{"id":476393,"date":"2023-08-09T07:28:31","date_gmt":"2023-08-09T07:28:31","guid":{"rendered":""},"modified":"2023-12-22T07:01:07","modified_gmt":"2023-12-22T07:01:07","slug":"conficker","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/vn\/wiki\/conficker\/","title":{"rendered":"conficker"},"content":{"rendered":"<p>Conficker hay c\u00f2n g\u1ecdi l\u00e0 Downup, Downadup hay Kido l\u00e0 m\u1ed9t lo\u1ea1i s\u00e2u m\u00e1y t\u00ednh kh\u00e9t ti\u1ebfng xu\u1ea5t hi\u1ec7n v\u00e0o cu\u1ed1i n\u0103m 2008. Ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i n\u00e0y khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng trong h\u1ec7 \u0111i\u1ec1u h\u00e0nh Microsoft Windows, l\u00e2y lan nhanh ch\u00f3ng qua m\u1ea1ng m\u00e1y t\u00ednh v\u00e0 g\u00e2y thi\u1ec7t h\u1ea1i \u0111\u00e1ng k\u1ec3 tr\u00ean to\u00e0n th\u1ebf gi\u1edbi. S\u00e2u Conficker \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 t\u1ea1o ra m\u1ed9t m\u1ea1ng botnet, m\u1ed9t m\u1ea1ng l\u01b0\u1edbi c\u00e1c m\u00e1y t\u00ednh b\u1ecb nhi\u1ec5m virus d\u01b0\u1edbi s\u1ef1 ki\u1ec3m so\u00e1t c\u1ee7a c\u00e1c t\u00e1c nh\u00e2n \u0111\u1ed9c h\u1ea1i, cho ph\u00e9p ch\u00fang th\u1ef1c hi\u1ec7n nhi\u1ec1u ho\u1ea1t \u0111\u1ed9ng b\u1ea5t h\u1ee3p ph\u00e1p kh\u00e1c nhau nh\u01b0 kh\u1edfi \u0111\u1ed9ng c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng DDoS, \u0111\u00e1nh c\u1eafp th\u00f4ng tin nh\u1ea1y c\u1ea3m v\u00e0 ph\u00e1t t\u00e1n th\u01b0 r\u00e1c.<\/p>\n<h2>L\u1ecbch s\u1eed ngu\u1ed3n g\u1ed1c c\u1ee7a Conficker v\u00e0 l\u1ea7n \u0111\u1ea7u ti\u00ean nh\u1eafc \u0111\u1ebfn n\u00f3<\/h2>\n<p>Ngu\u1ed3n g\u1ed1c c\u1ee7a Conficker c\u00f3 th\u1ec3 b\u1eaft ngu\u1ed3n t\u1eeb th\u00e1ng 11 n\u0103m 2008 khi n\u00f3 \u0111\u01b0\u1ee3c c\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u b\u1ea3o m\u1eadt ph\u00e1t hi\u1ec7n l\u1ea7n \u0111\u1ea7u ti\u00ean. N\u00f3 nhanh ch\u00f3ng thu h\u00fat \u0111\u01b0\u1ee3c s\u1ef1 ch\u00fa \u00fd do t\u1ed1c \u0111\u1ed9 lan truy\u1ec1n nhanh ch\u00f3ng v\u00e0 \u0111\u1ed9 ph\u1ee9c t\u1ea1p c\u1ee7a m\u00e3, khi\u1ebfn vi\u1ec7c ti\u00eau di\u1ec7t n\u00f3 tr\u1edf n\u00ean kh\u00f3 kh\u0103n. M\u1ee5c ti\u00eau ch\u00ednh c\u1ee7a s\u00e2u n\u00e0y l\u00e0 c\u00e1c m\u00e1y t\u00ednh ch\u1ea1y h\u1ec7 \u0111i\u1ec1u h\u00e0nh Windows, \u0111\u1eb7c bi\u1ec7t l\u00e0 Windows XP v\u00e0 Windows Server 2003, v\u1ed1n ph\u1ed5 bi\u1ebfn trong th\u1eddi gian \u0111\u00f3.<\/p>\n<h2>Th\u00f4ng tin chi ti\u1ebft v\u1ec1 Conficker. M\u1edf r\u1ed9ng ch\u1ee7 \u0111\u1ec1 Conficker.