¥Þ¥ë¥¦¥§¥¢¤Ë´¶À÷¤µ¤»¤ë¿·¤·¤¤¼ê¸ý¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·¤òÂ¥¤¹·Ù¹ð¤ËÃí°Õ
Sucuri¤Ï8·î22Æü(Êƹñ»þ´Ö)¡¢¡ÖWordPress Websites Used to Distribute ClearFake Trojan Malware¡×¤Ë¤ª¤¤¤Æ¡¢¥È¥í¥¤¤ÎÌÚÇϤòÇÛÉÛ¤¹¤ë¡ÖClearFake¡×¥¥ã¥ó¥Ú¡¼¥ó¤ËÁø¶ø¤·¤¿¤È¤·¤Æ¡¢¤½¤Î³µÍפòÅÁ¤¨¤¿¡£ClearFake¥¥ã¥ó¥Ú¡¼¥ó¤Ï2023ǯ7·î¤´¤í¤«¤é³Îǧ¤µ¤ì¤Æ¤¤¤ë¥Þ¥ë¥¦¥§¥¢ÇÛÉÛ¥¥ã¥ó¥Ú¡¼¥ó¤Ç¡¢¸½ºß¤â½¤Àµ¤ò²Ã¤¨¤Ê¤¬¤é¿Ê¹ÔÃæ¤È¤µ¤ì¤ë(»²¹Í¡§¡ÖClearFake Malware Analysis Update | Malware Analysis¡×)¡£
WordPress Websites Used to Distribute ClearFake Trojan Malware
¡û¥Þ¥ë¥¦¥§¥¢¤Ë´¶À÷¤µ¤»¤ë¿·¤¿¤Ê¼êË¡
ClearFake¥¥ã¥ó¥Ú¡¼¥ó¤Ç¤Ï¡¢Web¥Ö¥é¥¦¥¶¾å¤Ëµ¶¤Î·Ù¹ðɽ¼¨¤ò¹Ô¤¤¡¢°°Õ¤Î¤¢¤ë¥¹¥¯¥ê¥×¥È¤ò¥æ¡¼¥¶¡¼¼«¿È¤Ë¼Â¹Ô¤µ¤»¤Æ¥Þ¥ë¥¦¥§¥¢¤Ë´¶À÷¤µ¤»¤ë¡£Åоì½é´ü¤Ïµ¶¤Î¥Ö¥é¥¦¥¶¥¢¥Ã¥×¥Ç¡¼¥È¤òÄÌÃΤ·¡¢¥¹¥¯¥ê¥×¥È¤ò¼Â¹Ô¤µ¤»¤ë¼êË¡¤¬»È¤ï¤ì¤Æ¤¤¤¿¡£
º£²óSucuri¤¬³Îǧ¤·¤¿»ö°Æ¤Ç¤Ï¡¢¡Ö¥ë¡¼¥È¾ÚÌÀ½ñ¡×¤Î¹¹¿·¤¬É¬ÍפȤ¹¤ë·Ù¹ð¥á¥Ã¥»¡¼¥¸¤òɽ¼¨¤·¡¢°°Õ¤Î¤¢¤ë¥¹¥¯¥ê¥×¥È¤Î¼Â¹Ô¤òÍ׵᤹¤ë¤È¤¤¤¦¡£¥ë¡¼¥È¾ÚÌÀ½ñ¤Ïǧ¾Ú¶É¼«¿È¤Ë¤è¤ë¼«¸Ê½ð̾¾ÚÌÀ½ñ¤ÇWeb¥Ö¥é¥¦¥¶¤Ë½é¤á¤«¤éÀßÄꤵ¤ì¤Æ¤ª¤ê¡¢Ä̾ï¤Ï¥æ¡¼¥¶¡¼¤¬¸ÄÊ̤˥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤Ï¤Ê¤¤¡£¤·¤«¤·¤Ê¤¬¤é¡¢Â¿¤¯¤Î¥æ¡¼¥¶¡¼¤Ï¶ñÂÎŪ¤Ê»ÅÁȤߤòÍý²ò¤»¤º¤ËÍøÍѤ·¤Æ¤ª¤ê¡¢·Ù¹ð¤ËÌÕÌÜŪ¤Ë½¾¤¦¥æ¡¼¥¶¡¼¤Ï¤À¤Þ¤µ¤ì¤ë²ÄǽÀ¤¬¤¢¤ë¡£
¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·¤òÍ׵᤹¤ëµ¶¤Î·Ù¹ð¡¡°úÍÑ¡§Sucuri
·Ù¹ð¤Ë½¾¤¤¹¹¿·ÊýË¡¤ò³Îǧ¤¹¤ë¤È¡¢¡ÖCopy¡×¥Ü¥¿¥ó¤ò²¡¤·¤Æ¤«¤é´ÉÍý¼Ô¸¢¸Â¤ÎPowerShell¤òµ¯Æ°¤·¡¢²èÌ̤ò±¦¥¯¥ê¥Ã¥¯¤¹¤ë¤è¤¦¤ËÍ׵ᤵ¤ì¤ë¡£PowerShell¤Î±¦¥¯¥ê¥Ã¥¯¤ÏŽ¤êÉÕ¤±¤ò°ÕÌ£¤·¤Æ¤ª¤ê¡¢±¦¥¯¥ê¥Ã¥¯¤·¤¿½Ö´Ö¤Ë°°Õ¤Î¤¢¤ë¥¹¥¯¥ê¥×¥È¤¬¼Â¹Ô¤µ¤ì¤ë¡£
PowerShell¤òµ¯Æ°¤·±¦¥¯¥ê¥Ã¥¯¤òµá¤á¤ë²èÌÌ¡¡°úÍÑ¡§Sucuri
°°Õ¤Î¤¢¤ë¥¹¥¯¥ê¥×¥È¤ÏPowerShell²èÌ̤òÈóɽ¼¨¤Ë¤·¡¢¥Ð¥Ã¥¯¥°¥é¥¦¥ó¥É¤Ç½èÍý¤ò·Ñ³¤¹¤ë¡£±Ê³À¤Î³ÎÊݤʤɤò½èÍý¤¹¤ë¤È¡¢GitHub¤«¤é¥È¥í¥¤¤ÎÌÚÇϤò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¡£¤³¤Î¥È¥í¥¤¤ÎÌÚÇϤϼçÍפʥ»¥¥å¥ê¥Æ¥£¥½¥ê¥å¡¼¥·¥ç¥ó¤«¤é¸¡½Ð²Äǽ¤À¤È¤¤¤¦¡£
¡û¿¯³²¤µ¤ì¤¿WordPress¥µ¥¤¥È
Sucuri¤Ë¤è¤ë¤È¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·¤òµá¤á¤¿Web¥µ¥¤¥È¤Ï¹¶·â¼Ô¤Ë¿¯³²¤µ¤ì¤¿WordPress¥µ¥¤¥È¤È¤µ¤ì¤ë¡£¹¶·â¼Ô¤Ï²¿¤é¤«¤ÎÊýË¡¤ÇWordPress¥µ¥¤¥È¤Ë¿¯Æþ¤·¡¢42¥«¹ñ¸ì¤ËÂбþ¤·¤¿·Ù¹ðɽ¼¨½èÍý¤òÄɲä·¤¿¤â¤Î¤È¿ä¬¤µ¤ì¤Æ¤¤¤ë¡£Sucuri¤ÏÄɲ䵤줿·Ù¹ðɽ¼¨½èÍý¤ÎÃ椫¤é¥í¥·¥¢¤ÎIP¥¢¥É¥ì¥¹¤òȯ¸«¤·¤Æ¤ª¤ê¡¢¹¶·â¼Ô¤ÎIP¥¢¥É¥ì¥¹¤Î²ÄǽÀ¤¬¤¢¤ë¤È»ØŦ¤·¤Æ¤¤¤ë¡£
¡ûÂкö
