Bleeping Computerã¯6æ24æ¥(ç±³åœæé)ããNew FileFix attack weaponizes Windows File Explorer for stealthy commandsãã«ãããŠãWindowsã®ãšã¯ã¹ãããŒã©ãŒãæªçšããClickFixæŠè¡ã®äºçš®ãFileFixããéçºããããšå ±ãããæ°ããæ»æææ³ã¯ãmr.d0x(@mrd0x)ããåä¹ãã»ãã¥ãªãã£ç 究è ã«ããéçºãããã
åŸæ¥ã®ClickFixæŠè¡ã¯ããã¡ã€ã«åãæå®ããŠå®è¡ããã€ã¢ãã°ãéããããŠãŒã¶ãŒèªèº«ã«æªæã®ããã³ãã³ããå®è¡ãããŠäŸµå®³ããããã®ææ³ã¯åºãæªçšãããŠããããã³ãã³ãå®è¡ãèŠæ±ããŠããããšããããããŸã§æ°ã¥ããããããšããæ¬ ç¹ãããã
ããã§ç 究è ã¯ä»ã®ä»£æ¿ææ³ãååšããªãã調æ»ããWebãã©ãŠã¶ããé¢ããã«ä»»æã®ã³ãã³ããå®è¡ããèå³æ·±ãææ³ãçºèŠããŠããã
-
New FileFix attack weaponizes Windows File Explorer for stealthy commands
FileFixæŠè¡ã®æŠèŠ
ç 究è ã¯6æ23æ¥ããFileFix - A ClickFix Alternative | mr.d0xãã«ãŠFileFixæŠè¡ã®è©³çŽ°ãå ¬éããŠãããç 究è ã«ãããšããã®ææ³ã¯ãšã¯ã¹ãããŒã©ãŒã®ã¢ãã¬ã¹ããŒã«ååšããã³ãã³ãå®è¡æ©èœãæªçšãããšããã
æ®æ®µãšã¯ã¹ãããŒã©ãŒã®ã¢ãã¬ã¹ããŒããã³ãã³ããå®è¡ããæ©äŒã¯ãããªããšæããããããcmd.exeããšå ¥åããŠãªã¿ãŒã³ããŒãæŒããšãã³ãã³ãããã³ãããéãããšã確èªã§ããããã®æ©èœã¯ãšã¯ã¹ãããŒã©ãŒãåäœã§èµ·åããå Žåã«éå®ããããã¢ããªã®ããã¡ã€ã«ãéãããã€ã¢ãã°ã§ãæ©èœããã
-
ãšã¯ã¹ãããŒã©ã®ã¢ãã¬ã¹ããŒã«ã³ãã³ããå ¥åããäŸ
FileFixæŠè¡ã§ã¯Webãã©ãŠã¶ã®ãã¡ã€ã«ãéããã€ã¢ãã°ãæªçšãããå ·äœçã«ã¯ãã¡ã€ã«ã¢ããããŒãæã®ãã¡ã€ã«éžæãã€ã¢ãã°ã䜿çšããããšã¯ã¹ãããŒã©ãŒã¯ã·ã§ãŒãã«ããããŒ(Ctrl+L)ãå ¥åããããšã§ã¢ãã¬ã¹ããŒãéžæããããšãå¯èœãªãããã¢ãã¬ã¹ããŒãç¥ããªããŠãŒã¶ãŒãç°¡åã«èªå°ã§ãããšããŠããã
æ»æã®æé
æ»ææé ã¯æ¬¡ã®ãšããã
- 䟵害ããWebãµã€ãã§åœã®èŠåç»é¢ããããã¢ãã衚瀺ãã
- ã¯ãªããããŒãã«æªæã®ããã³ãã³ããã³ããŒããããŠãŒã¶ãŒã«ã¯ç¡æå³ãªãã¹ã衚瀺ããŠã³ããŒãä¿ããããŠãŒã¶ãŒæäœã«é¢ä¿ãªãæªæã®ããã³ãã³ããã³ããŒããã