<\/h2>\n<p>Conficker s\u1eed d\u1ee5ng nhi\u1ec1u k\u1ef9 thu\u1eadt \u0111\u1ec3 ph\u00e1t t\u00e1n v\u00e0 l\u00e2y nhi\u1ec5m v\u00e0o m\u00e1y t\u00ednh. S\u1ef1 lan truy\u1ec1n c\u1ee7a n\u00f3 ch\u1ee7 y\u1ebfu d\u1ef1a v\u00e0o vi\u1ec7c khai th\u00e1c c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u00e3 bi\u1ebft trong h\u1ec7 th\u1ed1ng Windows. Ph\u01b0\u01a1ng th\u1ee9c ph\u00e2n ph\u1ed1i ch\u00ednh c\u1ee7a s\u00e2u bao g\u1ed3m khai th\u00e1c m\u1eadt kh\u1ea9u qu\u1ea3n tr\u1ecb vi\u00ean y\u1ebfu, chia s\u1ebb m\u1ea1ng v\u00e0 c\u00e1c thi\u1ebft b\u1ecb l\u01b0u tr\u1eef di \u0111\u1ed9ng nh\u01b0 \u1ed5 USB. S\u00e2u n\u00e0y c\u00f2n c\u00f3 kh\u1ea3 n\u0103ng l\u00e2y lan qua c\u00e1c t\u1ec7p \u0111\u00ednh k\u00e8m email v\u00e0 c\u00e1c trang web \u0111\u1ed9c h\u1ea1i.<\/p>\n<p>Khi Conficker l\u00e2y nhi\u1ec5m v\u00e0o h\u1ec7 th\u1ed1ng, n\u00f3 s\u1ebd c\u1ed1 g\u1eafng v\u00f4 hi\u1ec7u h\u00f3a ph\u1ea7n m\u1ec1m b\u1ea3o m\u1eadt v\u00e0 h\u1ea1n ch\u1ebf quy\u1ec1n truy c\u1eadp v\u00e0o c\u00e1c trang web li\u00ean quan \u0111\u1ebfn b\u1ea3o m\u1eadt, khi\u1ebfn ng\u01b0\u1eddi d\u00f9ng kh\u00f3 c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m ho\u1eb7c t\u1ea3i xu\u1ed1ng c\u00e1c b\u1ea3n v\u00e1 b\u1ea3o m\u1eadt. N\u00f3 s\u1eed d\u1ee5ng c\u00e1c k\u1ef9 thu\u1eadt li\u00ean l\u1ea1c v\u00e0 m\u00e3 h\u00f3a ti\u00ean ti\u1ebfn \u0111\u1ec3 tr\u00e1nh b\u1ecb ph\u00e1t hi\u1ec7n v\u00e0 duy tr\u00ec li\u00ean l\u1ea1c v\u1edbi c\u00e1c m\u00e1y ch\u1ee7 ch\u1ec9 huy v\u00e0 ki\u1ec3m so\u00e1t c\u1ee7a m\u00ecnh.<\/p>\n<h2>C\u1ea5u tr\u00fac b\u00ean trong c\u1ee7a Conficker. Conficker ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o<\/h2>\n<p>S\u00e2u Conficker bao g\u1ed3m m\u1ed9t s\u1ed1 th\u00e0nh ph\u1ea7n ph\u1ed1i h\u1ee3p v\u1edbi nhau \u0111\u1ec3 x\u00e2m nh\u1eadp v\u00e0 ki\u1ec3m so\u00e1t c\u00e1c h\u1ec7 th\u1ed1ng b\u1ecb nhi\u1ec5m:<\/p>\n<ol>\n<li><strong>M\u00f4-\u0111un lan truy\u1ec1n:<\/strong> M\u00f4-\u0111un n\u00e0y cho ph\u00e9p Conficker khai th\u00e1c l\u1ed7 h\u1ed5ng trong h\u1ec7 th\u1ed1ng Windows v\u00e0 l\u00e2y lan sang c\u00e1c m\u00e1y t\u00ednh d\u1ec5 b\u1ecb t\u1ea5n c\u00f4ng kh\u00e1c tr\u00ean c\u00f9ng m\u1ea1ng.<\/li>\n<li><strong>Th\u00e0nh ph\u1ea7n t\u1ef1 \u0111\u1ed9ng ch\u1ea1y:<\/strong> Conficker t\u1ea1o t\u1ec7p autorun.inf \u0111\u1ed9c h\u1ea1i tr\u00ean c\u00e1c thi\u1ebft b\u1ecb l\u01b0u tr\u1eef di \u0111\u1ed9ng, ch\u1eb3ng h\u1ea1n nh\u01b0 \u1ed5 USB, \u0111\u1ec3 t\u1ea1o \u0111i\u1ec1u ki\u1ec7n cho n\u00f3 l\u00e2y lan sang c\u00e1c m\u00e1y t\u00ednh kh\u00e1c khi thi\u1ebft b\u1ecb b\u1ecb nhi\u1ec5m \u0111\u01b0\u1ee3c k\u1ebft n\u1ed1i.