Web¥Ö¥é¥¦¥¶¤òÍøÍѤ¹¤ë¾ì¹ç¤Ï¡¢µ¶¤Î·Ù¹ðɽ¼¨¤Î¸ºß¤òǧ¼±¤·¡¢¾ï¤Ë·Ù²ü¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£¤Þ¤¿¡¢Web¥µ¥¤¥È¤Î±¿±Ä¼Ô¤Ï¡¢ÍøÍѤ·¤Æ¤¤¤ë¥½¥Õ¥È¥¦¥§¥¢¡¢¥×¥é¥°¥¤¥ó¡¢¥Æ¡¼¥Þ¤ò¾ï¤ËºÇ¿·¤Î¾õÂ֤˰ݻý¤·¡¢¿¯³²¤ÎÃû¸õ¤¬¤Ê¤¤¤«Äê´üŪ¤ËÄ´ºº¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£¤Þ¤¿¡¢Web¥µ¥¤¥È¤Î¥¢¥«¥¦¥ó¥È¤Ë°ì°Õ¤Ç¶¯ÎϤʥѥ¹¥ï¡¼¥É¤òÀßÄꤷ¡¢²Äǽ¤Ç¤¢¤ì¤Ð¿Í×ÁÇǧ¾Ú(MFA: Multi-Factor Authentication)¤ÎƳÆþ¤È¥¢¥¯¥»¥¹À©¸Â¤ò¼Â»Ü¤¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤Æ¤¤¤ë¡£
¡û¥Þ¥ë¥¦¥§¥¢¤Ë´¶À÷¤µ¤»¤ë¿·¤¿¤Ê¼êË¡
ClearFake¥¥ã¥ó¥Ú¡¼¥ó¤Ç¤Ï¡¢Web¥Ö¥é¥¦¥¶¾å¤Ëµ¶¤Î·Ù¹ðɽ¼¨¤ò¹Ô¤¤¡¢°°Õ¤Î¤¢¤ë¥¹¥¯¥ê¥×¥È¤ò¥æ¡¼¥¶¡¼¼«¿È¤Ë¼Â¹Ô¤µ¤»¤Æ¥Þ¥ë¥¦¥§¥¢¤Ë´¶À÷¤µ¤»¤ë¡£Åоì½é´ü¤Ïµ¶¤Î¥Ö¥é¥¦¥¶¥¢¥Ã¥×¥Ç¡¼¥È¤òÄÌÃΤ·¡¢¥¹¥¯¥ê¥×¥È¤ò¼Â¹Ô¤µ¤»¤ë¼êË¡¤¬»È¤ï¤ì¤Æ¤¤¤¿¡£
º£²óSucuri¤¬³Îǧ¤·¤¿»ö°Æ¤Ç¤Ï¡¢¡Ö¥ë¡¼¥È¾ÚÌÀ½ñ¡×¤Î¹¹¿·¤¬É¬ÍפȤ¹¤ë·Ù¹ð¥á¥Ã¥»¡¼¥¸¤òɽ¼¨¤·¡¢°°Õ¤Î¤¢¤ë¥¹¥¯¥ê¥×¥È¤Î¼Â¹Ô¤òÍ׵᤹¤ë¤È¤¤¤¦¡£¥ë¡¼¥È¾ÚÌÀ½ñ¤Ïǧ¾Ú¶É¼«¿È¤Ë¤è¤ë¼«¸Ê½ð̾¾ÚÌÀ½ñ¤ÇWeb¥Ö¥é¥¦¥¶¤Ë½é¤á¤«¤éÀßÄꤵ¤ì¤Æ¤ª¤ê¡¢Ä̾ï¤Ï¥æ¡¼¥¶¡¼¤¬¸ÄÊ̤˥¢¥Ã¥×¥Ç¡¼¥È¤¹¤ë¤³¤È¤Ï¤Ê¤¤¡£¤·¤«¤·¤Ê¤¬¤é¡¢Â¿¤¯¤Î¥æ¡¼¥¶¡¼¤Ï¶ñÂÎŪ¤Ê»ÅÁȤߤòÍý²ò¤»¤º¤ËÍøÍѤ·¤Æ¤ª¤ê¡¢·Ù¹ð¤ËÌÕÌÜŪ¤Ë½¾¤¦¥æ¡¼¥¶¡¼¤Ï¤À¤Þ¤µ¤ì¤ë²ÄǽÀ¤¬¤¢¤ë¡£
¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·¤òÍ׵᤹¤ëµ¶¤Î·Ù¹ð¡¡°úÍÑ¡§Sucuri
·Ù¹ð¤Ë½¾¤¤¹¹¿·ÊýË¡¤ò³Îǧ¤¹¤ë¤È¡¢¡ÖCopy¡×¥Ü¥¿¥ó¤ò²¡¤·¤Æ¤«¤é´ÉÍý¼Ô¸¢¸Â¤ÎPowerShell¤òµ¯Æ°¤·¡¢²èÌ̤ò±¦¥¯¥ê¥Ã¥¯¤¹¤ë¤è¤¦¤ËÍ׵ᤵ¤ì¤ë¡£PowerShell¤Î±¦¥¯¥ê¥Ã¥¯¤ÏŽ¤êÉÕ¤±¤ò°ÕÌ£¤·¤Æ¤ª¤ê¡¢±¦¥¯¥ê¥Ã¥¯¤·¤¿½Ö´Ö¤Ë°°Õ¤Î¤¢¤ë¥¹¥¯¥ê¥×¥È¤¬¼Â¹Ô¤µ¤ì¤ë¡£
