Web Images Videos Maps News Shopping Gmail more »
Recently Visited Groups | Help | Sign in
Google Groups Home
Ph4nt0m
+ new post
About this group
Join this group
PHPWIND & DISCUZ! CSRF WORM!
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   Messages 1 - 25 of 27 - Collapse all  -  Translate all to Translated (View all originals)   Newer >
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post will appear after it is approved by moderators
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
ring04h  
View profile   Translate to Translated (View Original)
 More options Jan 8, 12:25 am
From: ring04h <ring...@gmail.com>
Date: Thu, 8 Jan 2009 13:25:04 +0800
Local: Thurs, Jan 8 2009 12:25 am
Subject: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

一个简单的例子,今天也传播了。

URL: http://hk.chinakernel.org/worm.tar.gz

  worm.zip
23K Download

    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Zang  
View profile   Translate to Translated (View Original)
(1 user)  More options Jan 8, 12:56 am
From: Zang <lovelaoz...@gmail.com>
Date: Thu, 8 Jan 2009 13:56:08 +0800
Local: Thurs, Jan 8 2009 12:56 am
Subject: Re: [Ph4nt0m] PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

恩,已经看到效果了。

这个是
Hacked by ring04h, just for fun! 事件解决方法

http://www.discuz.net/thread-1183991-1-1.html

2009/1/8 ring04h <ring...@gmail.com>


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
sunwear  
View profile   Translate to Translated (View Original)
 More options Jan 8, 12:47 am
From: sunwear <sunw...@gmail.com>
Date: Wed, 7 Jan 2009 21:47:06 -0800 (PST)
Local: Thurs, Jan 8 2009 12:47 am
Subject: Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
路过

On 1月8日, 下午1时25分, ring04h <ring...@gmail.com> wrote:


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
raystyle  
View profile   Translate to Translated (View Original)
 More options Jan 8, 1:48 am
From: raystyle <rayst...@gmail.com>
Date: Thu, 8 Jan 2009 14:48:37 +0800
Local: Thurs, Jan 8 2009 1:48 am
Subject: Re: [Ph4nt0m] PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

呵呵,邪恶的人。

2009/1/8 ring04h <ring...@gmail.com>


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
miao  
View profile   Translate to Translated (View Original)
 More options Jan 8, 2:25 am
From: miao <miao0...@gmail.com>
Date: Wed, 7 Jan 2009 23:25:43 -0800 (PST)
Local: Thurs, Jan 8 2009 2:25 am
Subject: Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
牛牛的

On 1月8日, 下午1时25分, ring04h <ring...@gmail.com> wrote:


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
shanker lee  
View profile   Translate to Translated (View Original)
 More options Jan 8, 1:54 am
From: "shanker lee" <shanker...@gmail.com>
Date: Thu, 8 Jan 2009 14:54:28 +0800
Local: Thurs, Jan 8 2009 1:54 am
Subject: Re: [Ph4nt0m] PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

刚才在群里看到的信息

2009/1/8 ring04h <ring...@gmail.com>

> 一个简单的例子,今天也传播了。

> URL: http://hk.chinakernel.org/worm.tar.gz

--
江山待有我等出;
各领黑坛数十年

    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
四不象  
View profile   Translate to Translated (View Original)
 More options Jan 8, 12:54 am
From: 四不象 <tabris17...@gmail.com>
Date: Thu, 8 Jan 2009 13:54:31 +0800
Local: Thurs, Jan 8 2009 12:54 am
Subject: Re: [Ph4nt0m] PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

靠,你不早点说,今天我们公司论坛也中了
还好我力挽狂澜啊


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
bluebanboom  
View profile   Translate to Translated (View Original)
 More options Jan 8, 1:42 am
From: bluebanboom <bluebanb...@gmail.com>
Date: Thu, 8 Jan 2009 14:42:12 +0800
Local: Thurs, Jan 8 2009 1:42 am
Subject: Re: [Ph4nt0m] PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

Hacked by ring04h, just for fun!

