ボットネットの実態と対策
Contents
1. Q Android2. SD nD I Lt ii 1 d
3. 9 2 9 3 Google
4. IS01
5. ss ubc Alaska UA FCU LIKED Valley Credit Union wkeo ss A chanics Bank UKED 3S jroid READ_INPUT_STATE 26 KDDI R amp D LABS 31 INTERNET DELETE PACKAGES RESTART_PACKAGES READ_PHONE_STATE RECEIVE_SMS READ_CONTIACTS WRITE_CONTACTS CALL PHONE READ_SMS WRITE_SMS SEND_SMS GET TASKS RECEIVE_BOOT_COMPLETED INSTALL PACKAGES ACCESS_NETWORK_STATE WRITE_APN SETTINGS PROCESS_OUTGOING_C
6. Z 305 27 s _ KDDI R amp D LABS AV Bot 661 AV AV 5 Bot 1 Bot PC 1 2 3 4 5 IDS Outbound 37 Bot Outbound IDS PC Outbound IDS FE Q KDDI R amp D LABS Outbound Bot Bot 0 05Mbps 9 0 pps MParkEtVisualizEr a
7. 9 4 LP 15 02 au one Market 15 47 A sp 1 11 r 1
8. Q 32 KDDI R amp D LABS
9. KDDI R amp D LABS DDoS s 2 KDDI R amp D LABS Rn 4 5 exe hosts AV 2 exe hosts 2 exe HnrnerPnt naEEmErnt ystleEm WIndows IntErnet Exnlnrer EE htp Z1921681 101 manphpshnepdetstime 2008 05 14 en2121 live Search w 1 Gee gt x Oo Documents ah ET Pa ER hanageme Content s of Zip file Filemanmes Filesize 214528 bytes 5 exe hosts sae 1 13 bytes 2 12 bytes x 23 4 bytes firewall exe tuorurpo
10. 2010 2 1 g KDDI R amp D LABS Ki KDDI R amp D LABS Android Android OS Google Android PC PC Android gt PC gt KDDI Android 23 Android Linux Dalvik Port gt
11. 3 24 365 20 KDDI R amp D LABS http Www kaizankenchi jp 1 webseT WEB Windows Internet Explorer GT TTT zd Ak GE M Pr A Oketak HotMail NN WebS T X yp Yahoo JAPAN W powered by WEB
12. jm hf ut NW E TYpe Prnptn TCP UDF OE gh8T3 1 CEHHB B 4 1gHHHH 7 824 Tn NRy ut NE hosts AV WINDOWS sytem32 drivers etc hosts AV hnsts 5 ocalhost nn Sart esc Com SECUr TY resbornse Swihart ec dowhn oads kaspersky Tabs down oadss kaspersky Tabs downloads3 kaspersky Tabs dowhn oadsd kaspersky Tabs downloadsn kaspersky Tabs nw kaspeTsky abs com swfaTiteC CO MIUIU falslalel falal soEhos com nw Moat es CO ImCaTee Co jiyeupdats symantecliyeusdatge com A rUsTist com yiruslist com yiruslist com seCuTE CO nw TSecure CO el ll le le A OR LU a IE UR UJ J I ON a U U ll il J J Sl a LU UL 6 J KDDI R amp D LABS 2 8 10 Tripwire
13. A SD 4 129 7 P03 1 KDDI P03 kx 1 Le 1 TestPD18 apk TEST_NEWS P03 kx 1 P03 kx 2 5 gt P 0 3 4 gt 5 I Space SHIFT ALT 30 KDDI R amp D LABS KDDI au one Market au one pe KDDI Android KDDI Andro
14. Ga saum Em Et TR 13 4 ao he FF i bE Windows Internet Explorer x g 9 5 E x 9 2 Coogle 0 TE a ag HotMail Web lt FRARME src content html lt FRA MESET gt lt FRAMESET gt lt HTML gt name content gt script gt Excention document_write amp 039 script src amp O amp I at m amp e amp sO amp O amp c To EO mB amp 0 01g amp o my CO amp amp s t a tDDDc o 1u nl amp t e H amp EOletd u t amp h amp e nt amp 0aot ic ON amp u EO8 C 0 amp S amp 0 Ro amp t amp at tO EEclo mBEt EE I OE Co R I o amp t gt al td D amp amp OnD Gg OloldE 0O cE oCm