PowerShell¤òµ¯Æ°¤·±¦¥¯¥ê¥Ã¥¯¤òµá¤á¤ë²èÌÌ¡¡°úÍÑ¡§Sucuri
°°Õ¤Î¤¢¤ë¥¹¥¯¥ê¥×¥È¤ÏPowerShell²èÌ̤òÈóɽ¼¨¤Ë¤·¡¢¥Ð¥Ã¥¯¥°¥é¥¦¥ó¥É¤Ç½èÍý¤ò·Ñ³¤¹¤ë¡£±Ê³À¤Î³ÎÊݤʤɤò½èÍý¤¹¤ë¤È¡¢GitHub¤«¤é¥È¥í¥¤¤ÎÌÚÇϤò¥À¥¦¥ó¥í¡¼¥É¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¡£¤³¤Î¥È¥í¥¤¤ÎÌÚÇϤϼçÍפʥ»¥¥å¥ê¥Æ¥£¥½¥ê¥å¡¼¥·¥ç¥ó¤«¤é¸¡½Ð²Äǽ¤À¤È¤¤¤¦¡£
¡û¿¯³²¤µ¤ì¤¿WordPress¥µ¥¤¥È
Sucuri¤Ë¤è¤ë¤È¡¢¥ë¡¼¥È¾ÚÌÀ½ñ¤Î¹¹¿·¤òµá¤á¤¿Web¥µ¥¤¥È¤Ï¹¶·â¼Ô¤Ë¿¯³²¤µ¤ì¤¿WordPress¥µ¥¤¥È¤È¤µ¤ì¤ë¡£¹¶·â¼Ô¤Ï²¿¤é¤«¤ÎÊýË¡¤ÇWordPress¥µ¥¤¥È¤Ë¿¯Æþ¤·¡¢42¥«¹ñ¸ì¤ËÂбþ¤·¤¿·Ù¹ðɽ¼¨½èÍý¤òÄɲä·¤¿¤â¤Î¤È¿ä¬¤µ¤ì¤Æ¤¤¤ë¡£Sucuri¤ÏÄɲ䵤줿·Ù¹ðɽ¼¨½èÍý¤ÎÃ椫¤é¥í¥·¥¢¤ÎIP¥¢¥É¥ì¥¹¤òȯ¸«¤·¤Æ¤ª¤ê¡¢¹¶·â¼Ô¤ÎIP¥¢¥É¥ì¥¹¤Î²ÄǽÀ¤¬¤¢¤ë¤È»ØŦ¤·¤Æ¤¤¤ë¡£
¡ûÂкö
Web¥Ö¥é¥¦¥¶¤òÍøÍѤ¹¤ë¾ì¹ç¤Ï¡¢µ¶¤Î·Ù¹ðɽ¼¨¤Î¸ºß¤òǧ¼±¤·¡¢¾ï¤Ë·Ù²ü¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£¤Þ¤¿¡¢Web¥µ¥¤¥È¤Î±¿±Ä¼Ô¤Ï¡¢ÍøÍѤ·¤Æ¤¤¤ë¥½¥Õ¥È¥¦¥§¥¢¡¢¥×¥é¥°¥¤¥ó¡¢¥Æ¡¼¥Þ¤ò¾ï¤ËºÇ¿·¤Î¾õÂ֤˰ݻý¤·¡¢¿¯³²¤ÎÃû¸õ¤¬¤Ê¤¤¤«Äê´üŪ¤ËÄ´ºº¤¹¤ë¤³¤È¤¬¿ä¾©¤µ¤ì¤Æ¤¤¤ë¡£¤Þ¤¿¡¢Web¥µ¥¤¥È¤Î¥¢¥«¥¦¥ó¥È¤Ë°ì°Õ¤Ç¶¯ÎϤʥѥ¹¥ï¡¼¥É¤òÀßÄꤷ¡¢²Äǽ¤Ç¤¢¤ì¤Ð¿Í×ÁÇǧ¾Ú(MFA: Multi-Factor Authentication)¤ÎƳÆþ¤È¥¢¥¯¥»¥¹À©¸Â¤ò¼Â»Ü¤¹¤ë¤³¤È¤¬Ë¾¤Þ¤ì¤Æ¤¤¤ë¡£