2009/1/8 ring04h <ring...@gmail.com>


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
四不象  
View profile   Translate to Translated (View Original)
 More options Jan 8, 1:40 am
From: "四不象" <tabris17...@gmail.com>
Date: Thu, 8 Jan 2009 14:40:49 +0800
Local: Thurs, Jan 8 2009 1:40 am
Subject: Re: [Ph4nt0m] PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

利用crsf,我们论坛没有开启WAP注册啊,难道你还手工去一个论坛一个论坛地注册用户?

我已经建议论坛管理员把所有论坛admin打头的页面都改名了
2009/1/8 四不象 <tabris17...@gmail.com>

--
水仙欲上鲤鱼去
一夜芙蓉红泪多

    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Sker  
View profile   Translate to Translated (View Original)
 More options Jan 8, 2:39 am
From: Sker <cns...@gmail.com>
Date: Wed, 7 Jan 2009 23:39:45 -0800 (PST)
Local: Thurs, Jan 8 2009 2:39 am
Subject: Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
哪位牛人能不能分析下怎么利用呢?我研究了半天!

On 1月8日, 下午1时25分, ring04h <ring...@gmail.com> wrote:


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Robot5  
View profile   Translate to Translated (View Original)
 More options Jan 8, 1:02 am
From: Robot5 <robot...@gmail.com>
Date: Thu, 8 Jan 2009 14:02:58 +0800
Local: Thurs, Jan 8 2009 1:02 am
Subject: Re: [Ph4nt0m] PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
呵呵!发现世界注目的原因了!

在 09-1-8,ring04h<ring...@gmail.com> 写道:


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
qq1901...@gmail.com  
View profile   Translate to Translated (View Original)
 More options Jan 8, 3:36 am
From: <qq1901...@gmail.com>
Date: Thu, 8 Jan 2009 16:36:02 +0800
Local: Thurs, Jan 8 2009 3:36 am
Subject: Re: [Ph4nt0m] PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
FROM:http://www.cnbeta.com/articles/74294.htm

Discuz!官网
1月8日11:38分,部分站长发,论坛首页出现“Hacked by ring04h, just for fun!”的提示。针对用户反馈,康盛创想官方立即组织技术人员对论坛程序进行安全排查,并未发现相关站点的程序漏洞。
11:54分,官方安全部门发现站点 http://customer.discuz.net 域名被劫持,指向一台攻击者控制的服务器(203.86.236.236)。Customer 站点是 Discuz! 用于发送论坛补丁和安全补丁通知的紧
急接口。黑客首先利用 Discuz.net 域名服务商的漏洞,登陆并修改了 Customer 的域名地址,并事先写好了一段攻击代码存放在一台服务器上。

当站长登陆进入论坛后台首页时,由于论坛通知服务器的域名被劫持到新服务器上,从而使得攻击代码运行,模仿站长的身份,提交并修改了论坛的 seo 设置。从而造成论坛无法正常访问。

官方立即修改被劫持域名。11:55分,被劫持域名的重新定向工作完成。

12:15分,官方论坛已经发放代码清除产品包(http://www.discuz.net/thread-1183991-1-1.html)。此次域名劫持事件未涉及官方 Discuz.net 论坛,仅有期间8分钟内登陆管理后台的部分站点受到
影响站点,可参照官方论坛提供的方法修复。

(手工修改方法。Discuz!后台相关seo 设置当中被人插入<script>function init()
{ document.write('Hacked by ring04h, just for fun!');}window.onload =
init;</script>,去掉以后即可。)

域名是互联网基础服务,本次安全问题系由域名劫持造成,Discuz! 各版本软件代码在安全上并无问题,故 Discuz! 官方除了发布恢复方法及恢复工具以外并没有新的补丁发布。

此次域名劫持所造成的安全问题,是一次严重的攻击行为,其行为已违反相关法律法规。根据全国人大常委会于2008年12月22日开始审议的《刑法》修正案 (七)草案中相关条款,此类攻击行为属于被政府严厉
打击的犯罪行为。Discuz! 官方已对案发全过程进行证据保全和公证,并保留追究攻击者法律责任的权力。

--------------------------------------------------
From: "ring04h" <ring...@gmail.com>
Sent: Thursday, January 08, 2009 1:25 PM
To: "Ph4nt0m" <ph4nt0m@googlegroups.com>
Subject: [Ph4nt0m] PHPWIND & DISCUZ! CSRF WORM!


