<Á°¤ÎÆüµ­(2007ǯ12·î15Æü) ¼¡¤ÎÆüµ­(2007ǯ12·î22Æü)> ºÇ¿· ÊÔ½¸

¹âÌÚ¹À¸÷¡÷¼«Âð¤ÎÆüµ­

Ìܼ¡ ¤Ï¤¸¤á¤Ë Ï¢ÍíÀè:blog@takagi-hiromitsu.jp
ˬÌä¼Ô¿ô ËÜÆü: 1877   ºòÆü: 2734

2007ǯ12·î16Æü

¢£ °ìÂÀϺZero-day¹¶·âȯ³Ð·Ð°Þ¤ÎÆæ ¡½¡½ Èó¹ṉ̃¤Ïï¡©

Ìܼ¡

  • °ìÂÀϺzero-day¹¶·âȯ³Ð·Ð°Þ¤ÎÆæ
  • Symantec¤ÏÀȼåÀ­Ê¬ÀϤΥץí¤Ç¤Ï¤Ê¤¤
  • ÆüËÜ¿ÍSymantec¼Ò°÷¤ÏÈóÆüËܹṉ̃¤«
  • Èó¹ṉ̃¤Ïï¡©
  • ¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¼Ò¤â·ÐºÑ»º¶È¾Ê¹ð¼¨¤ò̵»ë¡©
  • ¸½¹Ô¤ÎÆϽÐÀ©ÅÙ¤Ïzero-day¹¶·â¤ËÂбþ¤·¤Æ¤¤¤Ê¤¤

°ìÂÀϺzero-day¹¶·âȯ³Ð·Ð°Þ¤ÎÆæ

Àè½µ¤³¤ó¤ÊÊóÆ»¤¬¤¢¤Ã¤¿¡£

¤Þ¤¿¤«¡£

¡Ö¤Þ¤¿°ìÂÀϺ¤«¡×¤È¤¤¤¦°ÕÌ£¤Ç¤Ï¤Ê¤¯¡¢¡Ö¤Þ¤¿ Symantec ¤«¡×¤È¤¤¤¦°ÕÌ£¤Ç¤À¡£

°ìÂÀϺ´ØÏ¢À½ÉʤΥХåե¡¥ª¡¼¥Ð¡¼¥Õ¥í¡¼·Ï¤ÎÀȼåÀ­¤Ï¤³¤ì¤Þ¤Ç¤Ë8²ó¸«¤Ä¤«¤Ã¤Æ¤ª¤ê¡¢¤¦¤Á3²ó¤Ï¡¢¹¶·â¤Ë°­ÍѤµ¤ì¤ëÁ°¤ËIPA¤ÈJPCERT/CC¤òÄ̤¸¤Æ»öÁ°¤Ë½¤Àµ¤µ¤ì¤¿¤â¤Î¡ÊJVN#90815371, JVN#47272891, JVN#29211062¡Ë¤Ç¡¢»Ä¤ê¤Î5²ó¤Ï¤¤¤º¤ì¤âzero-day¹¶·â¤¬È¯À¸¤·¤¿Ãæ¤Çȯ³Ð¤·¤Æ¤¤¤ë¡£¤½¤ÎºÝ¤ÎÊóÆ»¤òʤ٤Ƥߤë¤È¼¡¤Î¤è¤¦¤Ë¤Ê¤ë¡£¡Ê24ÆüÄɵ­¡§ITmedia¤È¥Þ¥¤¥³¥ß¥¸¥ã¡¼¥Ê¥ë¤òÄɲä·¤¿¡£¡Ë

¤³¤Î¤è¤¦¤Ë¡¢Âè°ìÊó¤Ï¤¹¤Ù¤Æ¡Ö¥·¥Þ¥ó¥Æ¥Ã¥¯¤¬¡×¡ÖSymantec¤¬¡×¤À¡£¤Ê¤¼¤³¤¦¤Ê¤ë¤Î¤À¤í¤¦¡© ¶öÁ³¤Ë¤·¤Æ¤ÏÉÔ¼«Á³¤Ç¤Ï¤Ê¤¤¤«¡©