- Webãµã€ãã®é²èŠ§ã«å¿ èŠãšããŠããã¿ã³(å®éã¯ã¢ããããŒããã¡ã€ã«ã®éžæãã¿ã³)ã®ã¯ãªãã¯ãæ±ãã
- ã¢ãã¬ã¹ããŒãžã®è²Œãä»ããšãšã³ã¿ãŒããŒã®å ¥åãæ±ãã
æ»æãå®è¡ããå Žåã®åé¡
ãã®æ»æããã®ãŸãŸæ¡çšããå Žåã次ã®2ã€ã®åé¡ãçºçããå¯èœæ§ãããããããåé¡ã«ã€ããŠãç 究è ã¯å ·äœçãªè§£æ±ºçãææ¡ããŠããã
- ã¢ãã¬ã¹ããŒã«å ¥åãããã³ãã³ããèŠèªã§ãã - ã³ãã³ãæ«å°Ÿã«ã³ã¡ã³ããšããŠãã¡ã€ã«ãã¹ãšç©ºçœãå ¥åããããšã§ããã¡ã€ã«ãã¹ã®ã¿è¡šç€ºãããããšãã§ãã
- ãŠãŒã¶ãŒããã¡ã€ã«ãã¯ãªãã¯ããããšã§ã³ãã³ãå ¥åãåé¿ããã - ãã¡ã€ã«éžæãã€ã¢ãã°ã®ã€ãã³ããã€ã³ã¿ãŒã»ãããããŠãŒã¶ãŒã«ç°ãªãæäœãããªãããã«èŠåãããèŠåã¡ãã»ãŒãžãéããåŸã¯ãå³åº§ã«å ¥åãã¯ãªã¢ããŠãã€ã¢ãã°ãéãçŽã
FileFixæŠè¡ã®å¿çš
ç 究è ã¯FileFixæŠè¡ã®èª¿æ»äžãMoTWããŒã¯(MoTW: Mark-of-the-Web)ãç¡èŠã§ããããšãçºèŠããŠãããäºåã«æªæã®ãããã¡ã€ã«ãä¿åãããå¿ èŠããããã®ã®ãã¢ãã¬ã¹ããŒããMoTWããŒã¯ä»ãã®ãã¡ã€ã«ãèŠåãªãã§å®è¡ã§ãããšããã
ããã¯ä¿®æ£ãããŠããªãã»ãã¥ãªãã£è匱æ§ãšæšæž¬ãããããã¢ãã¬ã¹ããŒããã¢ããªãèµ·åãããšMoTWããŒã¯èªäœãåé€ããããšããŠããããã ããæªçšããã«ã¯Microsoft Defender SmartScreenãªã©å¥ã®ã»ãã¥ãªãã£æ©èœãåé¿ããå¿ èŠããããå®çšã¯é£ãããšãããã
圱é¿ãšå¯Ÿç
Bleeping Computerã«ãããšç 究è ã¯æ¬¡ã®ããã«è¿°ã¹ãè¿ãå°æ¥ã«è åšã«ãªãå¯èœæ§ã瀺åãããšããã
ãFileFixæ»æã¯ã·ã³ãã«ãã€ããç¥ãããWindowsãŠãŒãã£ãªãã£ãæªçšããŠãããããããã«è åšã¢ã¯ã¿ãŒã«æ¡çšããããšèããŠããã
ãã®ææ³ã¯ClickFixæŠè¡ãšåæ§ãç¥ãããšã§åé¿å¯èœãšèãããããããããèŠå衚瀺ãããŠãŒã¶ãŒæäœãèŠæ±ããŠãŠãŒã¶ãŒèªèº«ã«ã³ãã³ããå®è¡ãããç¹åŸŽçãªå ±éç¹ããããææ³ãç¥ãããšã§åé¿å¯èœãšã¿ããããäŒæ¥ãçµç¹ã®ã»ãã¥ãªãã£æ åœè ã«ã¯ãæ°ããææ³ãåŸæ¥å¡æè²ã«åãå ¥ããç©æ¥µçã«å¯ŸçããããšãæãŸããŠããã