15. ye Micrnsnft Aeent Seryet IF EN ioe c a Microsott Corporation WInHnWs ommand Pro icrnsnft Gorporation hg po Windaws Ex cplore 1 mFS nt roaratinn 1 20080503 155705 B00 2 badeulahtm 4 KB TE 3 _ 0O KB 2 4 O Source IP Port Destination IP Pot FQDN exploere exe WihNaimp exe Eventnalyzer winlogon exe 3 CE PC 4 ou Hnst I AHost ut Hast FortRepbrt ll 8 18 5 8 555RTEOO BES5 R ERGD 3 3B4B 154 Py TGP CE 1 TT T1952 1 15 7 80 GXDIOTG GXG ayssam c
16. Lt Ed TES EE L L mm A SD tin ll Gg lt 1 mm am m mm 1
17. KDDI R amp D LABS a bD st High Port acklist JUOIN b or a 11 KDDI R amp D LABS Bot Bot Hunter imiHnwms IntErnet Exnlnrer IL3 EE i Bot Hunter Tr ItP Tr i O Bor Nunter 4 9 Dn BotT 1 2 aetanneds 0 7 2009 03 180015 01 15 8B Q 672 Okbps 2009 03 1300 30 00 1
18. 14 KDDI R amp D LABS Gumblar PC Gumblar FTP EE hicrosoft jmternet Exnlarer KDDI Build 1009 1 oce ee re lt Pe BR Wy FEFVAD E http kidsland int0442 index html htm gt script i malware Gumblar FTP windows onload lt script gt ID PWD a PC Gumblar LL 5 5 2009 02 02 ng nng 2 A ei a a 1 sa KDDI R amp D LABS 16 Web Wiralass LAN Wah Application
19. 10 30 ID IMSI KDDI R amp D LABS 6 TEL Android ID IMEI IMSI OE HH Fr eee _ ami 1 a AdMob has been acquired by Google Learn more AdMob 0 26 Android PC IP AhOoli PAW SE Windomes Internet Explorer y 27228 230135 PAW Server CE WW Am TD
20. lt lt bgcolor black gt lt bgcolor 00000000 gt lt charset gt hack fuck deface JP Web Windows Internet Explorer Windows Imternet Explorer BE ET F CE W TU Ce http izumino jp SecurityyHaf_jphtml FE CE A aQ T JPF WebgX Mirror http mwwzone h tE mirroryid 5HG2O Blog Top Page Tap 2009 09 02 23 58 JST Attacker NobodyCoder Domain http www hayakawa system co jp zone h Apache Izumino Apache TS Linux IP 67 205 61 201 Owner Date 2009 09 02 2358 zone Mirror http amzone h otE mimcryid 9544113 Server i F 1 hack Blog Top Page Top ua en 0 2009 08 31 2 attack 19 58 JST 3
21. HTM L DoCTYPE A a ASWIC DTD HTML 40 Transitiona EN gt CrInt rc httn Crint U src http fijipsb meibu com_f Help a OD ET STI TE httn jnsh meibu_com Halp BC ESPiI a N 1 6 Description eH 79oHHaHY272oHYaHH77 h NN ey RR gt meta http equiv Content Type content te ml charset g meta htt Conternt Types content test html harset gbh2d12 O 3 1 gt Windows mternet Explorer PB GE TDD 0 vd7H2d7ecarfSc T document writety47237acaBfed 3C5343524950543 ErGdnEG4BF E 951 46FBEG JH Bd4nFGH Tn B DB HE E Hm d wrap Hi header 18 KDDI R amp D LABS
22. bk mM gt 13 35 02 2007 11 256 en MndH pcap n 1 1 2 DS 1 13 4h2BHaI 1 I 0 Bot ES C si i 1 i f ly IP Porteh i PC Ieide heide A ly ly w Yi 1 NN Rap i 1 TcPXSYh 4 CPT TC DP AP 32 2g4 220 J 1340 a 92007 11 26 13 40 37500 7 KDDI R amp D LABS
