得多：blue screen of death。

4、网上购物系统Prestashop被植入恶意代码
标题：Prestashop Malware Found Logging Admin Credentials
Crook collecting credentials of Prestashop admins

作者信息：Oct 23, 2016 22:00 GMT  By Catalin Cimpanu

//BEGIN
There's a new brand of web malware going around, according to Sucuri security experts, who say this sneaky threat is designed to log admin credentials for e-commerce stores.
最新安全公司发现了一个可以盗取电子商务网站登录密码的恶意代码。

//END
You generally don't see credential stealers on online stores that often. In most cases, security experts find malicious code that collects payment card details via checkout forms.
在线商店的登录认证密码往往并不常常被盗或者黑客们愿意盗取，实际上，最多的对象是支付卡的详细信息才是其关注的焦点。
奇怪的是，其实黑客已经拿下了该网站，但是还是要想办法获取系统管理员的登录密码。也可能是为了撞其他的库用，毕竟不是每个网站都能那么容易拿下。

点评：双11就要到了，网上购物狂人们最好多注意(声音提高11度喊)：安装智甲以及AVL Pro以确保台式机以及手机的购物安全。

5、已修补BIND DNS远程DoS漏洞仍有影响
标题：BIND Flaw Patched in 2013 Affects Linux Distros

作者信息：October 24, 2016 By Eduard Kovacs

//BEGIN
A vulnerability patched by the Internet Systems Consortium (ISC) in the BIND DNS software several years ago has been found to affect Linux distributions that use packages derived from BIND releases prior to the security hole being fixed.
几年前，ISC针对BIND DNS软件发布的一个补丁，目前依然发现对新近发布的Linux操作系统版有影响。


//END
“The CHANGES file distributed with every version of BIND source contains a chronological list of source code changes in each branch's history. Safe versions of BIND contain fix #3548,” ISC said in its advisory. “If you did not receive source code with your distribution of BIND and cannot check CHANGES, check with the package provider who has furnished the BIND distribution you are using. Current versions of BIND available from ISC are confirmed to be free of the vulnerability.”
文件名为CHANGES的文件按照字母顺序记录了BIND的源码变化情况：哪些文件修改了。而且ISC发布的最新版的BIND被认为是没有漏洞版本。

点评：又一个严重的漏洞被修补，不补的话还能导致DDOS攻击.....

6、统计表明iOS应用比安卓应用更易泄露隐私
标题：iOS Apps Leak More User Data than Android Apps
Larger number of iOS devices found in enterprise networks

作者信息：Oct 23, 2016 21:20 GMT  By Catalin Cimpanu

//BEGIN
An analysis of transactions originating from devices protected by Zscaler security products reveals that iOS applications leak private user information in more situations than Android apps.
70 percent of all the transactions that leaked private user data were traced back to iOS devices in China, and 20 percent to devices in South Africa. The US, the UK, and the Republic of Ireland made up the rest of the top 5.
Most of the leaky Android devices were located in the US (55 percent), the UK (16 percent), and China (12 percent).
虽然业内一直有传闻称：iOS的操作系统比Android的操作系统安全，但是构建在其上的APP应用程序是不是就是更安全了呢？
最近根据一个安全公司的实际分析统计发现：情况并不是这样。恰恰相反：iOS的应用相对来说，更容易泄露用户隐私，从而导致用户的财产损失等。
当然这些统计分析都是针对一些能进行交易的应用程序进行的。
iOS操作系统下的APP的情况是：中国70%的交易存在信息泄露，这个数字在南非是20%，后面的三个排名依次是：美国、英国和爱尔兰。
Android操作系统下的APP的情况则是：美国、英国和中国分别占前三名，比例分别是55%、16%和12%。

//END
The problem here is the potential for long-term threats. An attacker that taps into a company's traffic can gather large amounts of reconnaissance information over time, which he can later use in individually-targeted attacks such as spear-phishing, smishing, or denial of service (DoS).
这里的问题的关键可能还不是表面的财产损失，而是长期的威胁存在。黑客们可以通过监测企业内网的流量来定位关键的目标，从而进行更有针对性的钓鱼攻击、短信诈骗

点评：果粉们可能不喜欢这个中文标题的结论。