¤³¤ì¤Ï¤³¤¦¤¤¤¦¤³¤È¤¬µ¯¤­¤Æ¤¤¤ë¤Î¤Ç¤Ï¤Ê¤¤¤À¤í¤¦¤«¡£

¤Þ¤º¡¢Symantec¤ÎÅö³º¥¦¥¤¥ë¥¹¥Ç¡¼¥¿¥Ù¡¼¥¹¤ò¸«¤Æ¤ß¤ë¤È¡¢¤¤¤º¤ì¤â¡ÖWild Level: Low, Number of Infections: 0 - 49, Number of Sites: 0 - 2¡×¤È¤Ê¤Ã¤Æ¤¤¤ë¡ÊÎ㤨¤Ð¡¢ºÇ¤â¸Å¤¤Trojan.Tarodrop¤ò»²¾È¡Ë¤³¤È¤«¤é¡¢¤ª¤½¤é¤¯¡¢¤É¤ì¤â 1·ï¤ÎÊó¹ð¡Ê¥¦¥¤¥ë¥¹¸¡ÂΤÎÄ󶡡ˤ¬¤¢¤Ã¤¿¤À¤±¤Ê¤Î¤À¤í¤¦¡£

¼¡¤Ë¡¢¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È²ñ¼Ò¤Ï¿ô¼Ò¤¢¤ë¤Ë¤â´Ø¤ï¤é¤º¡¢¤¹¤Ù¤ÆSymantec¤Ë¸¡ÂΤ¬Ä󶡤µ¤ì¤¿¤È¤¤¤¦¤³¤È¤Ï¡¢¤ª¤½¤é¤¯¡¢¸¡ÂΤÎÄ󶡸µ¤ÏƱ¤¸¿Íʪ¤Ê¤¤¤·¡¢Æ±¤¸ÁÈ¿¥¤Ç¤Ï¤Ê¤¤¤À¤í¤¦¤«¡£

¤Ä¤Þ¤ê¡¢Åµ·¿Åª¤Ê targeted attack¤¬ºòǯ¤«¤é·Ñ³¤·¤Æ»Å³Ý¤±¤é¤ì¤Æ¤ª¤ê¡¢¤·¤«¤â¤½¤Î¥¿¡¼¥²¥Ã¥È¤¬Æ±¤¸ÁÈ¿¥¤Ë¹Ê¤é¤ì¤Æ¤¤¤ë¤Î¤Ç¤Ï¤Ê¤¤¤«¡£

¤³¤³¤Ç»×¤¤½Ð¤¹¤Î¤¬¡¢2006ǯ5·î¤Î¡ÖÂè10²ó ¥³¥ó¥Ô¥å¡¼¥¿ÈȺá¤Ë´Ø¤¹¤ëÇòÉÍ¥·¥ó¥Ý¥¸¥¦¥à¡×¤ÇÄ°¹Ö¤·¤¿·Ù»¡Ä£Ã´Åö¼Ô¤Î¹Ö±éÆâÍƤÀ¡£¤³¤ì¤Ï¼¡¤ÎÄ̤êÊóÆ»¤µ¤ì¤Æ¤¤¤ë¡£

  • ¡Ö·Ù»¡¤òɸŪ¤Ë¤·¤¿¥¹¥Ô¥¢·¿¥Õ¥£¥Ã¥·¥ó¥°¡¦¥á¡¼¥ë¤¬Áý²Ã¡×---·Ù»¡Ä£ ºäÌÀ»á, Æü·ÐIT Pro, 2006ǯ5·î29Æü

    ¡Ö·Ù»¡¤äËɱÒÄ£¤òɸŪ¤È¤¹¤ë¡¤ÆÃÄê¤ÎÂоݤòÁÀ¤Ã¤¿µ¶Áõ¥á¡¼¥ë¡¤¤¤¤ï¤æ¤ë¥¹¥Ô¥¢·¿¥Õ¥£¥Ã¥·¥ó¥°¡¦¥á¡¼¥ë¤¬Áý²Ã¡¤¤«¤Ä¤­¤ï¤á¤ÆÀº¹ª¤Ë¤Ê¤Ã¤Æ¤­¤Æ¤¤¤ë¡×--- ·Ù»¡Ä£ À¸³è°ÂÁ´¶É ¾ðÊóµ»½ÑÈȺá Âкö²Ý¡Ê¥µ¥¤¥Ð¡¼ÈȺáÂкö²Ý¡Ë²ÝĹ ºäÌÀ»á¤Ï5·î26Æü¤«¤é28Æü¤Ë¤«¤±¤Æ³«ºÅ¤µ¤ì¤¿¡ÖÂè10²ó ¥³¥ó¥Ô¥å¡¼¥¿ÈȺá¤Ë´Ø¤¹¤ëÇòÉÍ¥·¥ó¥Ý¥¸¥¦¥à¡×¤Î¹Ö±é¤Ç¡¤·Ù»¡Ä£¤òɸŪ¤È¤¹¤ë¹¶·â¤¬Áý²Ã¤·¤Æ¤¤¤ë¤³¤È¤òÌÀ¤é¤«¤Ë¤·¤¿¡£

