Windows¥«¡¼¥Í¥ë¥â¡¼¥É¥É¥é¥¤¥Ðµ¶Áõ¤¹¤ë¥²¡¼¥à¥Á¡¼¥Èµ»½Ñ¡¢¿·¤¿¤Ê¶¼°Ò¤Ë
Cisco Talos Intelligence Group¤Ï7·î11Æü(Êƹñ»þ´Ö)¡¢¡ÖOld certificate, new signature: Open-source tools forge signature timestamps on Windows drivers¡×¤Ë¤ª¤¤¤Æ¡¢Windows¤Î¥Ý¥ê¥·¡¼¤ÎÈ´¤±·ê¤ò°ÍѤ·¤Æ¥«¡¼¥Í¥ë¥â¡¼¥É¥É¥é¥¤¥Ð¤Î½ð̾¤òµ¶Â¤¤·¡¢Windows¤Î¾ÚÌÀ½ñ¥Ý¥ê¥·¡¼¤ò¥Ð¥¤¥Ñ¥¹¤¹¤ë¶¼°Ò¤ò´Ñ¬¤·¤¿¤ÈÊ󤸤¿¡£
¥ª¡¼¥×¥ó¥½¡¼¥¹¤Î¥Ä¡¼¥ë¤È2015ǯ7·î29Æü°ÊÁ°¤Ë¼º¸ú¤·¤¿¤«¡¢¤Þ¤¿¤Ï¤½¤ì°ÊÁ°¤Ëȯ¹Ô¤µ¤ì¤¿¼º¸ú¤·¤Æ¤¤¤Ê¤¤¾ÚÌÀ½ñ¤ò»È¤Ã¤Æ¡¢°°Õ¤Î¤¢¤ë̤¸¡¾Ú¤Î¥É¥é¥¤¥Ð¤ò¥í¡¼¥É¤Ç¤¤ë¤³¤È¤¬ÌÀ¤é¤«¤Ë¤Ê¤Ã¤¿¡£
Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers
Microsoft¤ÏWindows 10¥Ð¡¼¥¸¥ç¥ó1607°Ê¹ß¡¢¥É¥é¥¤¥Ð½ð̾¥Ý¥ê¥·¡¼¤ò¹¹¿·¤·¡¢Ì¤½ð̾¤Î¿·¤·¤¤¥«¡¼¥Í¥ë¥â¡¼¥É¥É¥é¥¤¥Ð¤òµö²Ä¤·¤Ê¤¤¤è¤¦ÀßÄꤷ¤Æ¤¤¤ë¡£¤¿¤À¤·¤¤¤¯¤Ä¤«¤ÎÎã³°¤¬¤¢¤ê¡¢¸Å¤¤¥É¥é¥¤¥Ð¤Îµ¡Ç½¤È¸ß´¹À¤ò°Ý»ý¤¹¤ë¤¿¤á¡¢2015ǯ7·î29Æü°ÊÁ°¤Ëȯ¹Ô¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ç½ð̾¤µ¤ì¤¿¥É¥é¥¤¥Ð¤ä¡¢¼º¸ú¤·¤Æ¤¤¤Ê¤¤¾ÚÌÀ½ñ¤Ç½ð̾¤µ¤ì¤¿¥É¥é¥¤¥Ð¤Ê¤É¤Ë´Ø¤·¤Æ¤Ïµö²Ä¤¹¤ë¤è¤¦¤Ë¤·¤Æ¤¤¤ë¡£
¤³¤ÎÎã³°¤ò°ÍѤ¹¤ë¤¿¤á¡¢HookSignTool¤ª¤è¤ÓFuckCertVerifyTimeValidity¤È¸Æ¤Ð¤ì¤ë½ð̾¥¿¥¤¥à¥¹¥¿¥ó¥×¤Îµ¶Â¤¤ò²Äǽ¤Ë¤¹¤ë¥ª¡¼¥×¥ó¥½¡¼¥¹¥Ä¡¼¥ë¤¬»È¤ï¤ì¤Æ¤¤¤ë¤³¤È¤¬¤ï¤«¤Ã¤¿¡£¤³¤ì¤é¤Î¥Ä¡¼¥ë¤Ï¤â¤È¤â¤È¤Ï¥²¡¼¥à¥Á¡¼¥È³«È¯¥³¥ß¥å¥Ë¥Æ¥£¤Ç³«È¯¤µ¤ì¤¿¤â¤Î¤Ç¡¢Ê£¿ô¤Î¶¼°Ò¼Ô¤¬¤³¤ì¤é¤Î¥Ä¡¼¥ë¤ò°ÍѤ·¡¢¥²¡¼¥à¥Á¡¼¥È¤È¤Ï̵´Ø·¸¤Ê°°Õ¤Î¤¢¤ëWindows¥É¥é¥¤¥Ð¤òŸ³«¤·¤Æ¤¤¤ë¤³¤È¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£
