Professional Documents
Culture Documents
1 www.WebSecurityMgz.com
ﺭﻭ ﺩﺭ ﺭﻭﻱ ﺍﻧﻮﺍﻉ ﻫﻜﺮ
ﺷﻜﻞ ٣
ﺑﺴﺘﻪﻫﺎﻱ IRCﺿﺒﻂ ﺷﺪﻩ
ﺩﺭ ﻫﻨﮕﺎﻣـﻲ ﻛﻪ ﻣﻦ ﺍﻣﻴﺪﻭﺍﺭ ﺑﻮﺩﻡ ﺗﺎ ﺍﻃﻼﻋﺎﺕ ﺑﻴﺸﺘﺮﻱ ﺍﺯ ﻗﺒﻴﻞ ﻛﻠﻤﺎﺕ ﺷﻨﺎﺳﻪ ﻭ ﻋﺒﻮﺭ ﻣﻮﺭﺩ ﻧﻴﺎﺯ
ﺑﺮﺍﻱ ﻓﻌﺎﻝ ﻛﺮﺩﻥ ﺍﺳﺐﻫﺎﻱ ﺗﺮﻭﺍﻱ ﺑﺮ ﺭﻭﻱ ﺳﺮﻭﺭ ﺑﺪﺳﺖ ﺁﻭﺭﻡ ،ﻓﺎﻳﻞ ﺗﻮﺩﻩﺍﻱ ﻛﻪ ﺗﻬﻴﻪ ﻛﺮﺩﻩ ﺑﻮﺩﻡ ،ﺗﻬﻲ ﺍﺯ
ﻫـﺮﮔﻮﻧﻪ ﺍﻃﻼﻋﺎﺕ ﻣﻔﻴﺪ ﻭ ﺍﺭﺯﺷﻤﻨﺪﻱ ﺷﺪﻩ ﺑﻮﺩ ،ﺑﻨﺎﺑﺮﺍﻳﻦ ﻣﻦ mIRCﺭﺍ ﺍﺟﺮﺍ ﻛﺮﺩﻩ ﻭ ﺁﻥ ﺭﺍ ﻃﻮﺭﻱ ﺗﻨﻈﻴﻢ
ﻛـﺮﺩﻡ ﻛـﻪ ﺑـﻪ ﺳـﺮﻭﺭ IRCﻣﺸـﻜﻮﻙ ﻣﺘﺼـﻞ ﺷﻮﺩ .ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﺍﺗﺼﺎﻝ ﺑﺮﻗﺮﺍﺭ ﺷﺪ ،ﻣﺸﺨﺺ ﺷﺪ ﻛﻪ ﺍﻳﻦ
ﺳـﺮﻭﺭ ،ﻳﻚ ﺳﺮﻭﺭ ﻋﺎﺩﻱ ﻭ ﻣﻌﻤﻮﻝ ﭼﺖ ﻧﻴﺴﺖ .ﺍﻭﻟﻴﻦ ﻧﻈﺮ ﻣﻦ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﺍﻳﻦ ﺳﺮﻭﺭ ،ﻳﻚ ﺳﺮﻭﺭ IRCﺍﺯ
ﻧـﻮﻉ warezﺑـﻮﺩﻩ ﻭ ﺩﺭ ﺣﻘﻴﻘـﺖ ﺑـﻪ ﻃﻮﺭ ﻣﻌﻤﻮﻝ ﺑﻪ ﻋﻨﻮﺍﻥ ﻳﻚ ﻧﺮﻡ ﺍﻓﺰﺍﺭ ﺗﺤﺖ ﺍﻳﻨﺘﺮﻧﺖ ﺑﺮﺍﻱ ﺗﻌﻮﻳﺾ
ﺍﺗـﺎﻕﻫـﺎ ﻣـﻮﺭﺩ ﺍﺳـﺘﻔﺎﺩﻩ ﻗﺮﺍﺭ ﻣﻲﮔﻴﺮﺩ .ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺳﺘﻮﺭ /Listﻛﺎﻧﺎﻝﻫﺎﻱ ﻋﻤﻮﻣﻲ ﺭﺍ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻡ.
ﻓﻬﺮﺳـﺖ ﮔـﻴﺮﻱ ﺍﺗﺎﻕ ،ﻧﻈﺮﻡ ﺭﺍ ﺗﺎﻳﻴﺪ ﻣﻲﻛﺮﺩ ،ﺍﻣﺎ ﻣﺎﻧﻨﺪ ﺧﻴﻠﻲ ﭼﻴﺰﻫﺎ ﺩﺭ ﺯﻧﺪﮔﻲ ،ﺷﻤﺎ ﻧﻤﻲﺗﻮﺍﻧﻴﺪ ﺩﺭ ﻣﻮﺭﺩ
ﻛﺘﺎﺑﻲ ﺍﺯ ﺭﻭﻱ ﺟﻠﺪ ﺁﻥ ﻧﻈﺮ ﺩﻫﻴﺪ!
2 www.WebSecurityMgz.com
ﺭﻭ ﺩﺭ ﺭﻭﻱ ﺍﻧﻮﺍﻉ ﻫﻜﺮ
ﺑـﺎ ﺍﺳـﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺍﺩﻩﻫـﺎﻱ ﺿﺒﻂ ﺷﺪﻩ ،ﺍﺗــﺎﻗﻲ ﺭﺍ ﻛﻪ ﺑﻪ ﺩﻧﺒﺎﻝ ﺁﻥ ﺑﻮﺩﻡ ،ﺷﻨﺎﺧﺘﻢ )، (#tkworld
ﺑﻨﺎﺑﺮﺍﻳـﻦ ﻋـﺒﺎﺭﺕ /join #tkworldﺭﺍ ﺗﺎﻳـﭗ ﻛﺮﺩﻡ ،ﺍﻣﺎ ﺑﻪ ﻣﻦ ﮔﻔﺘﻪ ﺷﺪ ﻛﻪ ﺑﻪ ﻳﻚ ﻛﻠﻤﻪ ﻋﺒﻮﺭ ﻧﻴﺎﺯ ﺩﺍﺭﻡ.
ﭼـﻨﺪ ﻛﻠﻤـﻪ ﻋـﺒﻮﺭ ﻭﺍﺿـﺢ ﻭ ﺑﺪﻳﻬﻲ ﺭﺍ ﺍﻣﺘﺤﺎﻥ ﻛﺮﺩﻡ ،ﺍﻣﺎ ﺩﺭﺳﺖ ﻧﺒﻮﺩﻧﺪ .ﺩﺭ ﻣﺮﺣﻠﻪ ﺑﻌﺪ ﺳﻌﻲ ﻛﺮﺩﻡ ﺗﺎ ﺑﻪ
#tkworld1ﻛﻪ ﺁﻧﻬﻢ ﺩﺭ ﻓﺎﻳﻞ ﺗﻮﺩﻩ ﻧﺸﺎﻥ ﺩﺍﺩﻩ ﺷﺪﻩ ﺑﻮﺩ ،ﻣﺘﺼﻞ ﺷﻮﻡ .ﻛﺎﺭ ﻛﺮﺩ .ﻣﻦ ﺩﺍﺧﻞ ﺷﺪﻩ ﺑﻮﺩﻡ!
ﻫﻤـﺎﻧﻄﻮﺭﻱ ﻛﻪ ﺍﺯ ﺷﺪﺕ ﻫﻴﺠﺎﻥ ﺧﻮﺷﺤﺎﻝ ﺑﻮﺩﻡ ﻭ ﺑﺎ ﺧﻮﺩﻡ ﻣﻲﺧﻨﺪﻳﺪﻡ ،ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﻟﻴﺴﺖ ﺍﻋﻀﺎﺀ
Loadﺷـﺪ ،ﺧـﻨﺪﻩ ﻣـﻦ ﺳـﺮﻳﻌﺎ ﺑـﻪ ﻳﻚ ﺁﻩ ﻛﻮﺗﺎﻩ )ﺍﺯ ﺭﻭﻱ ﺗﻌﺠﺐ( ﺗﺒﺪﻳﻞ ﺷﺪ ،ﭼﺮﺍ ﻛﻪ ﻓﻬﻤﻴﺪﻡ ﺩﺭ ﺁﻥ ﺍﺗﺎﻕ
ﺻﺪﻫﺎ ﻭ ﺻﺪﻫﺎ ﻧﻔﺮ ﺍﺯ ﻣﺮﺩﻡ ﺩﻳﮕﺮ ﺑﻪ ﻫﻤﺮﺍﻩ ﻣﻦ ﻭﺟﻮﺩ ﺩﺍﺭﻧﺪ.