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Saint  
View profile   Translate to Translated (View Original)
 More options Jan 8, 4:02 am
From: Saint <sainthip...@gmail.com>
Date: Thu, 8 Jan 2009 17:02:51 +0800
Local: Thurs, Jan 8 2009 4:02 am
Subject: Re: [Ph4nt0m] PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

P到用时方很少,后悔当初没学好PHP。


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
大頭  
View profile   Translate to Translated (View Original)
 More options Jan 8, 12:36 am
From: 大頭 <c.da...@gmail.com>
Date: Thu, 8 Jan 2009 13:36:57 +0800
Local: Thurs, Jan 8 2009 12:36 am
Subject: Re: [Ph4nt0m] PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

ring04h好牛[?]

2009/1/8 ring04h <ring...@gmail.com>

  35E.gif
< 1K Download

    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
fuzzsword  
View profile  
 More options Jan 8, 3:50 am
From: fuzzsword <FuzzSw...@gmail.com>
Date: Thu, 8 Jan 2009 00:50:25 -0800 (PST)
Local: Thurs, Jan 8 2009 3:50 am
Subject: Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
额.....


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
54netkey  
View profile   Translate to Translated (View Original)
 More options Jan 8, 3:50 am
From: "54netkey" <54net...@gmail.com>
Date: Thu, 8 Jan 2009 16:50:54 +0800
Local: Thurs, Jan 8 2009 3:50 am
Subject: Re: [Ph4nt0m] PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

谁劫持了discuz的域名


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
kelzz  
View profile   Translate to Translated (View Original)
 More options Jan 8, 5:12 am
From: "kelzz" <ke...@126.com>
Date: Thu, 8 Jan 2009 18:12:03 +0800
Local: Thurs, Jan 8 2009 5:12 am
Subject: Re: [Ph4nt0m] Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

漏洞利用分析:

http://hi.baidu.com/kelz/blog/item/3159cb01ef2f5b16738b6578.html

2009-01-08

kelzz

发件人: 54netkey
发送时间: 2009-01-08  17:31:32
收件人: ph4nt0m@googlegroups.com
抄送:
主题: [Ph4nt0m] Re: PHPWIND & DISCUZ! CSRF WORM!

谁劫持了discuz的域名


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
xun wang  
View profile   Translate to Translated (View Original)
 More options Jan 8, 5:07 am
From: "xun wang" <cra...@gmail.com>
Date: Thu, 8 Jan 2009 18:07:33 +0800
Local: Thurs, Jan 8 2009 5:07 am
Subject: Re: [Ph4nt0m] Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

此次域名劫持所造成的安全问题,是一次严重的攻击行为,其行为已违反相关法律法规。根据全国人大常委会于2008年12月22日开始审议的《刑法》修正案
(七)草案中相关条款,此类攻击行为属于被政府严厉
打击的犯罪行为。Discuz! 官方已对案发全过程进行证据保全和公证,并保留追究攻击者法律责任的权力。

。。。。

2009/1/8 54netkey <54net...@gmail.com>


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
ring04h  
View profile   Translate to Translated (View Original)
 More options Jan 8, 4:40 am
From: ring04h <ring...@gmail.com>
Date: Thu, 8 Jan 2009 17:40:48 +0800
Local: Thurs, Jan 8 2009 4:40 am
Subject: Re: [Ph4nt0m] Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

换名又怎样呢?
var siteurl = document.URL;
sitefile = siteurl.replace(/(.*\/){0,}([^\.]+).*/ig,"$2") + '.php';
siteurl = siteurl.replace(/(.*\/){0,}([^\.]+).*/ig,"$1");

来自客户端的智能攻击,在pw.js 里面有改变实现。

2009/1/8 四不象 <tabris17...@gmail.com>


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
schyman  
View profile   Translate to Translated (View Original)
 More options Jan 8, 5:20 am
From: "schyman" <zheng...@gmail.com>
Date: Thu, 8 Jan 2009 18:20:25 +0800
Local: Thurs, Jan 8 2009 5:20 am
Subject: Re: [Ph4nt0m] Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
Hello 四不象,