¤¸¤Ä¤Ï»ä¤â¶Ð̳Àè¤Î¥á¡¼¥ë¥¢¥É¥ì¥¹¤Ï go.jp ¤Ç½ª¤ï¤ë¤â¤Î¤Ê¤Î¤Ç¡¢¤½¤ì¤é¤·¤­¥á¡¼¥ë¤ò¼õ¿®¤·¤¿¤³¤È¤¬¤¢¤ë¡£2005ǯ6·î¤Î¤³¤È¤Ç¡¢¤³¤ì¤Ï [memo:8513] ¤ÇÊó¹ð¤·¤¿µ­Ï¿¤¬¤¢¤ë¡£¤³¤Î¤È¤­¤Ï¡¢¾¯¤·¸å¤ËÈóÀ¯ÉܤθĿͥ¢¥É¥ì¥¹¤Ë¤âÆϤ¤¤Æ¤¤¤ë¤È¤¤¤¦Êó¹ð¤â¤¢¤Ã¤¿¡£¤½¤Î¸å²¿ÅÙ¤«¤ÏƱÍͤΥ᡼¥ë¤ò¸«¤«¤±¤¿¤â¤Î¤Î¡¢2006ǯ¤ÎÇòÉÍ¥·¥ó¥Ý¥¸¥¦¥à¤Ç¾åµ­¤Î¹Ö±é¤òÄ°¹Ö¤·¤¿»þÅÀ¤Ç¤Ï¡¢¤â¤Ï¤ä¸«¤«¤±¤Ê¤¯¤Ê¤Ã¤Æ¤¤¤¿¡£°ìÂÀϺ¤ÎźÉÕ¥Õ¥¡¥¤¥ë¤ÎÉÕ¤¤¤¿¥á¡¼¥ë¤â¸«¤¿¤³¤È¤¬¤Ê¤¤¡£zero-day¹¶·â¤Ï¡¢¤«¤Ê¤êÂоݤò¹Ê¤Ã¤Æ¡¢Ì©¤«¤Ë¹Ô¤ï¤ì¤Æ¤¤¤ë¤Î¤Ç¤Ï¤Ê¤¤¤À¤í¤¦¤«¡£

°ìÂÀϺ¤Î̤ÃΤÎÀȼåÀ­¤òÆͤ¤¤¿zero-day¹¶·â¤Ï¡¢¤´¤¯¸Â¤é¤ì¤¿ÁÈ¿¥¤ËÂФ·¤Æ¤À¤±¹Ô¤ï¤ì¤Æ¤¤¤ë¤Î¤Ç¤Ï¤Ê¤¤¤«¤È²±Â¬¤¹¤ë¡£¤½¤ì¤¬¡¢·Ù»¡Ä£¤Ê¤Î¤«¡¢ËɱҾʤʤΤ«¡¢Â¾¤ÎÀ¯ÉÜÁÈ¿¥¤Ê¤Î¤«¡¢¤â¤·¤«¤¹¤ë¤È̱´ÖÁÈ¿¥¤Ê¤Î¤«¡¢¤½¤Î¾ðÊó¤Ï»ý¤Ã¤Æ¤¤¤Ê¤¤¤ÎÃΤé¤Ê¤¤¤¬¡¢ÁÀ¤ï¤ì¤ä¤¹¤¤¤Î¤Ï½ÅÍפÊǤ̳¤òô¤¦À¯ÉܤÎôÅö¼Ô¤Î¥¢¥É¥ì¥¹¤À¤È¹Í¤¨¤ë¤Î¤¬ÉáÄ̤À¤í¤¦¡£