ﺑـﻪ ﺗﺪﺭﻳـﺞ ﺑـﺮ ﻣـﻦ ﻣﻌﻠـﻮﻡ ﺷـﺪﻩ ﺑﻮﺩ ﻛﻪ ﺳﺮﻭﺭ ﻣﺸﺘﺮﻱ ﻣﻦ ﺗﻨﻬﺎ ﻳﻜﻲ ﺍﺯ ﺻﺪﻫﺎ ﻭ ﺷﺎﻳﺪ ﻫﺰﺍﺭﺍﻥ
ﻛﺎﻣﭙـﻴﻮﺗﺮ ﺁﻟﻮﺩﻩﺍﻱ ﺑﻮﺩ ﻛﻪ ﺑﻪ ﺍﻳﻦ ﺍﺗﺎﻕ ﭼﺖ ﻣﺘﺼﻞ ﺷﺪﻩ ﺑﻮﺩﻧﺪ .ﺷﻮﻛﻪ ﺷﺪﻩ ﺑﻮﺩﻡ .ﺻﻔﺤﻪﻫﺎ ﻳﻜﻲ ﭘﺲ ﺍﺯ
ﺩﻳﮕـﺮﻱ ﭘـﺮ ﺑـﻮﺩ ﺍﺯ ﺷﻨﺎﺳﻪﻫﺎﻱ ﻋﺒﻮﺭ ﻛﻪ ﺍﺯ ﻣﻘﺎﺑﻞ ﭼﺸﻤﺎﻧﻢ ﻋﺒﻮﺭ ﻣﻲﻛﺮﺩﻧﺪ .ﺑﻪ ﻫﻤﺮﺍﻩ ﻫﺮ ﺷﻨﺎﺳﻪ ﻋﺒﻮﺭ
ﻧﺎﻣﻲ ﻭﺟﻮﺩ ﺩﺍﺷﺖ ﻛﻪ ﺑﺎ ﻋﺒﺎﺭﺕ TKﺁﻏﺎﺯ ﺷﺪﻩ ﻭ ﺑﺎ ﻳﻚ ﻋﺒﺎﺭﺕ ﺗﺮﻛﻴﺒﻲ ﺍﻓﺰﺍﻳﺸﻲ ﻣﻨﻈﻢ ﺍﺯ ﺣﺮﻭﻑ ﻭ ﺍﻋﺪﺍﺩ
ﺑـﻪ ﭘﺎﻳـﺎﻥ ﺭﺳﻴﺪﻩ ﺑﻮﺩ .ﻛﻢ ﻛﻢ ﻓﻬﻤﻴﺪﻡ ﻛﻪ ﺳﺮﻭﺭ ﻫﻚ ﺷﺪﻩ ﻣﺸﺘﺮﻱ ﻣﻦ ﺍﺣﺘﻤﺎﻻ ﻳﻜﻲ ﺍﺯ ﺍﻭﻟﻴﻦ ﻗﺮﺑﺎﻧﻴﺎﻥ ﻳﻚ
ﻛﺮﻡ ﺟﺪﻳﺪ ﺍﺳﺖ.
ﻫﻨﮕﺎﻣـﻲ ﻛـﻪ ﻫﻤﭽـﻨﺎﻥ ﺩﺭ ﺍﺗﺎﻕ ﺑﻮﺩﻡ ﺷﺮﻭﻉ ﺑﻪ ﻧﮕﺎﻩ ﻛﺮﺩﻥ ﺑﻪ ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺑﺮﻱ ﻛﺮﺩﻡ ﺗﺎ ﺷﺎﻳﺪ ﺍﺯ
ﺁﻧﻬـﺎ ﭼـﻴﺰ ﺟﺪﻳـﺪﻱ ﺑﺪﺳـﺖ ﺑﻴﺎﻭﺭﻡ .ﻫﻤﺎﻧﻄﻮﺭﻱ ﻛﻪ ﺩﺭ ﺷﻜﻞ ٤ﻣﻲﺑﻴﻨﻴﺪ ،ﺍﻃﻼﻋﺎﺕ ﻛﺎﺭﺑﺮﻱ ﺑﻄﻮﺭ ﺍﺳﺎﺳﻲ
ﻧﺸـﺎﻥ ﻣـﻲﺩﻫـﺪ ﻛـﻪ ﻫـﺮ ﻛﺴـﻲ ﻛﻪ ﺑﺎ ﭼﻨﻴﻦ ﺍﺳﺐ ﺗﺮﻭﺍﻱ IRCﺁﻟﻮﺩﻩ ﺷﺪﻩ ﺍﺳﺖ ،ﺑﺎ ﻧﺎﻣﻲ ﺍﺯ ) Tkbotﻳﺎ
THR34T Krew's botﻛﻪ ﺑﺴﺘﮕﻲ ﺑﻪ ﭼﮕﻮﻧﮕﻲ ﻧﮕﺎﻩ ﺷﻤﺎ ﺑﻪ ﺁﻥ ﺩﺍﺭﺩ( ﺁﻭﺭﺩﻩ ﺷﺪﻩ ﺍﺳﺖ.
3 www.WebSecurityMgz.com
ﺭﻭ ﺩﺭ ﺭﻭﻱ ﺍﻧﻮﺍﻉ ﻫﻜﺮ
ﺷﻜﻞ ٤
ﺍﻃﻼﻋﺎﺕ ﻣﺸﺘﺮﻱ IRC
4 www.WebSecurityMgz.com
ﺭﻭ ﺩﺭ ﺭﻭﻱ ﺍﻧﻮﺍﻉ ﻫﻜﺮ
ﺑـﻪ ﻃـﻮﺭ ﻣﺴﺘﻘﻴﻢ ﺑﺮﺍﻱ ﺍﺳﻢ ﻣﻮﺭﺩ ﻧﻈﺮ ﻓﺮﺳﺘﺎﺩﻩ ﻭ ﺍﺯ ﺍﻭ ﭘﺮﺳﻴﺪﻡ ﻛﻪ ﺍﻭ ﺷﺨﺼﻲ ﺣﻘﻴﻘﻲ ﺍﺳﺖ ﻳﺎ ﻓﻘﻂ ﻳﻚ
botﺩﻳﮕﺮ ﻣﻲﺑﺎﺷﺪ .ﺩﺭ ﻛﻤﺎﻝ ﺗﻌﺠﺐ ﻋﺒﺎﺭﺕ | [][][]|vﺑﻪ ﻋﻨﻮﺍﻥ ﭘﺎﺳﺦ ﻓﺮﺳﺘﺎﺩﻩ ﺷﺪ.