      是因为管理员登陆了后台,然后访问了http://customer.discuz.net/news.php?.....然后news.phpb不是原来的php,所以就中招了。

Regards!        

schyman
email: zheng...@gmail.com
2009-01-08

======= 2009-01-08 17:37:13 您在来信中写道:=======

= = = = = = = = = = = = = = = = = = = =

    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
四不象  
View profile   Translate to Translated (View Original)
 More options Jan 8, 6:29 am
From: 四不象 <tabris17...@gmail.com>
Date: Thu, 8 Jan 2009 19:29:32 +0800
Local: Thurs, Jan 8 2009 6:29 am
Subject: Re: [Ph4nt0m] Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

因为没想到是从后台XSS的,一直以为是前台出的问题


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
四不象  
View profile   Translate to Translated (View Original)
 More options Jan 8, 6:21 am
From: 四不象 <tabris17...@gmail.com>
Date: Thu, 8 Jan 2009 19:21:13 +0800
Local: Thurs, Jan 8 2009 6:21 am
Subject: Re: [Ph4nt0m] Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author

恩,后来才知道是劫持了discuz的域名,我对discuz也不了解,今天第一次登陆他的后台,一直在纳闷是怎么XSS的。
discuz的官方网站还说他们的软件是没有问题的,晕~


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
DestinyD  
View profile   Translate to Translated (View Original)
 More options Jan 8, 8:35 am
From: DestinyD <destinyd_...@163.com>
Date: Thu, 8 Jan 2009 05:35:58 -0800 (PST)
Local: Thurs, Jan 8 2009 8:35 am
Subject: Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
AJAX 不注意还真是祸害啊=.=

    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
izerosoul@gmail.com  
View profile   Translate to Translated (View Original)
 More options Jan 8, 7:12 pm
From: "izeros...@gmail.com" <izeros...@gmail.com>
Date: Thu, 8 Jan 2009 16:12:37 -0800 (PST)
Local: Thurs, Jan 8 2009 7:12 pm
Subject: Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
现在的大多数站长都不在乎XSS漏洞,这回这个可算是一个不错的例子了,以后说明重要性的时候说不定也能引用一下呢。
和一般的XSS蠕虫当然还是不太一样,不过也足以证明XSS漏洞的威力了。

ring04h你这回连域名服务器都搞了,不怕追究责任么?ZF要是出面找人的还是应该挺容易的。
反正国内的环境不太好.....小心行事:-)

On Jan 8, 1:25 pm, ring04h <ring...@gmail.com> wrote:


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
qq1901...@gmail.com  
View profile   Translate to Translated (View Original)
 More options Jan 8, 10:25 pm
From: <qq1901...@gmail.com>
Date: Fri, 9 Jan 2009 11:25:18 +0800
Local: Thurs, Jan 8 2009 10:25 pm
Subject: Re: [Ph4nt0m] Re: PHPWIND & DISCUZ! CSRF WORM!
Reply to author | Forward | Print | Individual message | Show original | Report this message | Find messages by this author
from:   http://www.techweb.com.cn/news/2009-01-09/383872.shtml

黑客揭秘攻击Discuz!内幕:PHPWind走运
  来源: 腾讯科技  日期:2009.01.09 10:15 (共有0 条评论)  我要评论

腾讯科技讯 1月9日凌晨消息,昨天中午时分网友acsanny发现自己常去的一个“养鱼的论坛”无法正常访问,于是困惑的她发帖询问大家“ring04h是什么意思啊,是 网站被入侵了还是指个人的电脑呢”。

就在昨天相同的时间段内,众多网友和站长发现使用Discuz!程序架设的论坛出现异常。网友aijing810对此描述道,“只要新开一个话题,就马上转到个 白页,写道Hacked by ring04h,just for fun!”

ring04h,对很多人来说是毫无意义的字符串,而却是另一些人顶礼膜拜的对象。

当网页上出现“Hacked by ring04h”字样时,不少有经验的站长意识到,自己的网站遭到了来自ring04h的攻击,起码从名义上看是这样。实际上,ring04h正是著名的“邪八 ”团队的核心成员。

