尊敬的用户
您好
我司刚收到公安部门紧急通知,经权威机构监测到在我司网络中存在部分云主机感染僵尸木马的情况,需立即进行处置清理,现网络安全已上升到国家安全高度,又逢19大前夕,所以事关重大,十分紧急,请以下感染僵尸木马的用户立即对云服务器进行仔细核实,检查有无感染僵尸木马后门程序(可按https://www.west.cn/faq/list.asp?unid=1304教程进行排查),以及是否存在服务器安全漏洞 ,如果没有100%的把握判断服务器是否受到了入侵或感染,则强烈建议立即对服务器进行重装,并做好安全配置,同时我们也会安排工作人员逐一对每个用户、每台服务器进行通知以及核实,若在我司通知发现后,明天上午9时前还未处置,则我司将直接暂停服务器,明天上午是上级部门留给我们的最后时限,事态十分紧急,希望用户万分重视。
此外我们也提醒其它用户。做好服务器的安全防护工作,现在网络安全不仅仅关系到用户自身,甚至已经上升到国家安全的高度,相关部门现也已强势介入,所以请用户务必重视。
对于已感染的服务器,我们强烈建议采用直接重装的办法清除木马或病毒,重装完以后请按以下教程进行安全配置
windows系统服务器安全设置建议(https://www.west.cn/faq/list.asp?unid=853 )所示流程,对服务器进行安全配置
Linux服务器除按https://www.sysgeek.cn/linux-server-security-tips/ 所列安全建议进行配置外,请勿使用来历不明或汉化的xshell/winscp/ssh等远程管理软件,并对服务器登录IP进行限制,以免重装后再次被黑
主管部门要求在10月17日10点之前处理完成,请相关用户重装之后,提交工单,注明服务器IP地址和登录密码,我司需要核查有无木马感染,否则我司将按未处理执行强制关机。
希望您能配合,谢谢!
西部数码
2017-10-16
附一:感染XshellGhost的主机列表
XshellGhost威胁描述:
近日,境内外多家安全公司爆料称NetSarang旗下Xmanager和Xshell等产品的多个版本被植入后门代码,由于相关软件在国内程序开发和运维人员中被广泛使用,可能导致大量用户服务器账号密码泄露。主要受影响的系统版本如下:
Xshell 5.0 Build 1322
Xshell 5.0 Build 1325
Xmanager Enterprise 5.0 Build 1232
Xmanager 5.0 Build 1045
Xftp 5.0 Build 1218
Xlpd 5.0 Build 122
感染列表:
118.123.253.151
211.149.209.83
附二:感染Linux"盖茨"木马的主机列表
"盖茨"木马简介
木马主要恶意特点是具备了后门程序,DDoS攻击的能力,并且会替换常用的系统文件进行伪装。木马得名于其在变量函数的命名中大量使用Gates这个单词
感染列表:
211.149.152.128
211.149.200.82
211.149.204.242
211.149.151.176
211.149.167.167
211.149.204.100
211.149.203.83
211.149.204.108
211.149.193.44
211.149.144.195
211.149.201.243
211.149.211.151
211.149.192.61
211.149.145.44
211.149.152.158
211.149.144.198
211.149.150.210
211.149.209.232
211.149.197.80
211.149.219.143
211.149.172.130
211.149.208.204
211.149.152.128
211.149.177.20
211.149.152.192
211.149.154.128
211.149.152.160
211.149.152.136
211.149.144.128
211.149.152.132
211.149.136.128
211.149.153.128
211.149.156.128
211.149.200.18
211.149.24.128
211.149.204.210
211.149.72.82
211.149.200.86
211.149.204.246
211.149.220.242
211.149.199.80
211.149.200.210
211.149.152.0
211.149.206.242
211.149.204.250
211.149.192.106
211.149.196.242
211.149.204.178
211.149.205.242
211.149.152.130
211.149.216.82
211.149.204.114
211.149.76.242
211.149.200.90
211.149.64.61
211.149.152.129
211.149.204.82
211.149.201.82
211.149.200.80
211.149.193.80
211.149.219.135
211.149.192.29
211.149.201.83
211.149.196.80
211.149.205.80
211.149.200.83
211.149.219.83
211.149.204.243
211.149.203.19
211.149.192.53
211.149.194.61
211.149.192.57
211.149.73.243
211.149.200.242
211.149.201.251
211.149.192.189
211.149.208.61
211.149.195.83
211.149.197.208
211.149.39.167
211.149.158.210
211.149.197.112
211.149.201.179
211.149.144.131
211.149.196.61
211.149.220.100
211.149.192.125
211.149.211.143
211.149.232.82
211.149.167.183
211.149.235.83
211.149.204.44
211.149.159.176
211.149.151.144
211.149.146.195
211.149.197.84
211.149.201.247
211.149.151.240
211.149.167.165
211.149.166.167
211.149.167.163
211.149.220.108
211.149.153.158
211.149.163.167
211.149.205.100
211.149.211.215
211.149.76.100
211.149.219.151
211.149.167.39
211.149.183.167
211.149.202.83
211.149.204.96
211.149.152.190
211.149.144.206
211.149.193.61
211.149.167.231
211.149.205.108
211.149.135.167
211.149.201.44
211.149.203.67