ﺑـﺮﺍﻱ ﺧﻼﺻـﻪ ﻛـﺮﺩﻥ ﺍﻳـﻦ ﺩﺍﺳـﺘﺎﻥ ﻃﻮﻻﻧﻲ ﺑﺎﻳﺪ ﺑﮕﻮﻳﻢ ﻛﻪ ﻣﻜﺎﻟﻤﻪ ﻣﺎ ﺩﺭ ﭼﻨﺪﻳﻦ ﻋﺮﺻﻪ ﺻﻮﺭﺕ
ﮔﺮﻓـﺖ .ﺩﺭ ﺍﺑـﺘﺪﺍ DOOMﺧﻴﻠـﻲ ﻛـﻨﺠﻜﺎﻭ ﺑـﻮﺩ ﺗﺎ ﺑﺪﺍﻧﺪ ﻛﻪ ﻣﻦ ﻛﻴﺴﺘﻢ ،ﭼﮕﻮﻧﻪ ﺁﻧﺠﺎ ﻫﺴﺘﻢ ﻭ ﭼﻪ ﭼﻴﺰﻱ
ﺭﺍﺟـﻊ ﺑﻪ #tkworldﻣﻲﺩﺍﻧﻢ .ﻣﻦ ﺑﻪ ﻋﻨﻮﺍﻥ ﭘﺎﺳﺦ ،ﻧﺴﺨﻪ ﻛﻮﺗﺎﻫﻲ ﺍﺯ ﺁﻧﭽﻪ ﺗﺎ ﺑﻪ ﺣﺎﻝ ﮔﻔﺘﻪ ﺷﺪﻩ ﺭﺍ ﺑﺮﺍﻱ
ﺍﻭ ﮔﻔـﺘﻢ ﻭ ﺳﭙﺲ ﺍﺯ ﺍﻭ ﭘﺮﺳﻴﺪﻡ ﻛﻪ ﺍﻭ ﭼﻪ ﻣﻲﺩﺍﻧﺪ .ﺑﺪﻭﻥ ﻫﻴﭻ ﺗﻌﺠﺒﻲ ،ﺍﻭ ﺩﺭ ﭘﺎﺳﺦ ﺩﺍﺩﻥ ﺧﻴﻠﻲ ﻣﺒﻬﻢ ﺑﻮﺩ،
ﺍﻣﺎ ﭼﻨﺪﻳﻦ ﻟﻘﻤﻪ ﭼﺮﺏ ﻭ ﻧﺮﻡ ﺍﻃﻼﻋﺎﺗﻲ ﺟﺬﺍﺏ ﺭﺍ ﻫﺪﺭ ﺩﺍﺩ!
-ﺍﻭ ﺳﺮﻭﺭ ﭼﺖ ﺭﺍ ﺑﺮﺍﻱ ﻳﻜﻲ ﺍﺯ »ﺩﻭﺳﺘﺎﻥ« ﻧﺼﺐ ﻛﺮﺩﻩ ﺑﻮﺩ.
-ﻛﺮﻡ TKﺑﻪ ﺗﺎﺯﮔﻲ ﺭﻫﺎ ﺷﺪﻩ ﻭ ﺳﺮﻭﺭ ﭼﺖ ﻓﻘﻂ ﺑﻪ ﻣﺪﺕ ﭼﻨﺪﻳﻦ ﺳﺎﻋﺖ onlineﺑﻮﺩﻩ ﺍﺳﺖ.
-ﻛﺮﻡ IRCﺑﻪ ﺻﻮﺭﺕ ﻳﻚ ﺳﺮﻭﻳﺲ ﻧﺼﺐ ﺷﺪﻩ ﺍﺳﺖ.
-ﺳﺎﺧﺘﺎﺭ ﻛﺮﻡ ﺑﺎ ﺑﻬﺮﻩﮔﻴﺮﻱ ﺿﻌﻔﻬﺎﻱ IISﺑﺎﻋﺚ ﮔﺴﺘﺮﺵ ﺁﻥ ﻣﻲﺷﻮﺩ.
-ﺑﺮﻧﺎﻣﻪ IRCﺍﻭ ﺑﺎ ﻋﻨﻮﺍﻥ THr34t IRCﻧﺎﻣﮕﺬﺍﺭﻱ ﺷﺪﻩ ﺍﺳﺖ.
-ﺍﻭ ﻫﻨﻮﺯ ﺩﺭ ﻣﺪﺭﺳﻪ ﺩﺭﺱ ﻣﻲﺧﻮﺍﻧﺪ ﻭ ﺩﺭ ﺍﻧﮕﻠﻴﺲ ﺯﻧﺪﮔﻲ ﻣﻲﻛﻨﺪ )ﺍﺣﺘﻤﺎﻻ ﺩﺭﻭﻍ ﺍﺳﺖ(
ﻣﻜﺎﻟﻤـﻪ ﺩﺭ ﺣـﺪﻭﺩ ﻧـﻴﻢ ﺳـﺎﻋﺖ ﺑـﻪ ﻫﻤﺮﺍﻩ ﺑﺤﺚ ﺑﺮ ﺳﺮ ﻣﻄﺎﻟﺐ ﮔﻮﻧﺎﮔﻮﻥ ﺑﻪ ﻃﻮﻝ ﺍﻧﺠﺎﻣﻴﺪ ،ﺍﻣﺎ ﺩﺭ
ﻧﻬﺎﻳـﺖ ﺑﺎ ﺳﻮﺍﻟﻲ ﺍﺯ ﻃﺮﻑ ﻣﻦ ﺑﻪ ﺍﺗﻤﺎﻡ ﺭﺳﻴﺪ .ﺳﻮﺍﻝ ﻣﻦ ﺍﻳﻦ ﺑﻮﺩ ﻛﻪ ﺁﻳﺎ ﻣﻦ ﻣﻲﺗﻮﺍﻧﻢ ﻳﻚ ﻛﭙﻲ ﺍﺯ ﻓﺎﻳﻞﻫﺎﻱ
ﺍﺳـﺐ ﺗﺮﻭﺍ ﺭﺍ ﺩﺭ ﺍﺧﺘﻴﺎﺭ ﺑﮕﻴﺮﻡ ﻭ ﺁﻳﺎ ﺍﻭ ﻣﻲﺗﻮﺍﻧﺪ ﻛﻠﻤﻪ ﻋﺒﻮﺭ ﺍﺗﺎﻕﻫﺎﻱ #tkworldﺭﺍ ﺑﻪ ﻣﻦ ﺑﺪﻫﺪ؟ ﻫﺮ ﺩﻭ
ﭘﺎﺳـﺦ ﺑﻄـﻮﺭ ﻣﻮﺩﺑﺎﻧـﻪﺍﻱ ﺭﺩ ﺷﺪ ﺍﻣﺎ ﻣﻦ ﺍﻃﻼﻋﺎﺕ ﺯﻳﺎﺩﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻩ ﺑﻮﺩﻡ ﻭ ﻣﻲﺗﻮﺍﻧﺴﺘﻢ ﺑﻪ ﻛﻤﻚ ﺁﻧﻬﺎ
ﺟﺴﺘﺠﻮ ﺑﺮﺍﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﭘﺎﺳﺨﻬﺎﻳﻢ ﺭﺍ ﺷﺮﻭﻉ ﻛﻨﻢ .ﺍﺯ ﺍﺗﺎﻕ Sign Offﻛﺮﺩﻩ ﻭ ﺭﻓﺘﻢ ﺗﺎ ﻛﻤﻲ ﺑﺨﻮﺍﺑﻢ.
5 www.WebSecurityMgz.com
ﺭﻭ ﺩﺭ ﺭﻭﻱ ﺍﻧﻮﺍﻉ ﻫﻜﺮ
ﺷﻜﻞ ٥
ﻧﻤﺎﻳﺶ ﺻﻔﺤﻪ ﺍﺯ ﻧﺼﺐ ﻓﺎﻳﻞ TK1.exe
ﺑﻌـﺪ ﺍﺯ ﺑﺮﺭﺳـﻲ ﺳﻴﺴﺘﻢ ﺑﺮﺍﻱ ﭘﻲ ﺑﺮﺩﻥ ﺑﻪ ﺗﻐﻴﻴﺮﺍﺕ ،ﻣﺘﻮﺟﻪ ﺷﺪﻡ ﻛﻪ ﺑﺎ ﻳﻜﺒﺎﺭ ﺍﺟﺮﺍﻱ ﻓﺎﻳﻞ ،ﻓﺎﻳﻞ
ﻣـﺰﺑﻮﺭ ﺑـﻪ ٣٠ﻓـﺎﻳﻞ ﺗـﺒﺪﻳﻞ ﺷـﺪﻩ ﻭ ﺑﺮﻧﺎﻣﻪﻫﺎ ،ﺗﻨﻈﻴﻤﺎﺕ ﻭ ﺳﺮﻭﻳﺲﻫﺎﻳﻲ ﻛﻪ ﺑﺎ ﻛﺎﻣﭙﻴﻮﺗﺮ ﺷﺮﻭﻉ ﺑﻪ ﻛﺎﺭ
ﻣـﻲﻛﻨـﻨﺪ ﺭﺍ ﺩﺭ ﺑـﺮ ﮔﺮﻓـﺘﻪ ﺍﺳﺖ .ﺍﻳﻦ ﺳﺮﻭﻳﺲﻫﺎ ﻳﻚ ﺑﺮﻧﺎﻣﻪ mIRCﺗﻨﻈﻴﻢ ﺷﺪﻩ ،ﻳﻚ ﺳﺮﻭﺭ Ftpﻭ ﻳﻚ
ﺍﺳﻜﺮﻳﭙﺖ ﭘﻴﭽﻴﺪﻩ IRCﺭﺍ ﺷﺎﻣﻞ ﻣﻲﺷﻮﻧﺪ .ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﻣﻦ ﻓﺎﻳﻞﻫﺎ ﺭﺍ ﻛﻤﻲ ﺩﻗﻴﻖﺗﺮ ﺩﺭ ﺑﺮﻧﺎﻣﻪ NotePad
ﺑﺮﺭﺳـﻲ ﻛـﺮﺩﻡ ،ﻣـﺘﻮﺟﻪ ﺷـﺪﻡ ﻛـﻪ ﺑﺴـﻴﺎﺭﻱ ﺍﺯ ﻓـﺎﻳﻞ ﺑﺼـﻮﺭﺕ ﻣﺘـﻦ ﺳـﺎﺩﻩ ﻭ ﺁﺷـﻜﺎﺭ ﻧﻮﺷﺘﻪ ﺷﺪﻩﺍﻧﺪ.