HookSignTool¤Ï¡¢Windows API¤Ø¤Î¥Õ¥Ã¥¯¤ÈÀµµ¬¤Î¥³¡¼¥É½ð̾¥Ä¡¼¥ë¤Î¥¤¥ó¥Ý¡¼¥È¥Æ¡¼¥Ö¥ë¤Î¼êÆ°Êѹ¹¤òÁȤ߹ç¤ï¤»¤ë¤³¤È¤Ç¡¢½ð̾¥×¥í¥»¥¹Ãæ¤Ë¥É¥é¥¤¥Ð¡¼¤Î½ð̾Æü¤ÎÊѹ¹¤ò²Äǽ¤Ë¤¹¤ë¥É¥é¥¤¥Ð¡¼½ð̾µ¶Â¤¥Ä¡¼¥ë¡£¤â¤È¤â¤È¤Ï2019ǯ¤ËÃæ¹ñ¤Î¥½¥Õ¥È¥¦¥§¥¢¥¯¥é¥Ã¥¥ó¥°¥Õ¥©¡¼¥é¥à¤Ç¸ø³«¤µ¤ì¤¿¤â¤Î¤È¤µ¤ì¡¢2020ǯ°Ê¹ß¤ÏGitHub¤Ç¸ø³«¤µ¤ì¤Æ¤¤¤ë¡£
FuckCertVerifyTimeValidity¤Ï¥²¡¼¥àÉÔÀµ¹Ô°Ù¥½¥Õ¥È¥¦¥§¥¢¤Ë½ð̾¤¹¤ë¤¿¤á¤Ë³«È¯¤µ¤ì¤¿¥É¥é¥¤¥Ð¡¼½ð̾µ¶Â¤¥Ä¡¼¥ë¡£2018ǯ12·î13Æü¤ËGitHub¤Ç¸ø³«¤µ¤ì¤Æ¤ª¤ê¡¢HookSignTool¤Û¤É¤Îµ¡Ç½¤Ïͤ·¤Æ¤¤¤Ê¤¤¤Èɾ²Á¤µ¤ì¤Æ¤¤¤ë¡£
Cisco Talos¤Ï¡¢°°Õ¤Î¤¢¤ë¥É¥é¥¤¥Ð¤ò¥Ò¥å¡¼¥ê¥¹¥Æ¥£¥Ã¥¯¤Ë¸¡½Ð¤¹¤ë¤³¤È¤Ïº¤Æñ¤Ç¤¢¤ê¡¢¥Õ¥¡¥¤¥ë¥Ï¥Ã¥·¥å¤Þ¤¿¤Ï½ð̾¤Ë»ÈÍѤµ¤ì¤¿¾ÚÌÀ½ñ¤Ë´ð¤Å¤¤¤Æ¥Ö¥í¥Ã¥¯¤¹¤ë¤Î¤¬ºÇ¤â¸ú²ÌŪ¤Ç¤¢¤ë¤ÈÀâÌÀ¤·¤Æ¤¤¤ë¡£¤Þ¤¿¡¢Cisco Talos¤¬ÆÀ¤¿¾ðÊó¤Ï¤¹¤Ù¤ÆMicrosoft¤ËÏ¢·È¤µ¤ì¤Æ¤ª¤ê¡¢ÂоݤξÚÌÀ½ñ¤¬¤¹¤Ù¤Æ¥Ö¥í¥Ã¥¯¤µ¤ì¤ë¤È¤È¤â¤Ë¥»¥¥å¥ê¥Æ¥£¥¢¥É¥Ð¥¤¥¶¥ê - ADV230001¤¬¸ø³«¤µ¤ì¤Æ¤¤¤ë¡£
Old certificate, new signature: Open-source tools forge signature timestamps on Windows drivers
Microsoft¤ÏWindows 10¥Ð¡¼¥¸¥ç¥ó1607°Ê¹ß¡¢¥É¥é¥¤¥Ð½ð̾¥Ý¥ê¥·¡¼¤ò¹¹¿·¤·¡¢Ì¤½ð̾¤Î¿·¤·¤¤¥«¡¼¥Í¥ë¥â¡¼¥É¥É¥é¥¤¥Ð¤òµö²Ä¤·¤Ê¤¤¤è¤¦ÀßÄꤷ¤Æ¤¤¤ë¡£¤¿¤À¤·¤¤¤¯¤Ä¤«¤ÎÎã³°¤¬¤¢¤ê¡¢¸Å¤¤¥É¥é¥¤¥Ð¤Îµ¡Ç½¤È¸ß´¹À¤ò°Ý»ý¤¹¤ë¤¿¤á¡¢2015ǯ7·î29Æü°ÊÁ°¤Ëȯ¹Ô¤µ¤ì¤¿¾ÚÌÀ½ñ¤Ç½ð̾¤µ¤ì¤¿¥É¥é¥¤¥Ð¤ä¡¢¼º¸ú¤·¤Æ¤¤¤Ê¤¤¾ÚÌÀ½ñ¤Ç½ð̾¤µ¤ì¤¿¥É¥é¥¤¥Ð¤Ê¤É¤Ë´Ø¤·¤Æ¤Ïµö²Ä¤¹¤ë¤è¤¦¤Ë¤·¤Æ¤¤¤ë¡£