<\/li>\n<li><strong>Thu\u1eadt to\u00e1n t\u1ea1o t\u00ean mi\u1ec1n (DGA):<\/strong> \u0110\u1ec3 tr\u00e1nh b\u1ecb ph\u00e1t hi\u1ec7n v\u00e0 g\u1ee1 xu\u1ed1ng, Conficker s\u1eed d\u1ee5ng DGA tinh vi \u0111\u1ec3 t\u1ea1o ra m\u1ed9t s\u1ed1 l\u01b0\u1ee3ng l\u1edbn t\u00ean mi\u1ec1n l\u1ec7nh v\u00e0 ki\u1ec3m so\u00e1t (C&amp;C) ti\u1ec1m n\u0103ng h\u00e0ng ng\u00e0y. N\u00f3 ch\u1ecdn ng\u1eabu nhi\u00ean m\u1ed9t trong c\u00e1c mi\u1ec1n n\u00e0y \u0111\u1ec3 li\u00ean l\u1ea1c v\u1edbi m\u00e1y ch\u1ee7 C&amp;C, khi\u1ebfn vi\u1ec7c theo d\u00f5i v\u00e0 t\u1eaft c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng c\u1ee7a s\u00e2u tr\u1edf n\u00ean kh\u00f3 kh\u0103n.<\/li>\n<li><strong>Truy\u1ec1n th\u00f4ng l\u1ec7nh v\u00e0 \u0111i\u1ec1u khi\u1ec3n (C&amp;C):<\/strong> S\u00e2u s\u1eed d\u1ee5ng c\u00e1c ph\u01b0\u01a1ng th\u1ee9c giao ti\u1ebfp HTTP v\u00e0 P2P \u0111\u1ec3 nh\u1eadn h\u01b0\u1edbng d\u1eabn t\u1eeb ng\u01b0\u1eddi v\u1eadn h\u00e0nh v\u00e0 c\u1eadp nh\u1eadt c\u00e1c th\u00e0nh ph\u1ea7n c\u1ee7a n\u00f3.<\/li>\n<li><strong>Kh\u1ed1i h\u00e0ng:<\/strong> M\u1eb7c d\u00f9 m\u1ee5c \u0111\u00edch ch\u00ednh c\u1ee7a Conficker l\u00e0 t\u1ea1o botnet nh\u01b0ng n\u00f3 c\u0169ng c\u00f3 th\u1ec3 t\u1ea3i xu\u1ed1ng v\u00e0 th\u1ef1c thi c\u00e1c ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i b\u1ed5 sung, ch\u1eb3ng h\u1ea1n nh\u01b0 ph\u1ea7n m\u1ec1m gi\u00e1n \u0111i\u1ec7p, keylogger ho\u1eb7c ransomware tr\u00ean c\u00e1c m\u00e1y b\u1ecb nhi\u1ec5m.<\/li>\n<\/ol>\n<h2>Ph\u00e2n t\u00edch c\u00e1c t\u00ednh n\u0103ng ch\u00ednh c\u1ee7a Conficker.<\/h2>\n<p>C\u00e1c t\u00ednh n\u0103ng ch\u00ednh c\u1ee7a Conficker khi\u1ebfn n\u00f3 tr\u1edf th\u00e0nh m\u1ed1i \u0111e d\u1ecda dai d\u1eb3ng v\u00e0 c\u00f3 kh\u1ea3 n\u0103ng th\u00edch \u1ee9ng cao:<\/p>\n<ul>\n<li><strong>Tuy\u00ean truy\u1ec1n nhanh:<\/strong> Kh\u1ea3 n\u0103ng l\u00e2y lan nhanh ch\u00f3ng c\u1ee7a Conficker th\u00f4ng qua m\u1ea1ng chia s\u1ebb v\u00e0 c\u00e1c thi\u1ebft b\u1ecb l\u01b0u tr\u1eef di \u0111\u1ed9ng cho ph\u00e9p n\u00f3 l\u00e2y nhi\u1ec5m sang nhi\u1ec1u m\u00e1y trong m\u1ed9t th\u1eddi gian ng\u1eafn.<\/li>\n<li><strong>K\u1ef9 thu\u1eadt t\u00e0ng h\u00ecnh:<\/strong> S\u00e2u n\u00e0y s\u1eed d\u1ee5ng nhi\u1ec1u k\u1ef9 thu\u1eadt kh\u00e1c nhau \u0111\u1ec3 tr\u00e1nh b\u1ecb ph\u00e1t hi\u1ec7n b\u1edfi ph\u1ea7n m\u1ec1m b\u1ea3o m\u1eadt v\u00e0 c\u00e1c nh\u00e0 ph\u00e2n t\u00edch b\u1ea3o m\u1eadt, bao g\u1ed3m m\u00e3 h\u00f3a \u0111a h\u00ecnh v\u00e0 DGA tinh vi.<\/li>\n<li><strong>Ch\u1ec9 huy v\u00e0 ki\u1ec3m so\u00e1t m\u1ea1nh m\u1ebd:<\/strong> C\u01a1 s\u1edf h\u1ea1 t\u1ea7ng C&amp;C d\u1ef1a tr\u00ean DGA v\u00e0 giao ti\u1ebfp P2P c\u1ee7a Conficker gi\u00fap n\u00f3 c\u00f3 kh\u1ea3 n\u0103ng ph\u1ee5c h\u1ed3i tr\u01b0\u1edbc c\u00e1c ho\u1ea1t \u0111\u1ed9ng g\u1ee1 xu\u1ed1ng v\u00e0 cho ph\u00e9p nh\u1eadn l\u1ec7nh ngay c\u1ea3 khi m\u1ed9t ph\u1ea7n c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng b\u1ecb v\u00f4 hi\u1ec7u h\u00f3a.