ɸŪ¤Ë¤µ¤ì¤Æ¤¤¤ë¤½¤ÎÁÈ¿¥¤¬¡¢¤¢¤ë¤¤¤Ï¤½¤ÎÁÈ¿¥¤Î¾ðÊó¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬¡¢ËèÅÙ¡¢¥¦¥¤¥ë¥¹¸¡ÂΤò¥·¥Þ¥ó¥Æ¥Ã¥¯¼Ò¤ËÄ󶡤·¤Æ¤¤¤ë¤È¤¹¤ì¤Ð¤É¤¦¤À¤í¤¦¤«¡£Êó¹ðÀè¤È¤·¤Æ¥·¥Þ¥ó¥Æ¥Ã¥¯¤òÁªÂò¤·¤Æ¤¤¤ëÍýͳ¤âñ¤Ë¡¢¤½¤ÎÁÈ¿¥¤Î¾ðÊó¥·¥¹¥Æ¥à¸æÍÑã¤Î¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¤¬¥·¥Þ¥ó¥Æ¥Ã¥¯À½¤À¤È¤¹¤ë¤È¡¢¤É¤¦¤À¤í¤¦¡£

¤È¤¤¤¦¤È¡¢¤³¤¦¤¤¤¦µ¿Ì䤬½Ð¤Æ¤¯¤ë¤«¤â¤·¤ì¤Ê¤¤¡£¤Ä¤Þ¤ê¡¢¡Ö¥¦¥¤¥ë¥¹¥á¡¼¥ë¤ò¸«¤Ä¤±¤¿¾ðÊó¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬·ÀÌóÀè¤Î¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È²ñ¼Ò¤ËÊó¹ð¤¹¤ë¡½¡½¤½¤ì¤Î¤É¤³¤¬¤¤¤±¤Ê¤¤¤Î¤«¡©¡×¤È¡£

¤½¤ì¤Ï¤ä¤Ã¤Ñ¤êÂÌÌܤÀ¤í¤¦¡£¾¯¤Ê¤¯¤È¤âÀ¯Éܵ¡´Ø¤¬¤½¤ó¤Ê¤³¤È¤Ç¤ÏÂÌÌܤǤϤʤ¤¤«¡£

Symantec¤ÏÀȼåÀ­Ê¬ÀϤΥץí¤Ç¤Ï¤Ê¤¤

¤Þ¤ºÂè°ì¤Ë¡¢·ë²Ì¤È¤·¤Æ³§¤¬ÉÔÍø±×¤òÈï¤Ã¤Æ¤¤¤ë¤È¤¤¤¦¼Â³²¤¬À¸¤¸¤Æ¤¤¤ë¡£¤½¤ì¤Ï²¿¤«¤È¤¤¤¦¤È¡¢10·î30Æü¤ÎÆüµ­¡Ö°ìÂÀϺplug-in¤òIE¤ÈFirefox¤Ç̵¸ú¤Ë ¡Á ¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¤ÏËÜÅö¤Î¶¼°Ò¤ò¶µ¤¨¤Æ¤¯¤ì¤Ê¤¤¡×¤Î·ï¤Ç¤¢¤ë¡£

10·î30Æü¤ÎÆüµ­¤Ë½ñ¤¤¤¿¤è¤¦¤Ë¡¢°ìÂÀϺ¤ÎÀȼåÀ­¤Ï¡¢¡Ê¤ª¤½¤é¤¯²áµî¤Î8·ï¤Î²¿¤ì¤â¡ËWeb¥Ö¥é¥¦¥¶ÍÑ°ìÂÀϺplug-in¤ÎÀȼåÀ­¤Ç¤â¤¢¤ê¡¢°­°Õ¤¢¤ëWeb¥µ¥¤¥È¤òˬ¤ì¤¿¤À¤±¤Ç¹¶·â¤¬À®¸ù¤¹¤ë¤È¤¤¤¦¡¢´í¸±Å٤ι⤤ÀȼåÀ­¤Ç¤¢¤ë¤Î¤À¤¬¡¢¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¤Ï¤½¤Î¤è¤¦¤Ëȯɽ¤»¤º¡¢¡Ö½Ð½ê¤ÎÉÔÌÀ¤Ê°ìÂÀϺʸ½ñ¥Õ¥¡¥¤¥ë¤ò³«¤«¤Ê¤¤¤è¤¦¤´Ãí°Õ¤¯¤À¤µ¤¤¡×¤Ê¤É¤È¡¢¤¢¤¿¤«¤â¡¢¥í¡¼¥«¥ë¥Õ¥¡¥¤¥ë¤ò³«¤«¤Ê¤±¤ì¤ÐÌäÂê¤Ê¤¤¤«¤Î¤è¤¦¤Ê¸í¤Ã¤¿¾ðÊó¤òή¤·¤Æ¤¤¤¿¡£

