好的,我现在需要帮用户总结一篇文章的内容,控制在100个字以内。用户提供的文章看起来是一个安全漏洞的公告,涉及恶意软件Backdoor.Win32.Poison.jh。 首先,我需要快速浏览文章内容,找出关键信息。文章提到恶意软件在C:\Windows\SysWOW64目录下创建了一个名为28463的目录,并赋予Everyone用户组完全权限。这可能导致恶意软件被篡改或执行劫持。 接下来,我要确定这些信息如何简洁地表达出来。可能需要包括恶意软件名称、漏洞类型、影响以及攻击模式。同时,要确保语言简洁明了,不超过100个字。 然后,我需要考虑用户的使用场景和身份。用户可能是一位安全研究人员或IT管理员,他们需要快速了解漏洞情况以便采取措施。因此,总结应突出关键点:恶意软件名称、不安全权限、影响范围和攻击方式。 最后,检查是否有遗漏的重要信息,并确保总结准确无误。避免使用复杂的术语,使内容易于理解。 </think> 该恶意软件Backdoor.Win32.Poison.jh通过在C:\Windows\SysWOW64目录下创建28463文件夹并赋予Everyone完全权限,导致本地用户可篡改或劫持文件执行,暴露了严重的操作安全问题。 2025-12-24 21:34:37 Author: cxsecurity.com(查看原文) 阅读量:3 收藏
Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2025 Original source: https://malvuln.com/advisory/3d9821cbe836572410b3c5485a7f76ca.txt Malvuln Intelligence Feed: https://intel.malvuln.com/ Contact: [email protected] Media: x.com/malvuln Threat: Backdoor.Win32.Poison.jh Vulnerability: Insecure Permissions Description: The malware creates the directory 28463 under C:\Windows\SysWOW64, granting Full (F) permissions to the Everyone user group. This allows any local user to modify or replace any dropped files, enabling trivial malware disruption or execution hijacking. This reflects poor operational security exposing malware components to local tampering. Family: Poison Type: PE32 Attack-pattern TTP: File and Directory Permissions Modification (T1222.001) MD5: 3d9821cbe836572410b3c5485a7f76ca SHA256: 2229d26afafb4b7fe1eaaa92ce1251c00eda9bac3f1371c470e7bbd5ae0a5bf9 Vuln ID: MVID-2025-0704 Dropped files: YJBE.exe Disclosure: 12/23/2025 Exploit/PoC: C:\>cacls C:\Windows\SysWOW64\28463\YJBE.exe C:\Windows\SysWOW64\28463\YJBE.exe Everyone:(ID)F Disclaimer: The information contained within this advisory is supplied "as-is" with no warranties or guarantees of fitness of use or otherwise. Permission is hereby granted for the redistribution of this advisory, provided that it is not altered except by reformatting it, and that due credit is given. Permission is explicitly given for insertion in vulnerability databases and similar, provided that due credit is given to the author. The author is not responsible for any misuse of the information contained herein and accepts no responsibility for any damage caused by the use or misuse of this information. The author prohibits any malicious use of security related information or exploits by the author or elsewhere. Do not attempt to download Malware samples. The author of this website takes no responsibility for any kind of damages occurring from improper Malware handling or the downloading of ANY Malware mentioned on this website or elsewhere. All content Copyright (c) Malvuln.com (TM).
Thanks for you comment!
Your message is in quarantine 48 hours.
如有侵权请联系:admin#unsafe.sh