|
怎样黑进Microsoft:循序渐进指南(2)
The Microsoft intrusion was almost certainly not the work of elite hackers; if it had been, we would not now be reporting it. What we're going to detail below is how a fool can (and did) sack the Magic Kingdom.
Everything the newbie cracker needs to break in to the Microsoft Developers' Network is readily available on the Web following a brief search. Here's how you go about it: First, you'll download a Trojan which can be distributed via e-mail. QAZ, which was used in the M$ attack, is a fine choice because it will automatically copy itself throughout shared folders on a LAN. It's a malicious backdoor program masquerading as the familiar Microsoft utility Notepad.
Once activated, QAZ searches for notepad.exe and copies itself in place of the standard Notepad file, while simultaneously re-naming it note.com. The beauty here is that when someone executes their Trojanised Notepad, it also launches note.com, or the original Notepad, so the application appears to behave normally to the user. It then searches the entire LAN for additional copies of notepad.exe to infect.
To get it implanted on a LAN in the first place, you need to feed it to someone dense enough to execute it. It's easy enough to distribute as an e-mail attachment, but not everyone will fall for it. Thus there are two chief obstacles to getting started, neither of which is terribly difficult to overcome.
First there is social-engineering - that is, baiting the victim. The Wording of the e-mail message has got to make executing the attached program both desirable and sensible. Presenting it as a software patch or upgrade is a common stratagem, though there are others. Zipping it and naming it PornCollection.zip or DirtyJokes.zip is another.
If the e-mail message makes sense in context of the attachment, and if it's sent to enough potential victims, the combined laws of probability and human nature ensure that some dumb bastard will activate the payload. And with QAZ, you only need one victim; it will propagate on its own.
|