ﺧﻮﺷﺒﺨﺘﺎﻧﻪ ﺩﺭ ﺩﺍﺧﻞ ﻣﺘﻦﻫﺎ ﺑﺴﺮﻋﺖ ﭼﻨﺪﻳﻦ ﻛﻠﻤﻪ ﺭﻣﺰ ﺭﺍ ﺗﺸﺨﻴﺺ ﺩﺍﺩﻡ.
ﻣـﺮﺣﻠﻪ ﺑﻌـﺪﻱ ﻛـﺎﺭﻡ ﺗﺴـﺖ ﻛـﺮﺩﻥ ﻛﻠﻤـﺎﺕ ﻋـﺒﻮﺭ ﺑـﻮﺩ ،ﺑﻨﺎﺑﺮﺍﻳـﻦ ﺑـﻪ ﺳـﺮﻭﺭ ﭼﺖ ﺑﺎﺯﮔﺸﺘﻢ .ﺑﺎ
ﺧـﻮﺵﺷﺎﻧﺴـﻲ ،ﻳﻜﻲ ﺍﺯ ﻛﻤﺎﺕ ﺭﻣﺰ )ﺧﺼﻮﺻﻲ( ﻛﺎﺭ ﻛﺮﺩ ﻭ ﻣﻦ ﺗﻮﺍﻧﺴﺘﻢ ﺑﻪ ﺍﺗﺎﻕ ﭼﺖ ﻭﺍﺭﺩ ﺷﻮﻡ .ﻫﻨﮕﺎﻣﻲ
ﻛـﻪ ﻭﺍﺭﺩ ﺷـﺪﻡ ،ﻓـﻮﺭﺍ ﺍﺳـﻢ ﻣﺴـﺘﻌﺎﺭ ﺧـﻮﺩ ﺭﺍ ﺗﻐﻴﻴﺮ ﺩﺍﺩﻡ ﺗﺎ ﺷﺒﻴﻪ ﺍﺳﻢﻫﺎﻱ ﺩﻳﮕﺮ ﻛﻪ ﺑﺮ ﺍﺳﺎﺱ ﺍﻟﮕﻮﺭﻳﺘﻢ
ﺳـﺎﺧﺘﻪ ﺷـﺪﻩ ﺑﻮﺩﻧـﺪ ﺑﺎﺷـﺪ )ﻣﺎﻧـﻨﺪ TK^8376ﻭ .(TK-=-887ﺳـﭙﺲ ﺷﺮﻭﻉ ﺑﻪ ﺑﺮﺭﺳﻲ ﺍﺗﺎﻕ ﭼﺖ ﻭ
ﻣﺤﺘﻮﻳﺎﺕ ﺁﻥ ﻧﻤﻮﺩﻡ ﺗﺎ ﺫﺭﻩﺍﻱ ﺍﻃﻼﻋﺎﺕ ﺑﺪﺳﺖ ﺑﻴﺎﻭﺭﻡ.
ﭘـﺲ ﺍﺯ ﭼﻨﺪﻳـﻦ ﺩﻗـﻴﻘﻪ ،ﻣـﺘﻮﺟﻪ ﺷـﺪﻡ ﻛـﻪ ﺗـﻼﺵﻫﺎﻳﻢ ﺑﻴﻬﻮﺩﻩ ﺍﺳﺖ .ﺑﺎ ﺁﻧﻜﻪ ﻣﻲﺗﻮﺍﻧﺴﺘﻢ ﺳﺎﻳﺮ
handleﻫﺎ ﺭﺍ ﺑﺮﺍﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺍﻃﻼﻋﺎﺕ ﻣﻮﺭﺩ ﻛﻨﻜﺎﺵ ﻗﺮﺍﺭ ﺩﻫﻢ ﻭ ﺣﺘﻲ ﻣﻲﺗﻮﺍﻧﺴﺘﻢ ﺁﺩﺭﺱ IPﺁﻧﻬﺎ ﺭﺍ
6 www.WebSecurityMgz.com
ﺭﻭ ﺩﺭ ﺭﻭﻱ ﺍﻧﻮﺍﻉ ﻫﻜﺮ
ﺑـﻪ ﻛﻤـﻚ ﺍﺳﻜﻦ ﭘﻮﺭﺕ Subnetﺁﻧﻬﺎ ﺑﺮ ﺭﻭﻱ ﭘﻮﺭﺕ ) 1297ﭘﻮﺭﺕ ﺍﺳﺐ ﺗﺮﻭﺍ( ﺑﻪ ﺩﺳﺖ ﺁﻭﺭﻡ ،ﺍﻣﺎ ﻗﺎﺩﺭ ﺑﻪ
ﺩﺭﻳﺎﻓﺖ ﻫﻴﭻ ﭘﺎﺳﺨﻲ ﺍﺯ ﺍﺗﺎﻕ ﻧﺒﻮﺩﻡ .ﮔﺎﻡ ﺑﻌﺪﻱ ﺑﺎﺯﮔﺸﺖ ﺑﻪ ﺳﻴﺴﺘﻢ ﻭﻳﻨﺪﻭﺯ ٢٠٠٠ﺁﻟﻮﺩﻩﺍﻡ ﺑﺮﺍﻱ ﺑﺮﺭﺳﻲ
ﻓﺎﻳﻠﻬﺎﻱ ﺑﻴﺸﺘﺮﻱ ﺑﻮﺩ .
ﺑﺎ ﻓﺎﻳﻠﻲ ﻛﻪ ﺍﺳﻜﺮﻳﭙﺖ IRCﺭﺍ ﺩﺭﺑﺮﮔﺮﻓﺘﻪ ﺑﻮﺩ ﻭ ﺑﻪ ﺗﺼﻮﺭ ﻣﻦ botﻫﺎﻱ IRCﺭﺍ ﻛﻨﺘﺮﻝ ﻣﻲﻛﺮﺩ،
ﺷـﺮﻭﻉ ﻛـﺮﺩﻡ .ﺍﺳـﻜﺮﻳﭙﺖ ﺭﺍ ﺍﺳﻜﻦ ﻛﺮﺩﻩ ﻭ ﺑﻪ ﺍﻳﻦ ﻧﺘﻴﺠﻪ ﺭﺳﻴﺪﻡ ﻛﻪ ﺍﺳﻜﺮﻳﭙﺖ ﻭ ﻳﻚ ﺳﺮﻭﺭ ﺗﻘﻮﻳﺖﻛﻨﻨﺪﻩ
IRCﻛـﻪ ﺑـﺮ ﺭﻭﻱ ﭘـﻮﺭﺕ 1297ﺑﺎﺯ ﺷﺪﻩ ﺍﺳﺖ ،ﻣﺘﻬﻢ ﺍﺻﻠﻲ IRC botﻣﻲﺑﺎﺷﻨﺪ .ﺑﺮﺍﻱ ﺍﺛﺒﺎﺕ ﺍﻳﻦ ﻧﻈﺮ،
ﺑﺮﺭﺳـﻲ ﺍﺳﻜﺮﻳﭙﺖ ﺭﺍ ﺑﺎ ﺩﺳﺘﻮﺭﻱ ﺷﺮﻭﻉ ﻛﺮﺩﻡ ﻛﻪ ﻣﻲﺗﻮﺍﻧﺴﺘﻢ ﺍﺯ ﺁﻥ ﺑﺮﺍﻱ ﺗﺴﺖ ﺳﺎﻳﺮ Tkbotﻫﺎﻳﻲ ﻛﻪ
ﺩﺭ ﺍﺗﺎﻕ ﭼﺖ ﻣﺤﺮﻣﺎﻧﻪ ﺑﺎ ﻣﻦ ﺑﻮﺩﻧﺪ ،ﺍﺳﺘﻔﺎﺩﻩ ﻛﻨﻢ .ﺩﺭ ﻛﻤﺎﻝ ﺩﻟﺴﺮﺩﻱ ﺧﻂ ﺯﻳﺮ ﺭﺍ ﺩﺭ ﺩﺳﺘﻮﺭﺍﺕ ﭘﻴﺪﺍ ﻛﺮﺩﻡ.