¤³¤ì¤Ï¡¢¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¼Ò¤ËÀȼåÀ­Ê¬ÀÏǽÎϤ¬·ç¤±¤Æ¤¤¤ë¡Ê¤¢¤ë¤¤¤Ï¡¢ÀȼåÀ­¾ðÊó¤òÀµ¤·¤¯ÍøÍѼԤËÅÁ¤¨¤ë¤³¤È¤Ë¤Ä¤¤¤Æ¤Î¼Ò²ñŪÀÕǤ¤Îǧ¼±¤¬·ç¤±¤Æ¤¤¤ë¡Ë¤³¤È¤â¸¶°ø¤Î°ì¤Ä¤Ç¤¢¤ë¤¬¡¢°ì¼¡¾ðÊ󸻤Ǥ¢¤ë Symantec¤¬¤½¤¦¸À¤Ã¤Æ¤¤¤ë¤³¤È¤â¸¶°ø¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤Î¤À¤í¤¦¡£°ìÂÀϺzero-day¹¶·â¤Î¥Ë¥å¡¼¥¹¤Ï¡¢¼¡¤Î¤è¤¦¤Ë¡¢¤¤¤Ä¤â Symantec¤Î blog¡ÖSecurity Response Weblog¡×¤¬°ì¼¡¾ðÊ󸻤ˤʤäƤ¤¤ë¡£

¤³¤ÎÃæ¤Ç¡¢ÍøÍѼԸþ¤±¤ÎÃí°Õ¤È¤·¤Æ¡Ö½Ð½ê¤ÎÉÔÌÀ¤Ê°ìÂÀϺʸ½ñ¥Õ¥¡¥¤¥ë¤ò³«¤«¤Ê¤¤¤è¤¦¤´Ãí°Õ¡×¤È¤¤¤¦¤³¤È¤¬½ñ¤«¤ì¤Æ¤¤¤ë¡£

Since this vulnerability has yet to be patched, you should be extra careful when using Ichitaro and refrain from opening Ichitaro files received from untrusted sources. Also remember to keep your security software up-to-date and follow safe computing practices.

New fiscal year in Japan, new zero-day in Justsystem's Ichitaro, Joji Hamada, Symantec, 2007ǯ4·î7Æü

We are not currently aware of any patches available to fix this issue, so until JustSystems releases a patch, we would advise all Ichitaro users to treat unsolicited .jtd files with extreme caution.

Zero-day Vulnerabilities: Following the Trailblazers, Hon Lau, Symantec, 2007ǯ12·î13Æü

À轵ȯ³Ð¤·¤¿ºÇ¿·¤Î·ï¤Ç¤â¡¢¡Öwe would advise all Ichitaro users to treat unsolicited .jtd files with extreme caution¡×¤Ê¤É¤È¸À¤Ã¤Æ¤ª¤ê¡¢¤³¤ì¤Ï¡¢ÆüËܤǤÎÊóÆ»ÆâÍƤ˱ƤòÍî¤È¤·¤Æ¤¤¤ë¡£

¤³¤Î¤è¤¦¤Ë¡¢ÊóÆ»¤Ç¤Ï¡Ö¿®Íê¤Ç¤­¤Ê¤¤¥Õ¥¡¥¤¥ë¤Ï³«¤«¤Ê¤¤¤È¤¤¤Ã¤¿¿´¹½¤¨¤Ç²óÈò¡×¤Ç¤­¤ë¤³¤È¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤Ã¤Æ¤¤¤ë¤Î¤Ï¡¢Symantec¤Î°ì¼¡¾ðÊ󤬤½¤¦½ñ¤¤¤Æ¤¤¤ë¤«¤é¤À¤í¤¦¡£Æü·ÐBP¤Î¾¡Â¼µ­¼Ô¤Ê¤ó¤¾¤Ï¤³¤ì¤ò¼«Ê¬¤Î¹Í¤¨¤È¤·¤Æ½ñ¤¤¤Æ¤·¤Þ¤Ã¤Æ¤¤¤ë¡£°ìÊý¡¢INTERNET Watch¤Îµ­»ö¤Ç¤Ï¡ÖSymantec¤Ç¤Ï¡Ä¡Ä¸Æ¤Ó¤«¤±¤Æ¤¤¤ë¡×¤È¡¢¤¢¤¯¤Þ¤Ç¤âSymantec¤¬¤½¤¦¸À¤Ã¤Æ¤¤¤ë¤È¤¤¤¦¤³¤È¤òÅÁ¤¨¤ë¤Ë»ß¤á¤Æ¤¤¤ë¤¬¡¢ÆɼԤϡ¢¤½¤ì¤Ç²óÈò¤Ç¤­¤ëÄøÅÙ¤Î´í¸±ÅÙ¤ÎÄ㤤ÀȼåÀ­¤À¤ÈÆɤà¤À¤í¤¦¡£¡Ê¤Á¤Ê¤ß¤Ë¡¢ITmedia¤Îµ­»ö¤Ï²óÈòÊýË¡¤Ë¤Ä¤¤¤Æ¿¨¤ì¤Æ¤¤¤Ê¤¤¡£¡Ë

¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¼Ò¤Ïº£²ó¡¢¤³¤Î¤³¤È¤Ë¤Ä¤¤¤Æ¡¢¼¡¤Î¤è¤¦¤Ëȯɽ¤·¤¿¡£

¸½¾Ý¤È¤½¤ÎÂнèÊýË¡

2007ǯ12·î13Æü¡¢Åö¼ÒÀ½Éʤο¤¯¤¬¶¦ÍѤ·¤Æ¤¤¤ë¥×¥í¥°¥é¥à¥é¥¤¥Ö¥é¥ê¥Õ¥¡¥¤¥ë¤ËÀȼåÀ­¤¬³Îǧ¤µ¤ì¤Þ¤·¤¿¡£¤³¤ÎÀȼåÀ­¤¬°­ÍѤµ¤ì¤ë¤ÈǤ°Õ¤Î¥³¡¼¥É¤¬¼Â¹Ô¤µ¤ì¡¢¥Ñ¥½¥³¥ó¤¬ÉÔÀµ¤ËÁàºî¤µ¤ì¤ë´í¸±À­¤¬¤¢¤ê¤Þ¤¹¡£

°­°Õ¤Î¹¶·â¼Ô¤ÏÉÔÀµ¤Ë²þ¤¶¤ó¤·¤¿¥Õ¥¡¥¤¥ë¤òºîÀ®¤¹¤ë¤Ê¤É¤·¡¢¤½¤Î¤è¤¦¤Ê¥Õ¥¡¥¤¥ë¤òÅŻҥ᡼¥ë¤ÎźÉÕ¥Õ¥¡¥¤¥ë¤Ë¤·¤ÆÁ÷¤ê¤Ä¤±¤¿¤ê¡¢ Web¥µ¥¤¥È¤ËÃÖ¤¯¤³¤È¤Ç¹¶·â¤ò»Å³Ý¤±¤Þ¤¹¡£¤ªµÒÍͤ¬¤½¤Î¤è¤¦¤Ê¥Õ¥¡¥¤¥ë¤ò³«¤¤¤¿¤ê¡¢¥ê¥ó¥¯¤ò¥¯¥ê¥Ã¥¯¤¹¤ë¤³¤È¤Ç¡¢°Õ¿Þ¤»¤ºÉÔÀµ¤Êʸ½ñ¥Õ¥¡¥¤¥ë¤òÆɤ߹þ¤ß¡¢°­°Õ¤Î¹¶·â¤ò¼Â¹Ô¤µ¤»¤Æ¤·¤Þ¤¦¶²¤ì¤¬¤¢¤ê¤Þ¤¹¡£

Ëܥ⥸¥å¡¼¥ë¤Ïº£²óȯ¸«¤µ¤ì¤¿ÀȼåÀ­¤ò½¤Àµ¤¹¤ë¤â¤Î¤Ç¡¢¤³¤ì¤òƳÆþ¤¹¤ë¤³¤È¤Ë¤è¤ê¸¶°ø¤È¤Ê¤ë²Õ½ê¤Ë¤ª¤¤¤ÆÉÔÀµ¤ÊÆ°ºî¤ÏȯÀ¸¤·¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£

¥»¥­¥å¥ê¥Æ¥£¹¹¿·¥â¥¸¥å¡¼¥ëƳÆþ¤Ë¤«¤«¤ï¤é¤º¡¢¿È¤Ë³Ð¤¨¤Î¤Ê¤¤ÅŻҥ᡼¥ë¤ËźÉÕ¤µ¤ì¤Æ¤¤¤ëʸ½ñ¥Õ¥¡¥¤¥ë¡¢Ê¤Ӥˡ¢¿®ÍêÀ­¤¬Êݾڤµ¤ì¤Æ¤¤¤Ê¤¤Web¥µ¥¤¥È¤Ê¤É¤Ë¤¢¤ë¡¢½Ð½ê¤ÎÉÔÌÀ¤Êʸ½ñ¥Õ¥¡¥¤¥ë¤ò³«¤«¤Ê¤¤¤è¤¦¡¢¤´Ãí°Õ¤¯¤À¤µ¤¤¡£