<\/li>\n<li><strong>C\u00f3 th\u1ec3 n\u00e2ng c\u1ea5p:<\/strong> C\u1ea5u tr\u00fac m\u00f4-\u0111un c\u1ee7a Conficker cho ph\u00e9p ng\u01b0\u1eddi s\u00e1ng t\u1ea1o c\u1eadp nh\u1eadt c\u00e1c th\u00e0nh ph\u1ea7n c\u1ee7a n\u00f3 ho\u1eb7c cung c\u1ea5p t\u1ea3i tr\u1ecdng m\u1edbi, khi\u1ebfn n\u00f3 tr\u1edf th\u00e0nh m\u1ed1i \u0111e d\u1ecda dai d\u1eb3ng v\u00e0 l\u00e2u d\u00e0i.<\/li>\n<\/ul>\n<h2>C\u00e1c lo\u1ea1i Conficker<\/h2>\n<p>Conficker t\u1ed3n t\u1ea1i \u1edf nhi\u1ec1u bi\u1ebfn th\u1ec3, m\u1ed7i bi\u1ebfn th\u1ec3 c\u00f3 nh\u1eefng \u0111\u1eb7c \u0111i\u1ec3m v\u00e0 kh\u1ea3 n\u0103ng ri\u00eang. B\u1ea3ng sau \u0111\u00e2y t\u00f3m t\u1eaft c\u00e1c bi\u1ebfn th\u1ec3 ch\u00ednh c\u1ee7a Conficker:<\/p>\n<table>\n<thead>\n<tr>\n<th>Kh\u00e1c nhau<\/th>\n<th>B\u00ed danh<\/th>\n<th>\u0110\u1eb7c tr\u01b0ng<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Conficker A<\/td>\n<td>Xu\u1ed1ng l\u00ean<\/td>\n<td>Bi\u1ebfn th\u1ec3 ban \u0111\u1ea7u, \u0111\u01b0\u1ee3c bi\u1ebft \u0111\u1ebfn v\u1edbi t\u1ed1c \u0111\u1ed9 lan truy\u1ec1n nhanh v\u00e0 t\u00e1c \u0111\u1ed9ng cao.<\/td>\n<\/tr>\n<tr>\n<td>Conficker B<\/td>\n<td>t\u1ea3i xu\u1ed1ng<\/td>\n<td>M\u1ed9t bi\u1ebfn th\u1ec3 s\u1eeda \u0111\u1ed5i v\u1edbi c\u00e1c ph\u01b0\u01a1ng ph\u00e1p nh\u00e2n gi\u1ed1ng b\u1ed5 sung.<\/td>\n<\/tr>\n<tr>\n<td>Conficker C<\/td>\n<td>\u0111\u1ee9a tr\u1ebb<\/td>\n<td>M\u1ed9t phi\u00ean b\u1ea3n c\u1eadp nh\u1eadt, khi\u1ebfn vi\u1ec7c ph\u00e1t hi\u1ec7n v\u00e0 lo\u1ea1i b\u1ecf kh\u00f3 kh\u0103n h\u01a1n.<\/td>\n<\/tr>\n<tr>\n<td>Conficker D<\/td>\n<td>\u2014<\/td>\n<td>M\u1ed9t bi\u1ebfn th\u1ec3 ph\u1ee9c t\u1ea1p h\u01a1n v\u1edbi m\u00e3 h\u00f3a n\u00e2ng cao.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>C\u00e1ch s\u1eed d\u1ee5ng Conficker, c\u00e1c v\u1ea5n \u0111\u1ec1 v\u00e0 gi\u1ea3i ph\u00e1p li\u00ean quan \u0111\u1ebfn vi\u1ec7c s\u1eed d\u1ee5ng.<\/h2>\n<p>Vi\u1ec7c s\u1eed d\u1ee5ng Conficker l\u00e0 ho\u00e0n to\u00e0n b\u1ea5t h\u1ee3p ph\u00e1p v\u00e0 phi \u0111\u1ea1o \u0111\u1ee9c. M\u1ee5c \u0111\u00edch ch\u00ednh c\u1ee7a n\u00f3 l\u00e0 t\u1ea1o ra m\u1ed9t m\u1ea1ng botnet c\u00f3 th\u1ec3 b\u1ecb khai th\u00e1c cho nhi\u1ec1u ho\u1ea1t \u0111\u1ed9ng \u0111\u1ed9c h\u1ea1i kh\u00e1c nhau. M\u1ed9t s\u1ed1 c\u00e1ch Conficker b\u1ecb l\u1ea1m d\u1ee5ng bao g\u1ed3m:<\/p>\n<ol>\n<li><strong>T\u1ea5n c\u00f4ng DDoS:<\/strong> Botnet n\u00e0y c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 kh\u1edfi \u0111\u1ed9ng c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng t\u1eeb ch\u1ed1i d\u1ecbch v\u1ee5 ph\u00e2n t\u00e1n (DDoS), l\u00e0m t\u00ea li\u1ec7t c\u00e1c trang web v\u00e0 d\u1ecbch v\u1ee5 tr\u1ef1c tuy\u1ebfn.