211.149.200.61
211.149.204.116
211.149.197.88
211.149.148.210
211.149.149.176
211.149.218.143
211.149.167.175
211.149.200.66
211.149.128.195
211.149.152.30
211.149.145.12
211.149.204.104
211.149.204.240
211.149.135.176
211.149.144.158
211.149.154.158
211.149.195.44
211.149.192.44
211.149.145.195
211.149.219.175
211.149.197.81
211.149.200.100
211.149.209.44
211.149.207.83
211.149.150.176
211.149.146.198
211.149.144.199
211.149.151.160
211.149.208.232
211.149.197.64
211.149.203.115
211.149.24.158
211.149.151.210
211.149.148.195
211.149.147.176
211.149.192.63
211.149.217.143
211.149.205.243
211.149.197.44
211.149.144.67
211.149.217.243
211.149.193.108
211.149.201.242
211.149.223.143
211.149.209.168
211.149.145.198
211.149.144.230
211.149.150.194
211.149.192.60
211.149.16.198
211.149.69.80
211.149.204.228
211.149.206.108
211.149.134.210
211.149.148.198
211.149.150.242
211.149.182.210
211.149.195.151
211.149.156.158
211.149.76.108
211.149.202.82
211.149.201.227
211.149.215.151
211.149.209.151
211.149.149.44
211.149.204.236
211.149.147.44
211.149.193.60
211.149.152.150
211.149.219.15
211.149.197.82
211.149.209.200
211.149.209.224
211.149.203.243
211.149.150.146
211.149.209.236
211.149.219.159
211.149.233.243
211.149.200.243
211.149.144.194
211.149.144.70
211.149.236.100
211.149.144.214
211.149.210.151
211.149.144.227
211.149.211.183
211.149.204.101
211.149.144.196
211.149.204.76
211.149.204.102
211.149.144.44
211.149.144.203
211.149.152.156
211.149.44.130
211.149.209.104
211.149.213.232
211.149.176.198
211.149.204.36
211.149.206.100
211.149.183.176
211.149.145.108
211.149.152.159
211.149.219.139
211.149.91.143
211.149.144.211
211.149.145.60
211.149.211.135
211.149.201.115
211.149.196.108
211.149.16.195
211.149.152.154
附件三:感染Nitol木马主机列表
Nitol家族的是暴风DDoS家族、鬼影DDoS家族的统称,其功能代码是从网上的同一套源码改造而成,某杀软将其统称为Nitol家族
主机列表:
211.149.210.252
211.149.160.205
211.149.188.250
211.149.222.116
211.149.201.184
211.149.182.11
211.149.152.136
211.149.176.77
211.149.159.71
211.149.188.44
211.149.152.128
211.149.192.61
211.149.158.141
211.149.186.111
211.149.152.192
211.149.192.53
211.149.149.149
211.149.219.143
211.149.188.172
211.149.178.205
211.149.152.129
211.149.220.52
211.149.166.144
211.149.149.71
211.149.205.184
211.149.147.16
211.149.223.32
211.149.192.29
211.149.192.57
211.149.149.189
211.149.152.130
211.149.158.13
211.149.151.181
211.149.151.87
211.149.184.242
211.149.152.19
211.149.158.157
211.149.175.144
211.149.158.133
211.149.167.148
211.149.201.188
211.149.207.122
211.149.186.106
211.149.192.203
211.149.146.167
211.149.144.19
211.149.184.250
211.149.222.52
211.149.167.144
211.149.205.241
211.149.205.122
211.149.198.143
211.149.177.40
211.149.222.110
211.149.197.67
211.149.152.109
211.149.152.132
211.149.151.42
211.149.164.223
211.149.176.221
211.149.146.135
211.149.196.61
211.149.193.184
211.149.158.226
211.149.223.52
211.149.144.23
211.149.184.234
211.149.167.146
211.149.168.140
211.149.186.103
211.149.185.250
211.149.146.39
211.149.149.184
211.149.158.159
211.149.149.165
211.149.149.181
211.149.202.178
211.149.150.198
211.149.144.128
211.149.177.205
211.149.152.160
211.149.192.125
211.149.152.69