} if ($level($address($nick,9)) != 100) { halt
ﺑـﻪ ﻋـﺒﺎﺭﺕ ﺩﻳﮕـﺮ ﺗـﺎ ﺯﻣﺎﻧـﻲ ﻛـﻪ ﻣﻦ ﺍﭘﺮﺍﺗﻮﺭﻱ ﺍﺯ ﺳﺮﻭﺭ ﺑﻮﺩﻡ ،ﺍﺯ ﻗﺪﺭﺕ ﻓﺮﻣﺎﻥ ﺩﺍﺩﻥ ﺑﻪ botﻫﺎ
ﺑـﺮﺧﻮﺭﺩﺍﺭ ﻧـﺒﻮﺩﻡ .ﮔـﺮﭼﻪ ﺍﻳـﻦ ﻛﻤـﻲ ﺑﺪﺷﺎﻧﺴﻲ ﺑﺮﺍﻱ ﻣﻦ ﺑﻮﺩ ،ﺍﻣﺎ ﺑﺎﻳﺪ ﻣﻲﭘﺬﻳﺮﻓﺘﻢ ﻛﻪ ﺍﻳﻦ ﻛﺎﺭ ﺗﺼﻤﻴﻤﻲ
ﻋﺎﻗﻼﻧـﻪ ﺍﺯ ﺟﺎﻧـﺐ ﻧﻮﻳﺴـﻨﺪﻩ ﺍﺳـﻜﺮﻳﭙﺖ ﺑـﻮﺩﻩ ﺍﺳـﺖ .ﻣﻨﻈﻮﺭﻡ ﺍﻳﻦ ﺍﺳﺖ ﻛﻪ ﺩﺭ ﻧﺒﻮﺩ ﭼﻨﻴﻦ ﺩﺳﺘﻮﺭﻱ ﺩﺭ
ﺻﻮﺭﺗﻲ ﻛﻪ ﻣﻦ ﺻﺎﺣﺐ ١٠٠٠ﻛﺎﻣﭙﻴﻮﺗﺮ ﺑﻮﺩﻡ ،ﻣﻲﺗﻮﺍﻧﺴﺘﻢ ﺍﻧﻮﺍﻉ ﺑﺴﻴﺎﺭ ﺯﻳﺎﺩﻱ ﺍﺯ ﻣﺸﻜﻼﺕ ﺭﺍ ﻓﺮﺍﻫﻢ ﻛﻨﻢ.
ﺑـﺎ ﻫﻤـﻪ ﺍﻳـﻦ ﺍﺣـﻮﺍﻝ ،ﺩﺭ ﺍﺩﺍﻣـﻪ ﺗﺼـﻤﻴﻢ ﮔﺮﻓﺘﻢ ﺗﺎ ﻗﺪﺭﺕ ﺍﺳﻜﺮﻳﭙﺖ ﺭﺍ ﺩﺭ ﻳﻚ ﻣﺤﻴﻂ ﻛﻨﺘﺮﻝ ﺷﺪﻩ
ﺑﺮﺭﺳﻲ ﻛﻨﻢ .ﺑﺮﺍﻱ ﺍﻧﺠﺎﻡ ﺍﻳﻦ ﻛﺎﺭ ،ﺍﺳﻜﺮﻳﭙﺖ ﺭﺍ ﺩﺭ mIRCﺑﺎﻻ ﺁﻭﺭﺩﻩ ،ﺗﻤﺎﻡ ﻣﺤﺪﻭﺩﻳﺖﻫﺎ ﺭﺍ ﻭﻳﺮﺍﻳﺶ ﻛﺮﺩﻩ
ﻭ ﺩﺳـﺘﻮﺭﺍﺕ ﺧـﻮﺩ ﺭﺍ ﺟﺎﻳﮕﺰﻳـﻦ ﺁﻧﻬـﺎ ﻛـﺮﺩﻡ .ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﺍﺳﻜﺮﻳﭙﺖ ﺭﺍ ﺍﺟﺮﺍ ﻛﺮﺩﻡ ﺑﻪ ﺳﺮﻭﺭ IRCﺩﻳﮕﺮﻱ
ﻣﺘﺼﻞ ﺷﺪﻩ ﻭ ﺍﺗﺎﻕ ﭼﺖ ﺷﺨﺼﻲ ﺧﻮﺩ ﺭﺍ ﺑﻮﺟﻮﺩ ﺁﻭﺭﺩﻡ.
ﺑﻌﺪ ﺍﺯ ﭼﻨﺪﻳﻦ ﺩﻗﻴﻘﻪ ﺍﺷﻜﺎﻝ ﺯﺩﺍﻳﻲ ﺍﺳﻜﺮﻳﭙﺖ ﻣﻦ ﺍﻳﺠﺎﺩ ﺷﺪﻩ ﺑﻮﺩ.
ﺩﺭ ﻃـﻲ ﺍﻳـﻦ ﻛﻨﻜﺎﺵ ﻣﺘﻮﺟﻪ ﺷﺪﻡ ﻛﻪ ﺳﺎﺯﻧﺪﻩ ﺍﺳﻜﺮﻳﭙﺖ ﺍﻳﻦ ﺍﺳﺐ ﺗﺮﻭﺍ ،ﻛﺎﺭﻱ ﺑﺴﻴﺎﺭ ﻋﺎﻟﻲ ﺑﺮﺍﻱ
ﺗﻮﻟﻴﺪ ﻋﻤﺪﻩ ﻳﻚ ﺑﺮﻧﺎﻣﻪ ﺑﺴﻴﺎﺭ ﻗﺪﺭﺗﻤﻨﺪ ﻛﻨﺘﺮﻝ ﺍﺯ ﺭﺍﻩ ﺩﻭﺭ ﺍﻧﺠﺎﻡ ﺩﺍﺩﻩ ﺍﺳﺖ .ﺑﺎ ﺍﺳﺘﻔﺎﺩﻩ ﺍﺯ ﺩﺳﺘﻮﺭﺍﺕ ﺳﺎﺩﻩ
ﻳـﻚ ﺗﺎ ﭼﻬﺎﺭ ﺣﺮﻓﻲ ،ﻳﻚ ﺷﺨﺺ ﻗﺎﺩﺭ ﺷﺪﻩ ﺍﺳﺖ ﻛﻪ ﻳﻚ ﻛﺎﻣﭙﻴﻮﺗﺮ ﺭﺍ ﺑﺮﺍﻱ ﺑﺪﺳﺖ ﺁﻭﺭﺩﻥ ﺍﻃﻼﻋﺎﺕ ﺁﻣﺎﺭﻱ،
Uploadﻭ Downloadﻛـﺮﺩﻥ ﻓـﺎﻳﻞﻫـﺎ ،ﺍﺟـﺮﺍﻱ ﺑـﺮﻧﺎﻣﻪﻫـﺎ ﺑﺮ ﺭﻭﻱ ﺳﺮﻭﺭﻫﺎﻱ ﺩﺭ ﺣﺎﻝ ﻛﻨﺘﺮﻝ ﻭ ﺣﺘﻲ
ﻓـﺮﻣﺎﻥﺩﻫـﻲ ﺑـﻪ ﺳـﺮﻭﺭ ﺑﺮﺍﻱ ﺟﺴﺘﺠﻮﻱ ﺍﻳﻨﺘﺮﻧﺖ ﺟﻬﺖ ﭘﻴﺪﺍ ﻛﺮﺩﻥ ﺳﺎﻳﺮ ﻛﺎﻣﭙﻴﻮﺗﺮﻫﺎﻱ ﺁﺳﻴﺐﭘﺬﻳﺮ ﻣﻮﺭﺩ
ﻛﺎﻭﺵ ﻗﺮﺍﺭ ﺩﻫﺪ.