<\/li>\n<li><strong>Tr\u1ed9m c\u1eafp d\u1eef li\u1ec7u:<\/strong> Conficker c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 \u0111\u00e1nh c\u1eafp th\u00f4ng tin nh\u1ea1y c\u1ea3m, ch\u1eb3ng h\u1ea1n nh\u01b0 d\u1eef li\u1ec7u c\u00e1 nh\u00e2n, th\u00f4ng tin \u0111\u0103ng nh\u1eadp v\u00e0 th\u00f4ng tin t\u00e0i ch\u00ednh.<\/li>\n<li><strong>Ph\u00e2n ph\u1ed1i th\u01b0 r\u00e1c:<\/strong> S\u00e2u n\u00e0y c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 ph\u00e1t t\u00e1n email spam, th\u00fac \u0111\u1ea9y c\u00e1c \u00e2m m\u01b0u l\u1eeba \u0111\u1ea3o ho\u1eb7c c\u00e1c t\u1ec7p \u0111\u00ednh k\u00e8m ch\u1ee9a ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i.<\/li>\n<li><strong>Ph\u00e2n ph\u1ed1i ph\u1ea7n m\u1ec1m t\u1ed1ng ti\u1ec1n:<\/strong> Conficker c\u00f3 th\u1ec3 t\u1ea3i xu\u1ed1ng v\u00e0 th\u1ef1c thi ransomware, m\u00e3 h\u00f3a t\u1ec7p c\u1ee7a n\u1ea1n nh\u00e2n v\u00e0 y\u00eau c\u1ea7u thanh to\u00e1n cho kh\u00f3a gi\u1ea3i m\u00e3.<\/li>\n<\/ol>\n<p>C\u00e1c gi\u1ea3i ph\u00e1p ch\u1ed1ng l\u1ea1i Conficker v\u00e0 c\u00e1c m\u1ed1i \u0111e d\u1ecda t\u01b0\u01a1ng t\u1ef1 li\u00ean quan \u0111\u1ebfn c\u00e1ch ti\u1ebfp c\u1eadn nhi\u1ec1u l\u1edbp:<\/p>\n<ol>\n<li><strong>Lu\u00f4n c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m:<\/strong> Th\u01b0\u1eddng xuy\u00ean c\u1eadp nh\u1eadt h\u1ec7 \u0111i\u1ec1u h\u00e0nh, \u1ee9ng d\u1ee5ng v\u00e0 ph\u1ea7n m\u1ec1m b\u1ea3o m\u1eadt \u0111\u1ec3 v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u00e3 bi\u1ebft.<\/li>\n<li><strong>M\u1eadt kh\u1ea9u m\u1ea1nh:<\/strong> Th\u1ef1c thi m\u1eadt kh\u1ea9u m\u1ea1nh cho t\u1ea5t c\u1ea3 t\u00e0i kho\u1ea3n ng\u01b0\u1eddi d\u00f9ng v\u00e0 \u0111\u1eb7c quy\u1ec1n c\u1ee7a qu\u1ea3n tr\u1ecb vi\u00ean \u0111\u1ec3 ng\u0103n ch\u1eb7n truy c\u1eadp tr\u00e1i ph\u00e9p.<\/li>\n<li><strong>Ph\u00e2n \u0111o\u1ea1n m\u1ea1ng:<\/strong> Ph\u00e2n \u0111o\u1ea1n m\u1ea1ng \u0111\u1ec3 h\u1ea1n ch\u1ebf s\u1ef1 l\u00e2y lan c\u1ee7a s\u00e2u v\u00e0 c\u00e1ch ly c\u00e1c h\u1ec7 th\u1ed1ng b\u1ecb nhi\u1ec5m.<\/li>\n<li><strong>Ph\u1ea7n m\u1ec1m b\u1ea3o m\u1eadt:<\/strong> S\u1eed d\u1ee5ng c\u00e1c gi\u1ea3i ph\u00e1p b\u1ea3o m\u1eadt m\u1ea1nh m\u1ebd c\u00f3 th\u1ec3 ph\u00e1t hi\u1ec7n v\u00e0 ch\u1eb7n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i, bao g\u1ed3m c\u1ea3 s\u00e2u nh\u01b0 Conficker.<\/li>\n<li><strong>Gi\u00e1o d\u1ee5c ng\u01b0\u1eddi d\u00f9ng:<\/strong> Gi\u00e1o d\u1ee5c ng\u01b0\u1eddi d\u00f9ng v\u1ec1 nh\u1eefng r\u1ee7i ro c\u1ee7a c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng k\u1ef9 thu\u1eadt x\u00e3 h\u1ed9i v\u00e0 t\u1ea7m quan tr\u1ecdng c\u1ee7a vi\u1ec7c tr\u00e1nh c\u00e1c li\u00ean k\u1ebft v\u00e0 t\u1ec7p \u0111\u00ednh k\u00e8m email \u0111\u00e1ng ng\u1edd.