23. 2007 INTEROP TOKYO Best of Show Award WebS T About WebS T KDDI 96 Features of system URL information L webS T Gumblar
24. PRDN__ BetF9DNUPI ek A HTTP exe 0 2009 03 13 Hin0 45 17MHI10 1H 21 1 24 86 165 111 NICK 117 xx kadekcnm 743 29 9491 209 8 18 00 03 47 1318 KB 67 215 1 206 lmaesafhi EO In10 21 11 NICK 2 BS Ws 12 Rn KDDI R amp D LABS AV IDS AV OS 13 KDDI R amp D LABS Web KDDI Web PF IOW AUMAFD INTEROP Web
25. Xx Gongle Fress button to stop yl A yy SS ketak HotMail EE FMW Server P PAW Server BB 31u NN 3 3 ra Pri We rs PE Open the followin a E U R L i YOU 1 hr http Fl ET WSETF Jial a Enter a number and press the Dial button 228 230 135 8080 Ca 048 487 30 lt lEIHE Click nn nhnne number to make a call ET EE IF 7 a 2 7 IS E 29 KDDI R amp D LABS KDDI Market Market Android KDDI Market au one Market
26. Windows XP APPFLICATIONES Fhone mm Ar 5 Windnw nntEnt Et ANAEr Resaurce dt lf Manager Manager LI EE AMNOROID RUMNTIME surace iainager ledia SLite Care Libraries Framework Opentsl Es FreeType saL aaL LINIUHX KERNEL Display Bluetaath 1 ET FE ee Driver amera Driver Driver SE riwer Keypad Diriver WWiFI Driver 24 KDDI R amp D LABS Dalvik VM G s 52Au 4A 9 14 AM FTP 1 This application has access to the This application has access to the followin fo
27. O 0 amp Ca EDD a Dh CDE amp amp DtEE SOb amp Gat8 ns DO amp amp o amp I m 0 C I amp l ig amp 039 amp 039 amp 039 defer defer gt lt fscr amp 039 amp 039 ipt gt amp 039 lt fscript gt lt 929598ed8cac5432a01cbac531b0dad5 gt lt html gt KDDI R amp D LABS KDDI Web Web DB Wep 9 En Ima XXX ge gIf DB DB 17 KDDI R amp D LABS J 1 Windows ImtErnet Exnlnrer P4 EK ry ey ET lt ive searcn PH 5
28. 5 10 6 185651 1O7Kbps A 2009 03 13010000 14 5 1 7 5633 43Kbps zone osctaotnfdf ml 4 sal s osl 2009 03 1301 30i05 15 9 8 400 1kbps 15 1 2 1 4 5 IKEps 1 2nn9 n3 13 0 n0 45 15 18 373 NMW FQDN Eat 7 NW FL BatlJ FQDN FQDNDP BlackList HI Fexe gHH H3 18 1 7 MBI101021 1 xx kaBekcnm 7 43 226 242 1 NIGKE14 yatLgxe HIH dB almayssam com T2151 206 las5 wot exe snhetech ihfn 72 10 156 195 las5 SS BE WSS EXE gg 13 KE 14 145 127 2 HI 0 M IphTBEHE marunnuchitnkywn ncn Eg jb 184 EE T2412 Ii H g 2 184 103 4 EE 24 BS 155 111 pd 10 a1 1 IGE 1 9 II Hg HG phf1 4H8marunnuchitnkyn ncn ng jp 18 glBwta 5D 159 5 49 DO 11 07 HH n2 15 gt 6 NW
29. ALLS INSTALL SHORTCUT LOCATION ACCESS FINE_LOCATION ACCESS_LOCATION_EXTRA_COMMANDS ACCESS_MOCK_LOCATION ACCESS_COARSE_LOCATION ACCESS_COARSE_UPDATES CALL PRIVILEGED MODIFY_PHONE_STATE GOOGLE_AUTH mall WAKE_LOCK WRITE_EXTERNAL STORAGE USE_CREDENTIALS VIBRATE ID IMEI TF W ID 1 GPS Google nn Fle Ma A 1 EL F Ti fl 1 A FF a y OK W15 5B scanning Installed apps PE bh 186 app s scanned 0 virus es found com android server vpn OM randroid resources TAnaEe a EP C manc reate HCTn ansitEX IE WETIC ssO andro gd BE PC 27