211.149.184.48
211.149.154.128
211.149.156.128
211.149.150.182
211.149.176.141
211.149.155.96
211.149.193.61
211.149.176.237
211.149.144.205
211.149.192.189
211.149.176.197
211.149.203.184
211.149.219.233
211.149.144.27
211.149.158.137
211.149.215.53
211.149.200.61
211.149.167.176
211.149.147.167
211.149.186.250
211.149.165.144
211.149.146.165
211.149.184.254
211.149.217.184
211.149.176.207
211.149.208.61
211.149.149.53
211.149.192.63
211.149.146.19
211.149.218.247
211.149.215.117
211.149.149.101
211.149.207.155
211.149.209.40
211.149.210.164
211.149.180.205
211.149.210.43
211.149.176.201
211.149.158.205
211.149.184.205
211.149.176.204
211.149.201.176
211.149.148.181
211.149.153.128
211.149.152.0
211.149.64.61
211.149.24.128
211.149.135.71
211.149.194.61
211.149.145.19
211.149.18.167
211.149.201.248
211.149.48.205
211.149.136.128
211.149.128.19
211.149.142.141
211.149.176.205
211.149.151.71
211.149.147.89
211.149.184.140
211.149.147.86
211.149.157.19
211.149.146.183
211.149.151.7
211.149.150.141
211.149.149.177
211.149.184.218
211.149.146.163
附件四:感染Xorddos木马主机列表
此木马因其代码使用xor来隐藏配置信息,被国外某专注于木马分析的网站(http://blog.malwaremustdie.org/2014/09/mmd-0028-2014-fuzzy-reversing-new-china.html)称之为'Linux/XOR.DDoS'
主机列表:
211.149.219.41
211.149.185.106
211.149.211.105
211.149.201.184
211.149.210.109
211.149.152.136
211.149.233.184
211.149.152.128
211.149.187.106
211.149.211.41
211.149.211.121
211.149.152.192
211.149.187.107
211.149.187.234
211.149.201.56
211.149.211.151
211.149.211.107
211.149.147.113
211.149.147.121
211.149.205.184
211.149.179.106
211.149.201.152
211.149.152.130
211.149.147.120
211.149.211.97
211.149.211.104
211.149.152.132
211.149.195.151
211.149.211.183
211.149.171.106
211.149.187.74
211.149.195.105
211.149.211.233
211.149.243.105
211.149.209.105
211.149.156.128
211.149.209.151
211.149.243.151
211.149.211.215
211.149.152.144
211.149.155.121
211.149.154.128
211.149.215.151
211.149.146.121
211.149.217.184
211.149.215.105
211.149.211.109
211.149.147.105
211.149.184.128
211.149.210.151
211.149.83.105
147.149.211.149
211.149.19.121
211.149.153.128
211.149.59.106
211.149.152.0
211.149.24.128
211.149.201.248
211.149.136.128
211.149.210.105
211.149.147.125
211.149.187.42
211.149.145.121
211.149.187.98
附件五:感染feifan_Operation_su0n9a木马主机情况
主机列表:
211.149.146.247
211.149.197.67
211.149.179.52
211.149.203.246
附件六:感染Botnet挖矿机僵尸木马主机列表
主机列表:
211.149.201.84
211.149.146.140
211.149.166.150
211.149.156.223
211.149.197.177
211.149.145.71
211.149.144.56
211.149.152.194
211.149.145.67
211.149.151.161
211.149.149.217
211.149.155.43
211.149.151.89
211.149.180.166
211.149.169.180
211.149.200.102
211.149.159.32
211.149.211.85
211.149.173.29
211.149.167.72
211.149.150.33
211.149.149.33
211.149.150.185
211.149.167.165
211.149.146.32
211.149.150.241
211.149.185.68
211.149.151.145
211.149.152.58
211.149.158.163
211.149.158.3
211.149.167.117
211.149.150.65
211.149.144.120
211.149.158.227
211.149.150.121
211.149.151.73
211.149.145.64
211.149.151.65
211.149.151.97
211.149.150.23
211.149.186.185
211.149.204.237
211.149.201.85
211.149.190.93
211.149.192.237
211.149.201.90
211.149.155.121
211.149.213.157