<\/li>\n<\/ol>\n<h2>C\u00e1c \u0111\u1eb7c \u0111i\u1ec3m ch\u00ednh v\u00e0 c\u00e1c so s\u00e1nh kh\u00e1c v\u1edbi c\u00e1c thu\u1eadt ng\u1eef t\u01b0\u01a1ng t\u1ef1 d\u01b0\u1edbi d\u1ea1ng b\u1ea3ng v\u00e0 danh s\u00e1ch.<\/h2>\n<table>\n<thead>\n<tr>\n<th>\u0111\u1eb7c tr\u01b0ng<\/th>\n<th>conficker<\/th>\n<th>Worm t\u01b0\u01a1ng t\u1ef1<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>M\u1ee5c ti\u00eau ch\u00ednh<\/td>\n<td>H\u1ec7 th\u1ed1ng Windows<\/td>\n<td>H\u1ec7 th\u1ed1ng d\u1ef1a tr\u00ean Windows<\/td>\n<\/tr>\n<tr>\n<td>Ph\u01b0\u01a1ng ph\u00e1p nh\u00e2n gi\u1ed1ng<\/td>\n<td>Khai th\u00e1c l\u1ed7 h\u1ed5ng<\/td>\n<td>Email l\u1eeba \u0111\u1ea3o, trang web \u0111\u1ed9c h\u1ea1i, v.v.<\/td>\n<\/tr>\n<tr>\n<td>Giao ti\u1ebfp<\/td>\n<td>P2P v\u00e0 HTTP<\/td>\n<td>IRC, HTTP ho\u1eb7c giao th\u1ee9c t\u00f9y ch\u1ec9nh<\/td>\n<\/tr>\n<tr>\n<td>Ki\u00ean tr\u00ec<\/td>\n<td>M\u00e3 h\u00f3a n\u00e2ng cao<\/td>\n<td>K\u1ef9 thu\u1eadt rootkit<\/td>\n<\/tr>\n<tr>\n<td>Kh\u1ed1i h\u00e0ng<\/td>\n<td>T\u1ea1o m\u1ed9t m\u1ea1ng botnet<\/td>\n<td>T\u1ea5n c\u00f4ng DDoS, \u0111\u00e1nh c\u1eafp d\u1eef li\u1ec7u, ransomware, v.v.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Tri\u1ec3n v\u1ecdng v\u00e0 c\u00f4ng ngh\u1ec7 t\u01b0\u01a1ng lai li\u00ean quan \u0111\u1ebfn Conficker.<\/h2>\n<p>Khi c\u00f4ng ngh\u1ec7 ph\u00e1t tri\u1ec3n, c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1ea1ng nh\u01b0 Conficker c\u0169ng v\u1eady. T\u01b0\u01a1ng lai c\u00f3 th\u1ec3 t\u1ea1o ra nh\u1eefng lo\u1ea1i s\u00e2u tinh vi h\u01a1n, t\u1eadn d\u1ee5ng tr\u00ed tu\u1ec7 nh\u00e2n t\u1ea1o, h\u1ecdc m\u00e1y v\u00e0 c\u00e1c k\u1ef9 thu\u1eadt ti\u00ean ti\u1ebfn kh\u00e1c \u0111\u1ec3 tr\u00e1nh b\u1ecb ph\u00e1t hi\u1ec7n v\u00e0 l\u00e2y lan hi\u1ec7u qu\u1ea3 h\u01a1n. C\u00e1c nh\u00e0 nghi\u00ean c\u1ee9u v\u00e0 t\u1ed5 ch\u1ee9c an ninh m\u1ea1ng s\u1ebd ti\u1ebfp t\u1ee5c ph\u00e1t tri\u1ec3n c\u00e1c c\u00f4ng c\u1ee5 v\u00e0 chi\u1ebfn l\u01b0\u1ee3c \u0111\u1ed5i m\u1edbi \u0111\u1ec3 ch\u1ed1ng l\u1ea1i c\u00e1c m\u1ed1i \u0111e d\u1ecda n\u00e0y v\u00e0 b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng m\u00e1y t\u00ednh kh\u1ecfi b\u1ecb l\u00e2y nhi\u1ec5m.<\/p>\n<h2>C\u00e1ch s\u1eed d\u1ee5ng ho\u1eb7c li\u00ean k\u1ebft m\u00e1y ch\u1ee7 proxy v\u1edbi Conficker.<\/h2>\n<p>C\u00e1c m\u00e1y ch\u1ee7 proxy c\u00f3 th\u1ec3 v\u00f4 t\u00ecnh \u0111\u00f3ng vai tr\u00f2 trong vi\u1ec7c l\u00e2y lan c\u00e1c lo\u1ea1i s\u00e2u nh\u01b0 Conficker. V\u00ed d\u1ee5:<\/p>\n<ol>\n<li><strong>Ph\u00e2n ph\u1ed1i ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i:<\/strong> C\u00e1c h\u1ec7 th\u1ed1ng b\u1ecb l\u00e2y nhi\u1ec5m trong m\u1ea1ng botnet c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng m\u00e1y ch\u1ee7 proxy \u0111\u1ec3 ph\u00e2n ph\u1ed1i t\u1ea3i tr\u1ecdng \u0111\u1ed9c h\u1ea1i, khi\u1ebfn vi\u1ec7c truy t\u00ecm ngu\u1ed3n tr\u1edf n\u00ean kh\u00f3 kh\u0103n h\u01a1n.