30. deface Attacker The_CGiLqgiN Domain http yonyon sakura ne jp stored index1 htr lt zone h Apache 1 3 41 Unix mod_ss 2 8 31 e er jzumino Apache 1 3 41 Unix mod_ ssl 2 8 31 FreeBSD 202 181 97 40 2009 09 04 0058 zone Mirror http wwwwzone h otE mirroryid 524072 4 intrud 5 fuck 2 6 poison 7 visibility hidden wv Le 1 4 O JP Web http izumino jp Security def_jp html KDDI SOC Ws 19 KDDI R amp D LABS Web 1 2 3 KDDI Web 1 Web 2 TOP
31. id OO RR 0 MN Android 31 KDDI R amp D LABS KDDI Market DL Market QA 6 Android Market www google com Android 9 9 1
32. llowin A Network communication A Network communication full Internet acces5 full Internet access tA ne A Phonecalls A Your personal information and identity tics data read user defined O pnb prevent phone from sleeping gt Show al gt Show al Cancel RN Android 2 Droid09 nttp www itmedia cO D enterprise articles 1001712 news018 html http journal mycom co jp news 2010 01 14 019 index html Sn So Bank nf Canad Keh35 android permission READ_INPUT_STATE
33. n exe hosts mdtaij exe Ugdrmw axe 2z5112 bytes Packet Capture File Tinvwestamp Filemame Filesize Downlaad 8 5 1 1 1 2 B05 1 212145 pcap 25O05Z2 bytes Antivirus Scan Result 3 exe hosts Tinvwestamp Filename R 5 ult 1 4 1 1 firewall exe EWirut WW 21 2 hosts TRIOhost aA 2 1 4 1 21 logon exe TR Cr pt NSERM Gen 1 1 1 yhprryhpyhp df G00B 1 9 1 1 2 828BE2 7 WW 2rVirut Wy m EE 10HW KDDI R amp D LABS HDD cmd exe explorer exe bedaula htim Windows PC FE ED WW GQ HD rm EQ FLA
34. om L 6 154 Pw TEF CE 21BB 1UUTU TE 174 18238 7000 GXDIOTG GXG hdjg Tcnm MM i 11HPm TEP mWH 4 1H17 httpMgH mB1UU1H T1952 2 P Port HB7 Ti TEF CE 1 16571 http mnBTUUTU TS _888H1 1BH Fe TGF K 218 1UU1U TSE 1H 1 httngH j BxhlnrF Exxg MayssaITLCnm F O ggg 11IFe TEF CE 1H16 http H mhBTUUTU TS mah 197 Pw TGP PSH CK 01657 7 http 11TODTD TE 591 1BHPm TEE CE TE TDD TD 1H8g 1H1 httpn Hi explorer exe HH avssam co pga UHF TEF FSH EE B8 10H1H 19SD 1 18ga38 DO j glrer EE HH hdjgjgT cnm 593 1 TCE PSH EE TE OD 1B TDD 1g8h B94 154 Pw TEF CE 21BB 1UHTU 198H 1 18ga38 OU Explorer exe DU hdiejgTcnmm mg5 112 Pw TEP FPSH OE HDHD 11 1 _ 6 TC Pw TGF 7 21BB 1UUTU 198a 1 16B2a5aa 3438 winlogon exe TE pg T1554 Pw TEP TH 1 5B1UUTU 1 i 4a2o249 8080 WITIOEOT GXG kaiek com _ gg 1 Pw TEP 7 BB 1UUTU TS InuPEinee RLRTsTI WWInIngnh EB HH AT LS _ ag 1 Fe TGCF GT 21EB 1UHTU 1984 11 84 135 winlogon exe _ gl 18hPe TGP RST EE 11582EG534 gpmand5n 181HH1H 1984 _ gh1H3 Ti Pw TGCF GT 21BB 1UHTU TE 15B EG5d5 jehrman dE whognh Exe OO dE 1 Fe TEP GT 5B1UH1U T1956 11FBEG5dR ghrman dB WinIngnh Ex OO 1 TE DE TT DER Hm H 15 Ds 5h Ba 8 OD OC 2d 4E HH8 5 HH E 1 oD 3H 8 4 4 nn BD DE DE FE PO a Da D2 HB EEantureTime
Download Pdf Manuals
Related Search