“邪八”,全称邪恶八进制(EvilOctal)信息安全团队。如果我们更直白的称其为黑客团体,可能大家会更容易理解。邪恶八进制的志训中这样写道,“整合专 业安全与古典黑客精神,努力为祖国的信息安全撑起一片蓝天”。

在邪恶八进制的论坛首页可以看到,ring04h还担任着某版的版主,但查看ID详情时得到的提示却是“指定的用户不存在或已被删除”。

昨日下午我们辗转联系到邪恶八进制的创始人“冰血封情”,他对腾讯科技表示,ring04h的ID的确已经被删除了,并且“已经换了另一个ID”。显然以rin g04h目前在黑客圈的知名度,完全可以给ID拥有者带来些不便。

PHPWind走运逃过一劫

ring04h上一次影响广泛的攻击,还得追溯到去年五月。当时Discuz!和PHPWind的官网接连被黑,攻击者都留下“Hacked by ring04h & sunwear,just for fun!”的字样。此次事件,一度让国
内软件双雄Discuz!和PHPWind相当尴尬。

截至1月9日凌晨,腾讯科技始终没有与ring04h取得联系,但却连线到去年五月曾与ring04h一起发起攻击的sunwear。

“目的?就是just for fun”,sunwear坦诚而直接的回答了发起攻击的原因。谈及8日对Discuz!的攻击,sunwear指出表面上看显然是ring04h所为,“不过如 果涉及法律就要看证据了”。

据sunwear透露,昨日的攻击对象原本还包括PHPWind,但由于“PHPWind走运”,最终这次的攻击没有最终波及到PHPWind。sunwear 没有进一步说明更为详细的原因,仅仅表示“总之phpwind是放过了”。

sunwear承认去年5月发起的那次攻击,并没有为自己招惹上什么法律纠纷。sunwear说“一般这个圈子的人做这些事,只要是非盈利、未给人带来损失就可 以,一般很多人也不会追究”。

“还是不要打扰他了”,sunwear最终没有向腾讯科技提供ring04h的联系方式。不过sunwear告诉腾讯科技ring04h的确是个比较有神秘感的 人,而更贴切的形容是“一个比较腼腆的人”。

中国黑客的隐秘生存

去年年底,瑞星副总裁毛一丁曾透露国内至少有十几个大规模地下黑客组织,通过损害用户的方式赚取高额利润。

“要说地下的可多了,不过都是乌合之众”,在sunwear看来这些都称不上是黑客组织,国内除了0x557、XFocus、wss、幻影旅团等之外都属不入流 。sunwear说刚才提到的几个组织不会去赚黑心钱,“或者会,但我不知道”。

据熟悉内情的人士透露,邪八、0x557等黑客组织的成员都有自己的一份本职工作。例如0x557的成员中有些在启明星辰,有些在McAfee等机构工作,而邪 八则有一些成员在天融信、绿盟或者国外等等公司工作。

邪八创始人“冰血封情”对腾讯科技坦言,“我们这个圈子的人都很警惕‘社会工程学攻击’”。冰血封情表示一旦媒体和黑客联系上,他们都会立刻开始确认对方的真实 身份,“这是个行事很警惕的圈子”。

所谓社会工程学攻击,就是利用人们的心理特征,骗取用户的信任,获取机密信息、系统设置等等不公开资料,为黑客攻击和病毒感染创造有利条件。总体上来说,社会工 程学就是使人们顺从你的意愿、满足你的欲望的一门艺术与学问。

根据社会工程学的定义,无论任何时候,在需要套取到所需要的信息之前,社会工程学的实施者都必须:掌握大量的相关知识基础、花时间去从事资料的收集与进行必要的 如交谈性质的沟通行为。

坊间流传着一份《中国顶级黑客组织与人物完全档案》,冰血封情和sunwear等人的简介都赫然在列,不过sunwear却告诉腾讯科技,自己显然不算是中国最 好的黑客。(文/孟鸿)

--------------------------------------------------
From: "sunwear" <sunw...@gmail.com>
Sent: Thursday, January 08, 2009 1:47 PM
To: "Ph4nt0m" <ph4nt0m@googlegroups.com>
Subject: [Ph4nt0m] Re: PHPWIND & DISCUZ! CSRF WORM!


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Messages 1 - 25 of 27   Newer >
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2009 Google