¥¸¥ã¥¹¥È¥·¥¹¥Æ¥àÀ½ÉʤÎÀȼåÀ­¤ò°­ÍѤ·¤¿ÉÔÀµ¤Ê¥×¥í¥°¥é¥à¤Î¼Â¹Ô´í¸±À­¤Ë¤Ä¤¤¤Æ, ¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à, 2007ǯ12·î14Æü

¤¤¤Á¤ª¤¦¡¢¡Ö¥ê¥ó¥¯¤ò¥¯¥ê¥Ã¥¯¤¹¤ë¤³¤È¤Ç¡×¤È½ñ¤«¤ì¤Æ¤¤¤ë¡£¤³¤ì¤Î°ÕÌ£¤¹¤ë¤È¤³¤í¤ò¸«Æ¨¤µ¤Ê¤±¤ì¤Ð¡¢Àµ¤·¤¤ÊóÆ»¤¬¤Ç¤­¤ë¤Ï¤º¤Ê¤Î¤Ë¡¢Ã¯¤â¤ä¤Ã¤Æ¤¤¤Ê¤¤¡£

¤½¤ì¤Ï¡¢¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¤Î¤³¤Îȯɽʸ¤Î½ÐÍ褬°­¤¤¤³¤È¤ò°ÕÌ£¤¹¤ë¡£¡Ö¥ê¥ó¥¯¤ò¥¯¥ê¥Ã¥¯¤·¤¿¸å¡¢¥À¥¦¥ó¥í¡¼¥É¤Î³Îǧ²èÌ̤ǡس«¤¯¡Ù¤òÁªÂò¤¹¤ë¤È¡×¤È¤¤¤¦°ÕÌ£¤À¤È¸í²ò¤¹¤ëÆɼԤ⤤¤ë¤À¤í¤¦¡£ÅÁ¤¨¤ë¤Ù¤­¤Ï¡¢¡Ö°­°Õ¤¢¤ëWeb¥µ¥¤¥È¤òˬ¤ì¤¿¤À¤±¤Ç¡×¤È¤¤¤¦¤³¤È¤Ê¤Î¤À¤¬¡¢¤½¤ì¤ò½ñ¤¤¤Æ¤¤¤Ê¤¤¡£

¡Ö·Ð±ÄȽÃǡפǤ虜¤È¤½¤ì¤ò½ñ¤«¤Ê¤¤¤è¤¦¤Ë¤·¤Æ¤¤¤ë¤Î¤«¤È¤â»×¤¨¤ë¤È¤³¤í¤À¤¬¡¢¼ÂºÝ¤Î¤È¤³¤í¡¢¤³¤Îȯɽʸ¤Ï10·î¤Î¤È¤­¤Îȯɽʸ¤ò¥³¥Ô¥Ú¤·¤¿¤À¤±¤À¡£

¤â¤·¡¢°ì¼¡¾ðÊ󸻤Ǥ¢¤ë Symantec¤¬¡Ö°­°Õ¤¢¤ëWeb¥µ¥¤¥È¤òˬ¤ì¤¿¤À¤±¤Ç¡×¤È½ñ¤¤¤Æ¤¯¤ì¤¿¤Ê¤é¡¢´í¸±À­¤ÏÀµ¤·¤¯¼þÃΤµ¤ì¤¿¤À¤í¤¦¡£