<\/li>\n<li><strong>Truy\u1ec1n th\u00f4ng C&amp;C:<\/strong> M\u00e1y ch\u1ee7 proxy c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 chuy\u1ec3n ti\u1ebfp li\u00ean l\u1ea1c gi\u1eefa c\u00e1c m\u00e1y b\u1ecb nhi\u1ec5m v\u00e0 m\u00e1y ch\u1ee7 C&amp;C, che gi\u1ea5u v\u1ecb tr\u00ed c\u1ee7a c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng C&amp;C th\u1ef1c.<\/li>\n<li><strong>Tr\u00e1nh b\u1ecb ph\u00e1t hi\u1ec7n:<\/strong> Conficker c\u00f3 th\u1ec3 s\u1eed d\u1ee5ng m\u00e1y ch\u1ee7 proxy \u0111\u1ec3 v\u01b0\u1ee3t qua c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt d\u1ef1a tr\u00ean IP v\u00e0 tr\u00e1nh b\u1ecb \u0111\u01b0a v\u00e0o danh s\u00e1ch \u0111en.<\/li>\n<\/ol>\n<p>\u0110i\u1ec1u quan tr\u1ecdng \u0111\u1ed1i v\u1edbi c\u00e1c nh\u00e0 cung c\u1ea5p m\u00e1y ch\u1ee7 proxy nh\u01b0 OneProxy l\u00e0 ph\u1ea3i tri\u1ec3n khai c\u00e1c bi\u1ec7n ph\u00e1p b\u1ea3o m\u1eadt nghi\u00eam ng\u1eb7t v\u00e0 gi\u00e1m s\u00e1t c\u01a1 s\u1edf h\u1ea1 t\u1ea7ng c\u1ee7a h\u1ecd \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c t\u00e1c nh\u00e2n \u0111\u1ed9c h\u1ea1i l\u1ea1m d\u1ee5ng. B\u1eb1ng c\u00e1ch duy tr\u00ec c\u00e1c giao th\u1ee9c b\u1ea3o m\u1eadt c\u1eadp nh\u1eadt v\u00e0 s\u1eed d\u1ee5ng th\u00f4ng tin v\u1ec1 m\u1ed1i \u0111e d\u1ecda, c\u00e1c nh\u00e0 cung c\u1ea5p m\u00e1y ch\u1ee7 proxy c\u00f3 th\u1ec3 \u0111\u00f3ng g\u00f3p v\u00e0o m\u1ed9t m\u00f4i tr\u01b0\u1eddng internet an to\u00e0n h\u01a1n.<\/p>\n<h2>Li\u00ean k\u1ebft li\u00ean quan<\/h2>\n<p>\u0110\u1ec3 bi\u1ebft th\u00eam th\u00f4ng tin v\u1ec1 Conficker v\u00e0 an ninh m\u1ea1ng, h\u00e3y xem x\u00e9t c\u00e1c t\u00e0i nguy\u00ean sau:<\/p>\n<ol>\n<li><a href=\"https:\/\/www.microsoft.com\/en-us\/msrc\" target=\"_new\" rel=\"noopener nofollow\">Trung t\u00e2m ph\u1ea3n h\u1ed3i b\u1ea3o m\u1eadt c\u1ee7a Microsoft<\/a><\/li>\n<li><a href=\"https:\/\/www.symantec.com\/security-center\" target=\"_new\" rel=\"noopener nofollow\">Ph\u1ea3n h\u1ed3i b\u1ea3o m\u1eadt c\u1ee7a Symantec<\/a><\/li>\n<li><a href=\"https:\/\/www.us-cert.gov\/\" target=\"_new\" rel=\"noopener nofollow\">US-CERT (Nh\u00f3m s\u1eb5n s\u00e0ng \u1ee9ng ph\u00f3 kh\u1ea9n c\u1ea5p m\u00e1y t\u00ednh c\u1ee7a Hoa K\u1ef3)<\/a><\/li>\n<li><a href=\"https:\/\/www.kaspersky.com\/enterprise-security\/threat-intelligence\" target=\"_new\" rel=\"noopener nofollow\">Th\u00f4ng tin m\u1ed1i \u0111e d\u1ecda c\u1ee7a Kaspersky<\/a><\/li>\n<\/ol>","protected":false},"featured_media":476394,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-476393","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Conficker: A Notorious Worm Exploiting Vulnerabilities<\/mark>","faq_items":[{"question":"What is Conficker?","answer":"Conficker, also known as Downup, Downadup, or Kido, is a malicious computer worm that targets Windows operating systems. It rapidly spreads through networks and creates a botnet, enabling malicious actors to perform various illicit activities."