关于部分云主机感染僵尸木马需紧急处置的公告

尊敬的用户

您好

我司刚收到公安部门紧急通知,经权威机构监测到在我司网络中存在部分云主机感染僵尸木马的情况,需立即进行处置清理,现网络安全已上升到国家安全高度,又逢19大前夕,所以事关重大,十分紧急,请以下感染僵尸木马的用户立即对云服务器进行仔细核实,检查有无感染僵尸木马后门程序(可按https://www.west.cn/faq/list.asp?unid=1304教程进行排查),以及是否存在服务器安全漏洞 ,如果没有100%的把握判断服务器是否受到了入侵或感染,则强烈建议立即对服务器进行重装,并做好安全配置,同时我们也会安排工作人员逐一对每个用户、每台服务器进行通知以及核实,若在我司通知发现后,明天上午9时前还未处置,则我司将直接暂停服务器,明天上午是上级部门留给我们的最后时限,事态十分紧急,希望用户万分重视。

此外我们也提醒其它用户。做好服务器的安全防护工作,现在网络安全不仅仅关系到用户自身,甚至已经上升到国家安全的高度,相关部门现也已强势介入,所以请用户务必重视。


对于已感染的服务器,我们强烈建议采用直接重装的办法清除木马或病毒,重装完以后请按以下教程进行安全配置


windows系统服务器安全设置建议(https://www.west.cn/faq/list.asp?unid=853  )所示流程,对服务器进行安全配置

Linux服务器除按https://www.sysgeek.cn/linux-server-security-tips/  所列安全建议进行配置外,请勿使用来历不明或汉化的xshell/winscp/ssh等远程管理软件,并对服务器登录IP进行限制,以免重装后再次被黑


主管部门要求在10月17日10点之前处理完成,请相关用户重装之后,提交工单,注明服务器IP地址和登录密码,我司需要核查有无木马感染,否则我司将按未处理执行强制关机。


希望您能配合,谢谢!



西部数码代理天速互联

2017-10-25



附一:感染XshellGhost的主机列表


XshellGhost威胁描述:


近日,境内外多家安全公司爆料称NetSarang旗下Xmanager和Xshell等产品的多个版本被植入后门代码,由于相关软件在国内程序开发和运维人员中被广泛使用,可能导致大量用户服务器账号密码泄露。主要受影响的系统版本如下:

Xshell 5.0 Build 1322

Xshell 5.0 Build 1325

Xmanager Enterprise 5.0 Build 1232

Xmanager 5.0 Build 1045

Xftp 5.0 Build 1218

Xlpd 5.0 Build 122


感染列表:

118.123.253.151

211.149.209.83


附二:感染Linux"盖茨"木马的主机列表


"盖茨"木马简介

木马主要恶意特点是具备了后门程序,DDoS攻击的能力,并且会替换常用的系统文件进行伪装。木马得名于其在变量函数的命名中大量使用Gates这个单词

感染列表:

211.149.152.128

211.149.200.82

211.149.204.242

211.149.151.176

211.149.167.167

211.149.204.100

211.149.203.83

211.149.204.108

211.149.193.44

211.149.144.195

211.149.201.243

211.149.211.151

211.149.192.61

211.149.145.44

211.149.152.158

211.149.144.198

211.149.150.210

211.149.209.232

211.149.197.80

211.149.219.143

211.149.172.130

211.149.208.204

211.149.152.128

211.149.177.20

211.149.152.192

211.149.154.128

211.149.152.160

211.149.152.136

211.149.144.128

211.149.152.132

211.149.136.128

211.149.153.128

211.149.156.128

211.149.200.18

211.149.24.128

211.149.204.210

211.149.72.82

211.149.200.86

211.149.204.246

211.149.220.242

211.149.199.80

211.149.200.210

211.149.152.0

211.149.206.242

211.149.204.250

211.149.192.106

211.149.196.242

211.149.204.178

211.149.205.242

211.149.152.130

211.149.216.82

211.149.204.114

211.149.76.242

211.149.200.90

211.149.64.61

211.149.152.129

211.149.204.82

211.149.201.82

211.149.200.80

211.149.193.80

211.149.219.135

211.149.192.29

211.149.201.83

211.149.196.80

211.149.205.80

211.149.200.83

211.149.219.83

211.149.204.243

211.149.203.19

211.149.192.53

211.149.194.61

211.149.192.57

211.149.73.243

211.149.200.242

211.149.201.251

211.149.192.189

211.149.208.61

211.149.195.83

211.149.197.208

211.149.39.167

211.149.158.210

211.149.197.112

211.149.201.179

211.149.144.131

211.149.196.61

211.149.220.100

211.149.192.125

211.149.211.143

211.149.232.82

211.149.167.183

211.149.235.83

211.149.204.44

211.149.159.176

211.149.151.144

211.149.146.195

211.149.197.84

211.149.201.247

211.149.151.240

211.149.167.165

211.149.166.167

211.149.167.163

211.149.220.108

211.149.153.158

211.149.163.167

211.149.205.100

211.149.211.215

211.149.76.100

211.149.219.151

211.149.167.39

211.149.183.167

211.149.202.83

211.149.204.96

211.149.152.190

211.149.144.206

211.149.193.61

211.149.167.231

211.149.205.108

211.149.135.167

211.149.201.44

211.149.203.67

211.149.200.61

211.149.204.116

211.149.197.88

211.149.148.210

211.149.149.176

211.149.218.143

211.149.167.175

211.149.200.66

211.149.128.195

211.149.152.30

211.149.145.12

211.149.204.104

211.149.204.240

211.149.135.176

211.149.144.158

211.149.154.158

211.149.195.44

211.149.192.44

211.149.145.195

211.149.219.175

211.149.197.81

211.149.200.100

211.149.209.44

211.149.207.83

211.149.150.176

211.149.146.198

211.149.144.199

211.149.151.160

211.149.208.232

211.149.197.64

211.149.203.115

211.149.24.158

211.149.151.210

211.149.148.195

211.149.147.176

211.149.192.63

211.149.217.143

211.149.205.243

211.149.197.44

211.149.144.67

211.149.217.243

211.149.193.108

211.149.201.242

211.149.223.143

211.149.209.168

211.149.145.198

211.149.144.230

211.149.150.194

211.149.192.60

211.149.16.198

211.149.69.80

211.149.204.228

211.149.206.108

211.149.134.210

211.149.148.198

211.149.150.242

211.149.182.210

211.149.195.151

211.149.156.158

211.149.76.108

211.149.202.82

211.149.201.227

211.149.215.151

211.149.209.151

211.149.149.44

211.149.204.236

211.149.147.44

211.149.193.60

211.149.152.150

211.149.219.15

211.149.197.82

211.149.209.200

211.149.209.224

211.149.203.243

211.149.150.146

211.149.209.236

211.149.219.159

211.149.233.243

211.149.200.243

211.149.144.194

211.149.144.70

211.149.236.100

211.149.144.214

211.149.210.151

211.149.144.227

211.149.211.183

211.149.204.101

211.149.144.196

211.149.204.76

211.149.204.102

211.149.144.44

211.149.144.203

211.149.152.156

211.149.44.130

211.149.209.104

211.149.213.232

211.149.176.198

211.149.204.36

211.149.206.100

211.149.183.176

211.149.145.108

211.149.152.159

211.149.219.139

211.149.91.143

211.149.144.211

211.149.145.60

211.149.211.135

211.149.201.115

211.149.196.108

211.149.16.195

211.149.152.154

附件三:感染Nitol木马主机列表

Nitol家族的是暴风DDoS家族、鬼影DDoS家族的统称,其功能代码是从网上的同一套源码改造而成,某杀软将其统称为Nitol家族

主机列表:

211.149.210.252

211.149.160.205

211.149.188.250

211.149.222.116

211.149.201.184

211.149.182.11

211.149.152.136

211.149.176.77

211.149.159.71

211.149.188.44

211.149.152.128

211.149.192.61

211.149.158.141

211.149.186.111

211.149.152.192

211.149.192.53

211.149.149.149

211.149.219.143

211.149.188.172

211.149.178.205

211.149.152.129

211.149.220.52

211.149.166.144

211.149.149.71

211.149.205.184

211.149.147.16

211.149.223.32

211.149.192.29

211.149.192.57

211.149.149.189

211.149.152.130

211.149.158.13

211.149.151.181

211.149.151.87

211.149.184.242

211.149.152.19

211.149.158.157

211.149.175.144

211.149.158.133

211.149.167.148

211.149.201.188

211.149.207.122

211.149.186.106

211.149.192.203

211.149.146.167

211.149.144.19

211.149.184.250

211.149.222.52

211.149.167.144

211.149.205.241

211.149.205.122

211.149.198.143

211.149.177.40

211.149.222.110

211.149.197.67

211.149.152.109

211.149.152.132

211.149.151.42

211.149.164.223

211.149.176.221

211.149.146.135

211.149.196.61

211.149.193.184

211.149.158.226

211.149.223.52

211.149.144.23

211.149.184.234

211.149.167.146

211.149.168.140

211.149.186.103

211.149.185.250

211.149.146.39

211.149.149.184

211.149.158.159

211.149.149.165

211.149.149.181

211.149.202.178

211.149.150.198

211.149.144.128

211.149.177.205

211.149.152.160

211.149.192.125

211.149.152.69

211.149.184.48

211.149.154.128

211.149.156.128

211.149.150.182

211.149.176.141

211.149.155.96

211.149.193.61

211.149.176.237

211.149.144.205

211.149.192.189

211.149.176.197

211.149.203.184

211.149.219.233

211.149.144.27

211.149.158.137

211.149.215.53

211.149.200.61

211.149.167.176

211.149.147.167

211.149.186.250

211.149.165.144

211.149.146.165

211.149.184.254

211.149.217.184

211.149.176.207

211.149.208.61

211.149.149.53

211.149.192.63

211.149.146.19

211.149.218.247

211.149.215.117

211.149.149.101

211.149.207.155

211.149.209.40

211.149.210.164

211.149.180.205

211.149.210.43

211.149.176.201

211.149.158.205

211.149.184.205

211.149.176.204

211.149.201.176

211.149.148.181

211.149.153.128

211.149.152.0

211.149.64.61

211.149.24.128

211.149.135.71

211.149.194.61

211.149.145.19

211.149.18.167

211.149.201.248

211.149.48.205

211.149.136.128

211.149.128.19

211.149.142.141

211.149.176.205

211.149.151.71

211.149.147.89

211.149.184.140

211.149.147.86

211.149.157.19

211.149.146.183

211.149.151.7

211.149.150.141

211.149.149.177

211.149.184.218

211.149.146.163



附件四:感染Xorddos木马主机列表

此木马因其代码使用xor来隐藏配置信息,被国外某专注于木马分析的网站(http://blog.malwaremustdie.org/2014/09/mmd-0028-2014-fuzzy-reversing-new-china.html)称之为'Linux/XOR.DDoS'

主机列表:


211.149.219.41

211.149.185.106

211.149.211.105

211.149.201.184

211.149.210.109

211.149.152.136

211.149.233.184

211.149.152.128

211.149.187.106

211.149.211.41

211.149.211.121

211.149.152.192

211.149.187.107

211.149.187.234

211.149.201.56

211.149.211.151

211.149.211.107

211.149.147.113

211.149.147.121

211.149.205.184

211.149.179.106

211.149.201.152

211.149.152.130

211.149.147.120

211.149.211.97

211.149.211.104

211.149.152.132

211.149.195.151

211.149.211.183

211.149.171.106

211.149.187.74

211.149.195.105

211.149.211.233

211.149.243.105

211.149.209.105

211.149.156.128

211.149.209.151

211.149.243.151

211.149.211.215

211.149.152.144

211.149.155.121

211.149.154.128

211.149.215.151

211.149.146.121

211.149.217.184

211.149.215.105

211.149.211.109

211.149.147.105

211.149.184.128

211.149.210.151

211.149.83.105

147.149.211.149

211.149.19.121

211.149.153.128

211.149.59.106

211.149.152.0

211.149.24.128

211.149.201.248

211.149.136.128

211.149.210.105

211.149.147.125

211.149.187.42

211.149.145.121

211.149.187.98


附件五:感染feifan_Operation_su0n9a木马主机情况

主机列表:

211.149.146.247

211.149.197.67

211.149.179.52

211.149.203.246


附件六:感染Botnet挖矿机僵尸木马主机列表

主机列表:

211.149.201.84

211.149.146.140

211.149.166.150

211.149.156.223

211.149.197.177

211.149.145.71

211.149.144.56

211.149.152.194

211.149.145.67

211.149.151.161

211.149.149.217

211.149.155.43

211.149.151.89

211.149.180.166

211.149.169.180

211.149.200.102

211.149.159.32

211.149.211.85

211.149.173.29

211.149.167.72

211.149.150.33

211.149.149.33

211.149.150.185

211.149.167.165

211.149.146.32

211.149.150.241

211.149.185.68

211.149.151.145

211.149.152.58

211.149.158.163

211.149.158.3

211.149.167.117

211.149.150.65

211.149.144.120

211.149.158.227

211.149.150.121

211.149.151.73

211.149.145.64

211.149.151.65

211.149.151.97

211.149.150.23

211.149.186.185

211.149.204.237

211.149.201.85

211.149.190.93

211.149.192.237

211.149.201.90

211.149.155.121

211.149.213.157

211.149.163.74

211.149.158.211

211.149.208.32

211.149.187.138

211.149.159.130

211.149.161.91

211.149.219.107

211.149.177.111

211.149.191.5

211.149.145.102

211.149.154.229

211.149.220.229

211.149.178.43

211.149.186.146

211.149.156.121

211.149.175.20

211.149.163.36

211.149.198.117

211.149.202.15

211.149.202.174

211.149.210.179

211.149.159.36

211.149.223.161

211.149.204.51

211.149.213.92

211.149.146.220



附件7:存在木马行为(C&C)主机列表

主机列表:

211.149.144.125

211.149.144.187

211.149.144.26

211.149.144.50

211.149.145.8

211.149.146.130

211.149.146.167

211.149.146.239

211.149.146.243

211.149.146.247

211.149.146.68

211.149.147.121

211.149.147.130

211.149.147.16

211.149.147.19

211.149.147.200

211.149.147.201

211.149.147.204

211.149.147.21

211.149.147.244

211.149.147.4

211.149.147.55

211.149.147.56

211.149.149.160

211.149.149.165

211.149.149.170

211.149.149.181

211.149.149.184

211.149.149.192

211.149.149.22

211.149.150.126

211.149.150.140

211.149.150.198

211.149.150.199

211.149.150.203

211.149.150.21

211.149.150.219

211.149.150.51

211.149.150.57

211.149.150.66

211.149.150.74

211.149.150.77

211.149.150.83

211.149.151.13

211.149.151.156

211.149.151.163

211.149.151.176

211.149.151.253

211.149.151.79

211.149.151.9

211.149.151.91

211.149.152.109

211.149.152.128

211.149.152.158

211.149.152.193

211.149.152.211

211.149.152.231

211.149.155.100

211.149.155.181

211.149.156.181

211.149.156.214

211.149.156.252

211.149.156.29

211.149.156.57

211.149.157.206

211.149.157.77

211.149.158.103

211.149.158.117

211.149.158.137

211.149.158.141

211.149.158.156

211.149.158.170

211.149.158.198

211.149.158.220

211.149.158.239

211.149.158.24

211.149.158.242

211.149.158.26

211.149.158.29

211.149.158.36

211.149.158.37

211.149.158.38

211.149.158.61

211.149.158.72

211.149.158.83

211.149.159.139

211.149.159.176

211.149.159.220

211.149.159.223

211.149.159.231

211.149.159.84

211.149.160.177

211.149.160.182

211.149.160.245

211.149.161.152

211.149.161.50

211.149.162.213

211.149.162.25

211.149.163.174

211.149.163.178

211.149.163.231

211.149.163.81

211.149.164.103

211.149.164.223

211.149.164.224

211.149.164.39

211.149.165.226

211.149.165.67

211.149.165.69

211.149.165.82

211.149.166.117

211.149.166.20

211.149.166.21

211.149.166.251

211.149.167.117

211.149.167.144

211.149.167.155

211.149.167.165

211.149.167.170

211.149.167.172

211.149.167.175

211.149.167.242

211.149.167.44

211.149.167.74

211.149.167.94

211.149.168.20

211.149.168.217

211.149.168.221

211.149.169.134

211.149.169.180

211.149.169.244

211.149.169.84

211.149.170.143

211.149.170.44

211.149.171.121

211.149.171.123

211.149.171.150

211.149.171.209

211.149.171.222

211.149.171.99

211.149.172.130

211.149.172.145

211.149.172.209

211.149.172.250

211.149.172.37

211.149.172.47

211.149.173.15

211.149.173.165

211.149.173.171

211.149.174.117

211.149.174.217

211.149.174.24

211.149.174.244

211.149.175.215

211.149.175.235

211.149.175.71

211.149.176.161

211.149.176.171

211.149.176.175

211.149.176.52

211.149.176.63

211.149.177.159

211.149.177.180

211.149.177.20

211.149.178.156

211.149.179.160

211.149.179.234

211.149.179.4

211.149.179.55

211.149.180.153

211.149.181.143

211.149.181.163

211.149.181.204

211.149.182.233

211.149.183.105

211.149.183.121

211.149.183.146

211.149.183.179

211.149.184.121

211.149.184.141

211.149.184.250

211.149.184.48

211.149.185.122

211.149.185.44

211.149.185.81

211.149.186.146

211.149.186.154

211.149.186.168

211.149.187.106

211.149.187.225

211.149.187.32

211.149.187.8

211.149.187.87

211.149.188.159

211.149.188.172

211.149.188.219

211.149.188.239

211.149.189.131

211.149.189.198

211.149.189.253

211.149.189.75

211.149.191.202

211.149.191.207

211.149.191.216

211.149.191.229

211.149.191.248

211.149.191.45

211.149.191.71

211.149.192.245

211.149.192.66

211.149.193.105

211.149.193.131

211.149.193.217

211.149.193.49

211.149.194.2

211.149.195.101

211.149.195.164

211.149.195.180

211.149.195.213

211.149.196.100

211.149.196.64

211.149.196.81

211.149.196.94

211.149.197.103

211.149.197.34

211.149.197.37

211.149.197.67

211.149.197.80

211.149.198.196

211.149.198.65

211.149.199.202

211.149.199.244

211.149.200.144

211.149.200.201

211.149.200.82

211.149.201.122

211.149.201.15

211.149.201.184

211.149.201.85

211.149.201.95

211.149.202.138

211.149.202.88

211.149.203.128

211.149.203.133

211.149.203.32

211.149.203.61

211.149.203.83

211.149.203.84

211.149.204.108

211.149.204.140

211.149.204.180

211.149.204.242

211.149.204.52

211.149.204.98

211.149.205.161

211.149.205.175

211.149.205.207

211.149.205.236

211.149.205.69

211.149.206.121

211.149.206.211

211.149.206.238

211.149.206.35

211.149.206.6

211.149.207.100

211.149.207.155

211.149.207.167

211.149.207.200

211.149.207.251

211.149.207.62

211.149.207.91

211.149.208.126

211.149.208.131

211.149.208.141

211.149.208.204

211.149.208.43

211.149.209.189

211.149.209.198

211.149.209.238

211.149.209.40

211.149.210.104

211.149.210.178

211.149.210.185

211.149.210.241

211.149.210.252

211.149.210.36

211.149.210.46

211.149.211.105

211.149.211.151

211.149.211.231

211.149.211.246

211.149.211.249

211.149.212.222

211.149.212.225

211.149.212.77

211.149.213.127

211.149.213.199

211.149.213.62

211.149.213.63

211.149.213.90

211.149.213.94

211.149.215.112

211.149.215.114

211.149.215.223

211.149.215.62

211.149.216.137

211.149.217.137

211.149.218.222

211.149.218.247

211.149.219.143

211.149.219.7

211.149.219.77

211.149.220.142

211.149.220.240

211.149.220.43

211.149.220.96

211.149.221.69

211.149.222.218

211.149.222.52

211.149.223.135

211.149.223.207

211.149.223.235


附件八:

存在端口扫描、密码爆破、下载病毒、访问外部木马 等黑客行为的服务器IP列表

请排查服务器是否被入侵或中了病毒

211.149.207.77

211.149.196.248

211.149.183.3

211.149.183.102

211.149.152.126

211.149.155.89

211.149.176.253

211.149.182.197

211.149.213.195

211.149.128.2

211.149.146.254

211.149.147.59

211.149.150.22

211.149.150.60

211.149.157.230

211.149.157.82

211.149.158.15

211.149.158.253

211.149.161.39

211.149.165.228

211.149.165.231

211.149.167.100

211.149.173.182

211.149.173.211

211.149.175.212

211.149.176.15

211.149.178.207

211.149.179.100

211.149.180.5

211.149.181.74

211.149.181.77

211.149.181.89

211.149.182.246

211.149.182.69

211.149.183.191

211.149.184.34

211.149.189.204

211.149.193.70

211.149.194.153

211.149.200.31

211.149.202.189

211.149.202.25

211.149.217.181

211.149.217.224

211.149.227.149

211.149.239.32

211.149.241.209



Top

客服热线

176-2363-8222