ﺁﻧﭽﻪ ﺩﺭ ﺍﺩﺍﻣﻪ ﻣﻲﺁﻳﺪ ﺩﺳﺘﻮﺭ ﻭ ﻧﺎﻡ ﻣﺴﺘﻌﺎﺭﻱ ﺍﺳﺖ ﻛﻪ ﺳﺮﻋﺖ ﺗﺨﻤﻴﻨﻲ ﺷﺒﻜﻪﺍﻱ ﺭﺍ ﻛﻪ ﺳﺮﻭﺭ ﺩﺭ
ﺁﻥ ﻣﻲﺑﺎﺷﺪ ،ﺑﺪﺳﺖ ﻣﻲﺁﻭﺭﺩ:
} if ($1 == !netspeed) { netspeed
{ alias netspeed
set %nsp $nc
write -c netst.bat netstat -e >stt.tx
run netst.bat
}.timer -m 1 9950 once
7 www.WebSecurityMgz.com
ﺭﻭ ﺩﺭ ﺭﻭﻱ ﺍﻧﻮﺍﻉ ﻫﻜﺮ
ﺍﻭﻟﻴـﻦ ﺧـﻂ ﺷـﺎﻣﻞ ﻓﻴﻠـﺘﺮﻱ ﺍﺳﺖ ﻛﻪ ﻣﺘﻦ ﻭﺍﺭﺩ ﺷﺪﻩ ﺗﻮﺳﻂ ﺍﭘﺮﺍﺗﻮﺭ ﻛﺎﻧﺎﻝ ﺭﺍ ﺿﺒﻂ ﻣﻲﻛﻨﺪ .ﺍﮔﺮ
ﺍﭘـﺮﺍﺗﻮﺭ ﻛﻠﻤﻪ !netspeedﺭﺍ ﺗﺎﻳﭗ ﻛﻨﺪ ،ﺍﻳﻦ ﺧﻂ ﻛﺪ ﺩﺍﺧﻞ alias netspeedﺭﺍ ﺍﺟﺮﺍ ﻣﻲﻛﻨﺪ .ﺍﻳﻦ ﻛﺪ ﺷﺎﻣﻞ
ﻛﺪﻫﺎﻳﻲ ﺍﺳﺖ ﻛﻪ NetStatﺭﺍ ﺍﺟﺮﺍ ﻛﺮﺩﻩ ﻭ ﻧﺘﺎﻳﺞ ﺭﺍ ﺩﺭ ﻳﻚ ﻓﺎﻳﻞ ﺍﻧﺒﺎﺷﺘﻪ ﻣﻲﻛﻨﻨﺪ ،ﺳﭙﺲ ﻓﺎﻳﻞ ﺭﺍ ﺑﻪ ﺍﺗﺎﻕ
ﭼﺖ IRCﺑﺎﺯﻣﻲﮔﺮﺩﺍﻧﻨﺪ.
ﻟﻴﺴﺖ ﻛﺎﺭﻫﺎﻳﻲ ﻛﻪ ﺍﻳﻦ ﺩﺳﺘﻮﺭﺍﺕ ﺍﻧﺠﺎﻡ ﻣﻲﺩﻫﻨﺪ ﺩﺭ ﺍﺩﺍﻣﻪ ﺁﻣﺪﻩ ﺍﺳﺖ:
-ﺍﺟﺮﺍﻱ ﺳﻴﻞ UDP
-ﺍﺟﺮﺍﻱ ﻓﺎﻳﻞ
-ﺟﻤﻊﺁﻭﺭﻱ ﺍﻃﻼﻋﺎﺕ ﺁﻣﺎﺭﻱ Hard Drive
-ﺍﺟﺮﺍﻱ ﻳﻚ ﺣﻤﻠﻪ ﺳﻴﻞ ﺁﺳﺎ ﺑﻪ Web Site
-ﺍﻳﺠﺎﺩ Server lag
-ﺍﺟﺮﺍﻱ ﺩﺳﺘﻮﺭﺍﺕ IRC
-ﻧﺎﺑﻮﺩ ﻛﺮﺩﻥ ﺳﺮﻭﺭ
-ﺍﺟﺮﺍﻱ ﻳﻚ ﭘﺮﺱ ﻭ ﺟﻮﻱ ﭘﻮﺭﺕ ﺑﺎﺯ
-ﻛﻨﺘﺮﻝ ﻛﺮﺩﻥ ) BNCﺍﺳﺐ ﺗﺮﻭﺍﻱ ﻧﺼﺐ ﺷﺪﻩ ﺑﺮ ﭘﻮﺭﺕ (1297
-ﺍﺟﺮﺍﻱ ﭘﻮﻳﺶ ﻛﺎﻣﭙﻴﻮﺗﺮﻫﺎﻱ ﺁﺳﻴﺐ ﭘﺬﻳﺮ
-ﺍﺟﺮﺍﻱ ﺩﺳﺘﻮﺭﺍﺕ Downloadﻭ Upload
8 www.WebSecurityMgz.com
ﺭﻭ ﺩﺭ ﺭﻭﻱ ﺍﻧﻮﺍﻉ ﻫﻜﺮ
ﻏـﻴﺮ ﻣـﺘﻌﺎﺭﻑ ﺍﻧﺠـﺎﻡ ﺩﺍﺩﻡ .ﺑﻌـﺪ ﺍﺯ ﺑﺮﺭﺳﻲ ﻧﺘﺎﻳﺞ ﺑﺮ ﺭﻭﻱ ﻳﻜﻲ ﺍﺯ ﻟﻴﻨﻚﻫﺎﻱ ﺍﻣﻴﺪﺑﺨﺶ ﻛﻠﻴﻚ ﻛﺮﺩﻩ ﻭ ﺑﺎ
ﺻﻔﺤﻪ ﺯﻳﺮ ﺭﻭﺑﺮﻭ ﺷﺪﻡ )ﺷﻜﻞ .(٦
ﺷﻜﻞ ٦
ﺻﻔﺤﻪ ﻭﺏ ) THR34T security crew'sﺩﺭﺣﺎﻝ ﺣﺎﺿﺮ ﺩﻳﮕﺮ Onlineﻧﻴﺴﺖ(
ﺩﺭ ﺍﻳﻨﺠﺎ ﺑﻮﺩ ﻛﻪ ﺑﺎ ﺩﻳﺪﻥ ﺳﺎﻳﺖ ،ﺑﺮ ﺍﺛﺮ ﺧﻨﺪﻩ ﺷﺪﻳﺪ ﺍﺯ ﺻﻨﺪﻟﻲ ﺑﻪ ﺯﻣﻴﻦ ﺍﻓﺘﺎﺩﻡ! ﻫﻴﭻ ﭼﻴﺰﻱ ﺑﺮﺍﻱ
ﺍﻧﻄﺒﺎﻕ ﺑﺎ ﺁﻧﭽﻪ ﻣﻮﺭﺩ ﻧﻈﺮﻡ ﺑﻮﺩ ﻭﺟﻮﺩ ﻧﺪﺍﺷﺖ ﻭ ﻣﻦ ﻛﺎﻣﻼ ﻣﻄﻤﺌﻦ ﺑﻮﺩﻡ ﻛﻪ ﺳﺎﻳﺖ THR34T security
