中國黑客準備用ie瀏覽器攻擊美無人機

 

 摩羯王 2012-1-2发帖   A rash of new clues surrounding the Sykipot computer virus having its way with the U.S. drone fleet suggests the malware originated in China, and explains how it has been used.
大量的关于美军无人机群受木马病毒感染的新线索，能解释这些来自中国的恶意程序是如何被使用的。
Mathew J. Schwartz of Information Week reports the virus appears to have been designed with the sole purpose of stealing UAV data using a “zero-day” vulnerability in Adobe Reader.
来自《信息周刊》的Mathew J. Schwartz 报道称，这类病毒被设计出来的唯一目的，就是用“零日漏洞”的攻击方式，通过Adobe Reader软件上的漏洞来窃取无人机上的数据。
A zero-day attack is launched using a vulnerability unknown to a software’s developer and shared among attackers who exploit the fault before a patch is put in place.
零日漏洞攻击技术，是指黑客利用软件开发方还未知的漏洞，在补丁出来修正之前就攻击并共享其数据。
The virus was inserted into the military’s network using infected PDF files and specifically targeted to look for information on the Boeing X-45 unmanned combat air system and the Boeing X-37 orbital vehicle.
该病毒是使用受感染的PDF文件侵入到军用网络的，并专门搜寻关于波音X- 45无人作战飞机系统和波音X – 37空天飞机的信息。
The X-37 recently had its classified mission extended nine months leading to speculation about its orbital activities. China, too, seems to have questions regarding its mission.
This most recent attack seems to have begun in August 2011, but another variant of the Sykipot virus goes back to 2006. The older version used clouded script files, taking advantage of an Internet Explorer vulnerability.
X37最近的机密任务延长九个月，引发了关于它在空天轨道区域活动任务的猜测。中国看起来也很想搞清楚这些。
最近的攻击似乎在2011年8月开始了，但是另一个木马病毒的变种可以追溯到2006年。老版本病毒使用模糊的脚本文件，利用IE浏览器来攻击。
Finally, both versions used servers known as Netbox, 80 percent of which are located in China. This may explain why its documentation and error messages both come up in Mandarin.
最后，这两个版本都是用Netbox服务器发布的，其中80%来自中国。这也许能解释为什么它的文件和错误信息都是编自国语（普通话）。
评论翻译
There is so little info here that it actually hurts.
消息太少了，也不知道到底有多少损失。
the iphone4 jailbreak was also possible thanks to an adobe pdf vulnerability.
iphone4的越狱应该靠的也是AdobePDF的漏洞。
Someone should finally put Adobe out of their misery. It seems to me they are simply unable to ever release any software that has less security holes that a Swiss cheese :-/
看来大家应该将Adobe踢掉，以免再受苦了。就我看来，所有的程序的漏洞都多的想瑞士芝士的洞洞一样多，根本没法全部弥补完。
You couldn't be more wrong. first the iOS doesn't use Adobe Reader or even allow you to install adobe reader on any iDevices. Second the exploit was in libraries in the iOS system. Nothing to do with Adobe. I hate adobe reader since version 9, I use and suggest alternative PDF readers.
你错的不能再错了。首先，iOS系统是不使用AdobeReader的，就算你装了。第二，编程是在iOS系统的函数库里的。没有任何跟Adobe有关系的东西。自从Adobe9开始我就讨厌了，我建议用PDFreaders好过AdobeReader。
Do not blame others for your own incompetency. Hire good software guys to protect your IP, Stupid a**.
不要因为自己的无能而去责怪别人。买个好的软件来保护你自己的IP吧，213。
No I think there is enough information if you are a little tech savvy. All the big Silicon Valley companies employ hundreds of Chinese software Engineers who unbeknownst to them are MOTHERLAND SPIES. They are routinely transfer data and computer code back home. They are smart to trojan some of the most widely used components like flash players or MSWord or Excel because they know most of the Non-Techies in Government or Defence use these products.
As long as White American Silicon Valley Geeks love skinny assless Chinese girls....that got a spy here and she is getting paid too by the same Corporations which she is working against.
我倒是觉得只要你懂点技术就不会觉得信息少了。所有的硅谷大公司招了上百个中国程序猿，他们甚至不知道自己是**间谍。他们经常将数据传回中国。这些家伙很厉害，他们将木马打入一些超级多人用部件软件，如flashplayer,MS的Word/Excel，因为他们知道很多非信息技术行业的政府官员或国防官员会用到他们的软件。直到有一天，那些硅谷宅喜欢苗条性感的中国MM，然后被盗取了信息，而MM则能从雇佣她的公司那里拿大一笔不错的回报。
Using a commercial Operating system for Military components is a big fucking mistake.
I am aghast!!!!!
军事平台使用商业化的操作系统就是T咩的错误，我太震惊了！
If true, i don't believe the US military could be this flawed in security. But honestly i just cannot beilive it
就算是真的，我也不信美军会在安全防范上犯下这样大的疏忽。不过说真的，我就是难以置信而已。
maybe they just wanna be ready in case. you never know when the US army is gonna attack you anymore. friends today, axis of evil tomorrow
也许他们只是想做好准备。你不知道美国军队什么时候会来打你。今天的朋友，明天的邪恶轴心。
Think of the missile defense bases in Europe and Russia's upcoming response.
This is China's response to our surveilling, spying, hacking, cracking, and infecting.
想想欧洲的导弹防御基地与俄国人的回应吧。
这就是中国针对我们监视、间谍、黑客、破坏、渗透行为的回应。
Is it just me or do these things look like Cylon Raiders from Battlestar Gallactica?
是就我觉得，还是这货看来就是太空堡垒卡拉狄加的塞昂战机？