},{"question":"How did Conficker originate?","answer":"Conficker was first detected in November 2008. Its origins and creators remain largely unknown, but it gained widespread attention due to its fast propagation and sophisticated code."},{"question":"How does Conficker spread and operate?","answer":"Conficker spreads by exploiting vulnerabilities in Windows systems, weak passwords, network shares, and removable storage devices like USB drives. It employs advanced encryption and communication techniques to evade detection and maintain communication with its command-and-control servers."},{"question":"What are the key features of Conficker?","answer":"Conficker is known for its rapid spread, stealth techniques, strong command-and-control infrastructure, and upgradeability. Its use of a sophisticated Domain Generation Algorithm (DGA) makes it challenging to track and shut down."},{"question":"Are there different types of Conficker?","answer":"Yes, Conficker exists in several variants with distinct characteristics. Some of the main variants are Conficker A (Downup), Conficker B (Downadup), Conficker C (Kido), and Conficker D."},{"question":"How is Conficker misused, and what are the solutions?","answer":"Conficker is used for DDoS attacks, data theft, spam distribution, and ransomware dissemination. To combat Conficker, it is crucial to keep software updated, enforce strong passwords, segment networks, use robust security software, and educate users about the risks."},{"question":"How does the future look for Conficker and similar threats?","answer":"As technology evolves, cyber threats like Conficker may become more sophisticated. However, cybersecurity researchers will continue to develop advanced tools and strategies to protect against such threats."},{"question":"How are proxy servers associated with Conficker?","answer":"Proxy servers can inadvertently play a role in Conficker's spread by relaying communication and distributing malicious payloads. Proxy server providers, like OneProxy, implement strict security measures to prevent misuse and ensure a safer internet environment."}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/wiki\/476393","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/wiki\/476393\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/media\/476394"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/vn\/wp-json\/wp\/v2\/media?parent=476393"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}