211.149.163.74
211.149.158.211
211.149.208.32
211.149.187.138
211.149.159.130
211.149.161.91
211.149.219.107
211.149.177.111
211.149.191.5
211.149.145.102
211.149.154.229
211.149.220.229
211.149.178.43
211.149.186.146
211.149.156.121
211.149.175.20
211.149.163.36
211.149.198.117
211.149.202.15
211.149.202.174
211.149.210.179
211.149.159.36
211.149.223.161
211.149.204.51
211.149.213.92
211.149.146.220
附件7:存在木马行为(C&C)主机列表
主机列表:
211.149.144.125
211.149.144.187
211.149.144.26
211.149.144.50
211.149.145.8
211.149.146.130
211.149.146.167
211.149.146.239
211.149.146.243
211.149.146.247
211.149.146.68
211.149.147.121
211.149.147.130
211.149.147.16
211.149.147.19
211.149.147.200
211.149.147.201
211.149.147.204
211.149.147.21
211.149.147.244
211.149.147.4
211.149.147.55
211.149.147.56
211.149.149.160
211.149.149.165
211.149.149.170
211.149.149.181
211.149.149.184
211.149.149.192
211.149.149.22
211.149.150.126
211.149.150.140
211.149.150.198
211.149.150.199
211.149.150.203
211.149.150.21
211.149.150.219
211.149.150.51
211.149.150.57
211.149.150.66
211.149.150.74
211.149.150.77
211.149.150.83
211.149.151.13
211.149.151.156
211.149.151.163
211.149.151.176
211.149.151.253
211.149.151.79
211.149.151.9
211.149.151.91
211.149.152.109
211.149.152.128
211.149.152.158
211.149.152.193
211.149.152.211
211.149.152.231
211.149.155.100
211.149.155.181
211.149.156.181
211.149.156.214
211.149.156.252
211.149.156.29
211.149.156.57
211.149.157.206
211.149.157.77
211.149.158.103
211.149.158.117
211.149.158.137
211.149.158.141
211.149.158.156
211.149.158.170
211.149.158.198
211.149.158.220
211.149.158.239
211.149.158.24
211.149.158.242
211.149.158.26
211.149.158.29
211.149.158.36
211.149.158.37
211.149.158.38
211.149.158.61
211.149.158.72
211.149.158.83
211.149.159.139
211.149.159.176
211.149.159.220
211.149.159.223
211.149.159.231
211.149.159.84
211.149.160.177
211.149.160.182
211.149.160.245
211.149.161.152
211.149.161.50
211.149.162.213
211.149.162.25
211.149.163.174
211.149.163.178
211.149.163.231
211.149.163.81
211.149.164.103
211.149.164.223
211.149.164.224
211.149.164.39
211.149.165.226
211.149.165.67
211.149.165.69
211.149.165.82
211.149.166.117
211.149.166.20
211.149.166.21
211.149.166.251
211.149.167.117
211.149.167.144
211.149.167.155
211.149.167.165
211.149.167.170
211.149.167.172
211.149.167.175
211.149.167.242
211.149.167.44
211.149.167.74
211.149.167.94
211.149.168.20
211.149.168.217
211.149.168.221
211.149.169.134
211.149.169.180
211.149.169.244
211.149.169.84
211.149.170.143
211.149.170.44
211.149.171.121
211.149.171.123
211.149.171.150
211.149.171.209
211.149.171.222
211.149.171.99
211.149.172.130
211.149.172.145
211.149.172.209
211.149.172.250
211.149.172.37
211.149.172.47
211.149.173.15
211.149.173.165
211.149.173.171
211.149.174.117
211.149.174.217
211.149.174.24
211.149.174.244
211.149.175.215
211.149.175.235
211.149.175.71
211.149.176.161
211.149.176.171
211.149.176.175
211.149.176.52
211.149.176.63
211.149.177.159
211.149.177.180
211.149.177.20
211.149.178.156
211.149.179.160
211.149.179.234
211.149.179.4
211.149.179.55
211.149.180.153
211.149.181.143
211.149.181.163