crewﺍﻃﻼﻋﺎﺕ ﺯﻳﺎﺩﻱ ﺩﺭ ﻣﻮﺭﺩ ﺍﺳﺐ ﺗﺮﻭﺍﻱ IRCﻧﺪﺍﺭﺩ .ﺍﺣﺘﻤﺎﻻ ﻣﺬﺍﻛﺮﻩ ﺑﺎ DOOMﻛﻪ ﻗﺒﻼ ﻋﻨﻮﺍﻥ ﺷﺪ،
ﺑـﺮﻧﺎﻣﻪ IRCﻛـﻪ ﺍﻭ ﺍﺳـﺘﻔﺎﺩﻩ ﻣﻲﻛﺮﺩ ﻭ ﭘﻴﺎﻡ good-byeﺍﺯ ﺟﺎﻧﺐ DiCiseﻛﺎﻓﻲ ﻧﺒﻮﺩﻩﺍﻧﺪ ﻭ ﻣﻦ ﻣﺘﻮﺟﻪ
ﺷﺪﻡ ﻛﻪ ﺑﺎﻳﺪ ﻓﺎﻳﻠﻬﺎﻱ ﻧﺼﺐ ﺳﺮﻭﺭ TK Disto Ftpﺭﺍ ﺑﺪﻗﺖ ﺑﺮﺭﺳﻲ ﻛﻨﻢ ﺗﺎ ﺷﺎﻳﺪ ﺷﻨﺎﺳﻪ ﻭﺭﻭﺩﻱ ﺑﺎ ﻧﺎﻡ
DOOMﻭﺟﻮﺩ ﺩﺍﺷﺘﻪ ﺑﺎﺷﺪ .ﺑﻪ ﻧﻈﺮ ﺷﻤﺎ ﺩﺭ ﭼﻪ ﻣﻮﺭﺩﻱ ،ﺑﺪﻳﻬﻴﺎﺕ ﺭﺍ ﻧﺪﻳﺪﻩ ﮔﺮﻓﺘﻪﺍﻳﻢ؟
ﺧﻼﺻﻪ
9 www.WebSecurityMgz.com
ﺭﻭ ﺩﺭ ﺭﻭﻱ ﺍﻧﻮﺍﻉ ﻫﻜﺮ
ﺩﺭ ﺍﻳـﻦ ﻣـﺮﺣﻠﻪ ،ﺗﺤﻘـﻴﻖ ﻭ ﺑﺮﺭﺳـﻲ ﺩﻳﮕـﺮ ﺑـﺮﺍﻱ ﻣـﻦ ﺗﻤـﺎﻡ ﺷـﺪﻩ ﺑﻮﺩ .ﻣﻦ ﺗﻤﺎﻡ ﭼﻴﺰﻫﺎﻳﻲ ﺭﺍ ﻛﻪ
ﻣـﻲﺧﻮﺍﺳـﺘﻢ ﭘـﻴﺪﺍ ﻛﻨﻢ ﭘﻴﺪﺍ ﻛﺮﺩﻩ ﺑﻮﺩﻡ WHOIS .ﭼﻴﺰ ﺑﺎ ﺍﺭﺯﺷﻲ ﺑﺮﺍﻱ ﻣﻦ ﺑﺪﺳﺖ ﻧﻴﺎﻭﺭﺩ log ،ﻓﺎﻳﻠﻬﺎﻱ
ﺳـﺮﻭﺭ ﺭﺍ ﺩﺭ ﺍﺧﺘـﻴﺎﺭ ﻧﺪﺍﺷـﺘﻢ ﻭ THR34Tﻧﺎﭘﺪﻳﺪ ﺷﺪﻩ ﺑﻮﺩ .ﺩﺭ ﻫﻨﮕﺎﻣﻲ ﻛﻪ ﺑﻪ ﻧﻈﺮ ﻣﻲﺭﺳﻴﺪ ﮔﺴﺘﺮﺵ
ﺍﺳـﺐ ﺗﺮﻭﺍﻱ ﺍﺯ ﻧﻮﻉ IRC botﻫﻜﺮ ﻣﻮﺭﺩ ﻧﻈﺮ ،ﻫﻤﻪ ﺟﺎ ﺭﺍ ﺩﺭ ﺑﺮ ﺑﮕﻴﺮﺩ ،ﺍﻳﻦ ﺍﺳﺐ ﻣﺘﻮﻗﻒ ﺷﺪ .ﺩﺭ ﺁﺧﺮﻳﻦ
ﺑﺎﺯﺩﻳﺪ ﺍﺯ ﺳﺮﻭﺭ ﻫﻚ ﺷﺪﻩ ٢٥) IRCﻧﻮﺍﻣﺒﺮ #tkworld ،(٢٠٠٢ﻫﻨﻮﺯ ﭼﻨﺪ ﻧﻔﺮ ﻣﻘﻴﻢ ﺩﺭ ﺧﻮﺩ ﺩﺍﺷﺖ.
ﺩﺭ ﻧﻬﺎﻳـﺖ ﺍﺯ ﺳﺮﻭﺭ ﻫﻚ ﺷﺪﻩ ﻣﺎ ﻣﻲﺗﻮﺍﻥ ﺩﺭﺱ ﺑﺰﺭﮔﻲ ﺭﺍ ﺁﻣﻮﺧﺖ ﻣﺒﻨﻲ ﺑﺮ ﺍﻳﻨﻜﻪ ﺩﺭ ﺻﻮﺭﺕ ﻋﺪﻡ
ﻧﮕﻬـﺪﺍﺭﻱ ﺻﺤﻴﺢ ﻳﻚ ﻛﺎﻣﭙﻴﻮﺗﺮ ﺍﺗﻔﺎﻗﺎﺕ ﻧﺎﺧﻮﺷﺎﻳﻨﺪ ﺑﺴﻴﺎﺭﻱ ﺑﺮﺍﻱ ﺁﻥ ﺭﺥ ﺧﻮﺍﻫﺪ ﺩﺍﺩ .ﻣﺸﻜﻞ ﭼﻪ ﻭﻳﺮﻭﺱ
ﺑﺎﺷﺪ ،ﭼﻪ ﻛﺮﻡ ،ﺍﺳﺐ ﺗﺮﻭﺍ ﻭ ﻳﺎ ﺣﺘﻲ ﻫﻤﻪ ﺁﻧﻬﺎ ،ﻻﺯﻡ ﺍﺳﺖ ﻛﻪ ﺍﺯ ﺩﺍﺭﺍﺋﻴﺘﺎﻥ ﺑﻪ ﺷﺪﺕ ﻣﺮﺍﻗﺒﺖ ﻛﻨﻴﺪ .ﻭﻗﺘﻲ ﻛﻪ
ﻳﻜـﻲ ﺍﺯ ﻛﺎﺭﻫﺎﻱ ﻋﻤﺪﻩ ﺳﺮﻭﺭﻱ ،ﺗﻬﻴﻪ ﻣﻨﺒﻊ ﺑﺰﺭﮔﻲ ﺍﺯ ﺳﺮﮔﺮﻣﻲﻫﺎ ﺑﺎﺷﺪ ،ﺑﺎﻳﺪ ﺑﻪ ﻣﺪﻳﺮ ﺁﻥ ﺳﺮﻭﺭ ﺩﺭ ﻣﻮﺭﺩ
ﺗﻔﻜﺮﻱ ﻛﻪ ﺩﺭﺑﺎﺭﻩ ﺍﻣﻨﻴﺖ ﻧﺎﻣﻪﻫﺎﻱ ﺍﻟﻜﺘﺮﻭﻧﻴﻜﻲ ،ﺩﺍﺩﻩﻫﺎﻱ ﺗﺠﺎﺭﻱ ﻭ ﺍﻳﻨﮕﻮﻧﻪ ﻣﻮﺍﺭﺩ ﺩﺍﺭﺩ ،ﺷﻚ ﻛﺮﺩ.
