In recent days, , The tinder Security Lab detected a worm “Prometei” It is spreading all over the network . The virus invades the terminals in the LAN in a large area by means of horizontal penetration attack , And can cross platform (Window、Linux、macOS Such as system ) Horizontal communication . Tinder safety reminds users , Especially the enterprises 、 Government sector 、 School 、 Hospitals and other institutions with large lan , Do a good job in troubleshooting and protection in time , Avoid being affected by the virus . at present , Safety of tinder ( Personal Edition 、 Enterprise Edition ) The product has intercepted and killed the virus .
According to the traceability analysis of tinder Safety Laboratory , After the virus invades the terminal , It will receive and execute various instructions issued by the virus author through the remote server , Including mining 、 Update virus module 、 Issue new virus modules and other malicious acts . besides , The virus will also create services 、 Add self start to the registry to achieve the purpose of staying in the user terminal for a long time , And weaken the system security by modifying the firewall rules , It does not even rule out the possibility that the virus author attacks the external network terminal through the back door instruction .
Virus malicious behavior execution process
What's more serious is , After the virus invades the terminal , You can also follow the backdoor instructions issued by the virus author , Conduct horizontal penetration attack on other terminals under the same network segment , More impact , Threaten more LAN users . According to the analysis of tinder Safety Laboratory , The virus mainly penetrates horizontally through weak password burst and vulnerability , among , Vulnerabilities used by the virus include “ Eternal Blue ” Loophole 、Redis Unauthorized access vulnerability 、BlueKeep Loophole 、Apache Log4j Vulnerabilities and other common high-risk vulnerabilities . in addition , The virus is still being updated , It does not rule out the possibility of introducing more attack methods for horizontal penetration attack in the future .
C&C Server address
Worms are characterized by the constant replication of themselves , And can carry other virus modules , and “ Good at ” Spread through vulnerability attacks or horizontal penetration , So as to infect the target equipment in a large area , Is a common threat in LAN .
In recent years , The safety of tinder has also been continuously upgraded, including killing and protection technology , So as to effectively prevent the worm virus from spreading wantonly in the LAN : Such as 【 Remote login protection 】 function , Can effectively resist the virus RDP、SMB Such breaking behavior ;【 Lateral penetration protection 】 The function can effectively intercept the subsequent penetration and intrusion of the virus , Stop the spread of virus in LAN , Prevent the terminal from being affected by the virus ;【Web Service protection 】、【 Network intrusion interception 】、【 External attack interception 】 The above service vulnerabilities 、 Timely intercept system vulnerability attacks .
![[harmonyos] [arkui] how can Hongmeng ETS call pa](/img/19/9d2c68be48417e0aaa0d27068a67ce.jpg)