¤³¤ÎÎã³°¤ò°ÍѤ¹¤ë¤¿¤á¡¢HookSignTool¤ª¤è¤ÓFuckCertVerifyTimeValidity¤È¸Æ¤Ð¤ì¤ë½ð̾¥¿¥¤¥à¥¹¥¿¥ó¥×¤Îµ¶Â¤¤ò²Äǽ¤Ë¤¹¤ë¥ª¡¼¥×¥ó¥½¡¼¥¹¥Ä¡¼¥ë¤¬»È¤ï¤ì¤Æ¤¤¤ë¤³¤È¤¬¤ï¤«¤Ã¤¿¡£¤³¤ì¤é¤Î¥Ä¡¼¥ë¤Ï¤â¤È¤â¤È¤Ï¥²¡¼¥à¥Á¡¼¥È³«È¯¥³¥ß¥å¥Ë¥Æ¥£¤Ç³«È¯¤µ¤ì¤¿¤â¤Î¤Ç¡¢Ê£¿ô¤Î¶¼°Ò¼Ô¤¬¤³¤ì¤é¤Î¥Ä¡¼¥ë¤ò°ÍѤ·¡¢¥²¡¼¥à¥Á¡¼¥È¤È¤Ï̵´Ø·¸¤Ê°°Õ¤Î¤¢¤ëWindows¥É¥é¥¤¥Ð¤òŸ³«¤·¤Æ¤¤¤ë¤³¤È¤¬³Îǧ¤µ¤ì¤Æ¤¤¤ë¡£
HookSignTool¤Ï¡¢Windows API¤Ø¤Î¥Õ¥Ã¥¯¤ÈÀµµ¬¤Î¥³¡¼¥É½ð̾¥Ä¡¼¥ë¤Î¥¤¥ó¥Ý¡¼¥È¥Æ¡¼¥Ö¥ë¤Î¼êÆ°Êѹ¹¤òÁȤ߹ç¤ï¤»¤ë¤³¤È¤Ç¡¢½ð̾¥×¥í¥»¥¹Ãæ¤Ë¥É¥é¥¤¥Ð¡¼¤Î½ð̾Æü¤ÎÊѹ¹¤ò²Äǽ¤Ë¤¹¤ë¥É¥é¥¤¥Ð¡¼½ð̾µ¶Â¤¥Ä¡¼¥ë¡£¤â¤È¤â¤È¤Ï2019ǯ¤ËÃæ¹ñ¤Î¥½¥Õ¥È¥¦¥§¥¢¥¯¥é¥Ã¥¥ó¥°¥Õ¥©¡¼¥é¥à¤Ç¸ø³«¤µ¤ì¤¿¤â¤Î¤È¤µ¤ì¡¢2020ǯ°Ê¹ß¤ÏGitHub¤Ç¸ø³«¤µ¤ì¤Æ¤¤¤ë¡£
FuckCertVerifyTimeValidity¤Ï¥²¡¼¥àÉÔÀµ¹Ô°Ù¥½¥Õ¥È¥¦¥§¥¢¤Ë½ð̾¤¹¤ë¤¿¤á¤Ë³«È¯¤µ¤ì¤¿¥É¥é¥¤¥Ð¡¼½ð̾µ¶Â¤¥Ä¡¼¥ë¡£2018ǯ12·î13Æü¤ËGitHub¤Ç¸ø³«¤µ¤ì¤Æ¤ª¤ê¡¢HookSignTool¤Û¤É¤Îµ¡Ç½¤Ïͤ·¤Æ¤¤¤Ê¤¤¤Èɾ²Á¤µ¤ì¤Æ¤¤¤ë¡£
Cisco Talos¤Ï¡¢°°Õ¤Î¤¢¤ë¥É¥é¥¤¥Ð¤ò¥Ò¥å¡¼¥ê¥¹¥Æ¥£¥Ã¥¯¤Ë¸¡½Ð¤¹¤ë¤³¤È¤Ïº¤Æñ¤Ç¤¢¤ê¡¢¥Õ¥¡¥¤¥ë¥Ï¥Ã¥·¥å¤Þ¤¿¤Ï½ð̾¤Ë»ÈÍѤµ¤ì¤¿¾ÚÌÀ½ñ¤Ë´ð¤Å¤¤¤Æ¥Ö¥í¥Ã¥¯¤¹¤ë¤Î¤¬ºÇ¤â¸ú²ÌŪ¤Ç¤¢¤ë¤ÈÀâÌÀ¤·¤Æ¤¤¤ë¡£¤Þ¤¿¡¢Cisco Talos¤¬ÆÀ¤¿¾ðÊó¤Ï¤¹¤Ù¤ÆMicrosoft¤ËÏ¢·È¤µ¤ì¤Æ¤ª¤ê¡¢ÂоݤξÚÌÀ½ñ¤¬¤¹¤Ù¤Æ¥Ö¥í¥Ã¥¯¤µ¤ì¤ë¤È¤È¤â¤Ë¥»¥¥å¥ê¥Æ¥£¥¢¥É¥Ð¥¤¥¶¥ê - ADV230001¤¬¸ø³«¤µ¤ì¤Æ¤¤¤ë¡£