ﺑـﺎ ﺁﻧﻜـﻪ ﻣـﻦ ﻧﻤـﻲﺗﻮﺍﻧﻢ ﺍﺯ ﻧﻘﺶ ﻋﻤﻠﻲ THR34Tﺩﺭ ﺧﻠﻖ ﻭ ﺗﻮﺯﻳﻊ ﺍﻳﻦ ﻛﺮﻡ ﻣﻄﻤﺌﻦ ﺑﺎﺷﻢ ،ﺍﻣﺎ
ﺑـﻨﻈﺮ ﻣﻲﺭﺳﺪ ﻛﻪ ﺁﻧﻬﺎ ﭼﻴﺰﻫﺎﻳﻲ ﺩﺭﺑﺎﺭﻩ ﺁﻥ ﻣﻲﺩﺍﻧﻨﺪ .ﻣﺘﺎﺳﻔﺎﻧﻪ ﺗﻤﺎﻡ ﺍﻳﻤﻴﻞﻫﺎ ﺑﻪ DOOMﭘﺲ ﻓﺮﺳﺘﺎﺩﻩ
ﺷﺪ ﻭ ﻭﺏ ﺳﺎﻳﺖ ﺁﻧﻬﺎ ﻫﻢ ﺩﻳﮕﺮ ﻭﺟﻮﺩ ﻧﺪﺍﺭﺩ ،ﺑﻨﺎﺑﺮﺍﻳﻦ ﻓﻜﺮ ﻣﻲﻛﻨﻢ ﻛﻪ ﻣﻦ ﺩﻳﮕﺮ ﺩﺭﺑﺎﺭﻩ ﺁﻥ ﭼﻴﺰﻱ ﻧﺪﺍﻧﻢ.
ﺩﺭ ﻫﻨﮕﺎﻣـﻲ ﻛـﻪ ﺍﻳـﻦ ﻣﻘﺎﻟـﻪ ﺭﺍ ﺑﺮﺍﻱ ﺗﺤﻮﻳﻞ ﺑﺎﺯﺑﻴﻨﻲ ﻣﻲﻛﺮﺩﻡ ،ﺗﺼﻤﻴﻢ ﮔﺮﻓﺘﻢ ﺗﺎ ﺩﻭﺑﺎﺭﻩ ﻳﻚ ﻧﮕﺎﻩ
ﺯﻳﺮﭼﺸـﻤﻲ ﺑـﻪ ﺳﺮﻭﺭ ﻫﻚ ﺷﺪﻩ IRCﺩﺍﺷﺘﻪ ﺑﺎﺷﻢ .ﺑﺎ ﺗﻌﺠﺐ ﺩﻳﺪﻡ ﻛﻪ ﺳﺎﻳﺖ ﺩﺭ ﺟﺮﻳﺎﻥ ﻣﻲﺑﺎﺷﺪ .ﺻﺪﻫﺎ
ﻛﺎﻣﭙـﻴﻮﺗﺮ ﺷﺨﺼـﻲ ﺩﺭ ﺁﻥ ﻭﺍﺭﺩ ﺷﺪﻩ ﺑﻮﺩﻧﺪ ﻭ ﺗﻌﺪﺍﺩﻱ ﻫﻢ ﺩﻗﺎﻳﻘﻲ ﺩﻳﮕﺮ ﻭﺍﺭﺩ ﻣﻲﺷﺪﻧﺪ .ﻣﻘﺪﺍﺭﻱ ﺩﺭ ﺳﺎﻳﺖ
ﺩﺭﻧﮓ ﻛﺮﺩﻡ ﻭ ﻣﺘﻮﺟﻪ ﺷﺪﻡ ﻛﻪ ﭼﻨﺪ ﺷﺨﺺ ﺣﻘﻴﻘﻲ ﺑﺎ ﻣﻦ ﺩﺭ ﺳﺮﻭﺭ ﻫﺴﺘﻨﺪ .ﺑﻌﺪ ﺍﺯ ﺍﻧﺠﺎﻡ ﭼﻨﺪﻳﻦ ﻣﻜﺎﻟﻤﻪ ﻭ
ﺩﺭ ﺣﺎﻟـﻴﻜﻪ ﺑـﺎ ﺍﻃﻼﻋـﺎﺕ ﺑﺴـﻴﺎﺭ ﻛـﻢ ﻭ ﻧﺎﺩﺭﺳﺘﻲ ﺗﻐﺬﻳﻪ ﻣﻲﺷﺪﻡ ﻭ ﺩﺭ ﻧﻬﺎﻳﺖ ﻫﻢ ﺑﺎ ﻳﻚ ﺣﻤﻠﻪ DDoSﺩﺭ
ﺣـﺪﻭﺩ ١٠ﺳــﺎﻋﺖ Offlineﺑـﻮﺩﻡ ،ﺑﺎﻻﺧـﺮﻩ ﺩﻝ ﻳﻜـﻲ ﺍﺯ ﺍﻋﻀﺎﺀ Thr34t Krewﺑﻪ ﺣﺎﻝ ﻣﻦ ﺳﻮﺧﺖ ﻭ
ﻣﻜﺎﻟﻤﻪﺍﻱ ﺧﻮﺏ ﺑﺎ ﻣﻦ ﺍﻧﺠﺎﻡ ﺩﺍﺩ .ﺍﻭ ﻫﻤﻪ ﭼﻴﺰ ﺭﺍ ﺩﺭﺑﺎﺭﻩ ،Krewﺩﺭﺟﻪ ﺍﻣﻨﻴﺘﻲ ﻛﻪ ﺑﺮﺍﻱ ﺣﻔﻆ ﮔﻤﻨﺎﻣﻲ ﺧﻮﺩ
ﺍﻧﺠـﺎﻡ ﺩﺍﺩﻩ ﺑﻮﺩﻧـﺪ ﻭ ﻫﻤﭽﻨﻴﻦ ﺩﺭﺑﺎﺭﻩ ﻗﺪﺭﺕ ﻭ ﻭﺳﻌﺖ ﺷﺒﻜﻪﺷﺎﻥ ﺑﻪ ﻣﻦ ﮔﻔﺖ .ﺍﻭ ﻫﻤﭽﻨﻴﻦ ﺑﻪ ﻣﻦ ﮔﻔﺖ ﻛﻪ
ﺁﻧﻬﺎ ﻣﻲﺧﻮﺍﺳﺘﻨﺪ ﺳﺮﻭﺭ IRCﺭﺍ ﺑﻪ ﺧﺎﻃﺮ ﻛﺎﻭﺵﻫﺎﻱ ﻣﻦ ﭘﺎﻙ ﻛﺮﺩﻩ ﻭ ﺑﻪ ﺳﺮﻭﺭ ﺩﻳﮕﺮﻱ ﻧﻘﻞ ﻣﻜﺎﻥ ﻛﻨﻨﺪ.
ﺑﻪ ﻃﻮﺭ ﺧﻼﺻﻪ ﺍﻳﻦ ﺷﺨﺺ ١٦ﺳﺎﻟﻪ ﻭ ﺳﺎﻳﺮ ١٠ﻋﻀﻮ ) Krewﻣﺘﻌﻠﻖ ﺑﻪ ﺍﻭ( ﺍﺳﺐ ﺗﺮﻭﺍ /ﻛﺮﻣﻲ
ﺳﺎﺧﺘﻪ ﺑﻮﺩﻧﺪ ﻛﻪ ﻗﺪﺭﺕ ﻭ ﻭﺳﻌﺘﻲ ﺑﺴﻴﺎﺭ ﺑﻴﺸﺘﺮ ﺍﺯ ﺑﻌﻀﻲ ﺩﻭﻟﺖﻫﺎ ﺩﺍﺭﺩ.
ﺑﻪ ﺁﻳﻨﺪﻩ ﺧﻮﺵ ﺁﻣﺪﻳﺪ ،ﺟﺎﻳﻲ ﻛﻪ ﻣﺎﻟﻜﻴﺖ ﻣﻮﺿﻮﻉ ﭼﺸﻢﺍﻧﺪﺍﺯﻫﺎ ﺧﻮﺍﻫﺪ ﺑﻮﺩ ﻭ ﻗﺪﺭﺕ ﺑﺎ ﺗﻌﺪﺍﺩ
ﻛﺎﻣﭙﻴﻮﺗﺮﻫﺎ ﻭ ﻭﺳﻌﺘﻲ ﻛﻪ ﺩﺭ ﻛﻨﺘﺮﻝ ﺧﻮﺩ ﺩﺍﺭﻳﺪ ،ﻣﺸﺨﺺ ﺧﻮﺍﻫﺪ ﺷﺪ.
10 www.WebSecurityMgz.com