211.149.181.204
211.149.182.233
211.149.183.105
211.149.183.121
211.149.183.146
211.149.183.179
211.149.184.121
211.149.184.141
211.149.184.250
211.149.184.48
211.149.185.122
211.149.185.44
211.149.185.81
211.149.186.146
211.149.186.154
211.149.186.168
211.149.187.106
211.149.187.225
211.149.187.32
211.149.187.8
211.149.187.87
211.149.188.159
211.149.188.172
211.149.188.219
211.149.188.239
211.149.189.131
211.149.189.198
211.149.189.253
211.149.189.75
211.149.191.202
211.149.191.207
211.149.191.216
211.149.191.229
211.149.191.248
211.149.191.45
211.149.191.71
211.149.192.245
211.149.192.66
211.149.193.105
211.149.193.131
211.149.193.217
211.149.193.49
211.149.194.2
211.149.195.101
211.149.195.164
211.149.195.180
211.149.195.213
211.149.196.100
211.149.196.64
211.149.196.81
211.149.196.94
211.149.197.103
211.149.197.34
211.149.197.37
211.149.197.67
211.149.197.80
211.149.198.196
211.149.198.65
211.149.199.202
211.149.199.244
211.149.200.144
211.149.200.201
211.149.200.82
211.149.201.122
211.149.201.15
211.149.201.184
211.149.201.85
211.149.201.95
211.149.202.138
211.149.202.88
211.149.203.128
211.149.203.133
211.149.203.32
211.149.203.61
211.149.203.83
211.149.203.84
211.149.204.108
211.149.204.140
211.149.204.180
211.149.204.242
211.149.204.52
211.149.204.98
211.149.205.161
211.149.205.175
211.149.205.207
211.149.205.236
211.149.205.69
211.149.206.121
211.149.206.211
211.149.206.238
211.149.206.35
211.149.206.6
211.149.207.100
211.149.207.155
211.149.207.167
211.149.207.200
211.149.207.251
211.149.207.62
211.149.207.91
211.149.208.126
211.149.208.131
211.149.208.141
211.149.208.204
211.149.208.43
211.149.209.189
211.149.209.198
211.149.209.238
211.149.209.40
211.149.210.104
211.149.210.178
211.149.210.185
211.149.210.241
211.149.210.252
211.149.210.36
211.149.210.46
211.149.211.105
211.149.211.151
211.149.211.231
211.149.211.246
211.149.211.249
211.149.212.222
211.149.212.225
211.149.212.77
211.149.213.127
211.149.213.199
211.149.213.62
211.149.213.63
211.149.213.90
211.149.213.94
211.149.215.112
211.149.215.114
211.149.215.223
211.149.215.62
211.149.216.137
211.149.217.137
211.149.218.222
211.149.218.247
211.149.219.143
211.149.219.7
211.149.219.77
211.149.220.142
211.149.220.240
211.149.220.43
211.149.220.96
211.149.221.69
211.149.222.218
211.149.222.52
211.149.223.135
211.149.223.207
211.149.223.235
附件八:
存在端口扫描、密码爆破、下载病毒、访问外部木马 等黑客行为的服务器IP列表
请排查服务器是否被入侵或中了病毒
211.149.207.77
211.149.196.248
211.149.183.3
211.149.183.102
211.149.152.126
211.149.155.89
211.149.176.253
211.149.182.197
211.149.213.195
211.149.128.2
211.149.146.254
211.149.147.59
211.149.150.22
211.149.150.60
211.149.157.230
211.149.157.82
211.149.158.15
211.149.158.253
211.149.161.39
211.149.165.228
211.149.165.231
211.149.167.100
211.149.173.182
211.149.173.211
211.149.175.212
211.149.176.15
211.149.178.207
211.149.179.100
211.149.180.5
211.149.181.74
211.149.181.77
211.149.181.89
211.149.182.246
211.149.182.69
211.149.183.191
211.149.184.34
211.149.189.204
211.149.193.70
211.149.194.153
211.149.200.31
211.149.202.189
211.149.202.25
211.149.217.181
211.149.217.224
211.149.227.149
211.149.239.32
211.149.241.209