Symantec¤Ë¤½¤ì¤¬¤Ç¤­¤Ê¤¤¤Î¤Ï¡¢Èà¤é¤ÏÀȼåÀ­Ê¬ÀϤΥץí¤Ç¤Ï¤Ê¤¤¤«¤é¤À¡£Èà¤é¤Ï¡¢¸Ä¡¹¤Î¥Þ¥ë¥¦¥§¥¢¤ÎµóÆ°¤òʬÀϤ¹¤ë¥ê¥Ð¡¼¥¹¥¨¥ó¥¸¥Ë¥¢¥ê¥ó¥°¤Î¥×¥í¥Õ¥§¥Ã¥·¥ç¥Ê¥ë¤Ç¤Ï¤¢¤ë¤¬¡¢ÀȼåÀ­¤Î±Æ¶ÁÈϰϤòɾ²Á¤¹¤ë¥×¥í¤Ç¤Ï¤Ê¤¤¡£Èà¤é¤Î»Å»ö¤Ï¡¢¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¤òÇä¤ë¤³¤È¤Ç¤¢¤ê¡¢ÀȼåÀ­¤Î´í¸±À­¤ò¼Ò²ñ¤ËÅÁ¤¨¤ë¤³¤È¤Ç¤Ï¤Ê¤¤¡£Æ±¤¸1¤Ä¤ÎÀȼåÀ­¤òÆͤ¯Ê£¿ô¤Î¥Þ¥ë¥¦¥§¥¢¤¬¼¡¡¹¤ÈÅо줹¤ì¤Ð¡¢¤½¤ì¤é¤Ò¤È¤Ä¤Ò¤È¤Ä¤¬¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¤Î¥Ñ¥¿¡¼¥ó¥Õ¥¡¥¤¥ë¤ËÅÐÏ¿¤µ¤ì¡¢¤½¤ì¤ÏÈà¤é¤Î¥½¥Õ¥È¤ÎÂкöǽÎϤθþ¾å¤ò°ÕÌ£¤¹¤ë¤¬¡¢¤½¤ì¤òÀȼåÀ­Ã±°Ì¤Ç¤Ò¤È³ç¤ê¤Ë¤·¤Æ¤Ï¤à¤·¤í»¤Ë¤Ê¤Ã¤Æ¤·¤Þ¤¦¡£¤Þ¤¿¡¢¥¦¥¤¥ë¥¹¤ÏÀȼåÀ­¤òÆͤ«¤Ê¤¯¤Æ¤â´¶À÷¤·ÆÀ¤ë¤â¤Î¤Ê¤Î¤Ç¡¢Èà¤é¤Î¥Ó¥¸¥Í¥¹¤Ë¤È¤Ã¤ÆÀȼåÀ­Ê¬ÀϤÏɬÍפǤϤʤ¤¡£

Symantec¤¬ÀȼåÀ­¤Ë¤Ä¤¤¤ÆÁǿͤǤ¢¤ë¤³¤È¤Ï¡¢Èà¤é¤¬¡Östack overflow¡×¤È¸í¤Ã¤¿ÍѸì¤ò»È¤Ã¤Æ¤¤¤ë¤³¤È¤«¤é¤â¤ï¤«¤ë¡£¥¹¥¿¥Ã¥¯¤¬¥ª¡¼¥Ð¡¼¥Õ¥í¡¼¤¹¤ë¤ï¤±¤Ç¤Ï¤Ê¤¤¡£Èà¤é¤Îblogµ­»ö¤«¤é¥ê¥ó¥¯¤µ¤ì¤Æ¤¤¤ëSecurityFocus¤ÎÀȼåÀ­¥Ç¡¼¥¿¥Ù¡¼¥¹¤Ç¤Ï¡ÖStack Buffer Overflow Vulnerability¡×¤È½ñ¤«¤ì¤Æ¤ª¤ê¡¢¤â¤¦¾¯¤·Àµ³Î¤Ë¸À¤¦¤È¤­¤Ï¡Östack-based buffer overflow¡×¤È¸À¤¦¡£¥ª¡¼¥Ð¡¼¥Õ¥í¡¼¤¹¤ë¤Î¤Ï¥Ð¥Ã¥Õ¥¡¤Ç¤¢¤ê¡¢Åö³º¥Ð¥Ã¥Õ¥¡¤¬¥¹¥¿¥Ã¥¯¾å¤Ë¤¢¤ë¥¿¥¤¥×¡Ê¥Ò¡¼¥×¤Ç¤Ï¤Ê¤¯¡Ë¤È¤¤¤¦°ÕÌ£¤Ç¤¢¤ë¡£

The malicious document uses a unicode stack overflow to execute its code on the system, dropping and executing a Trojan horse named Backdoor.Papi.

Justsystem's Ichitaro zero-day used to propogate Trojan, John Canavan, Symantec, 2007ǯ12·î13Æü

The exploit causes a stack overflow in the application (JustSystem Ichitaro JSGCI.DLL Unspecified Stack Buffer Overflow Vulnerability) and then seizes execution control to drop a Backdoor.

Zero-day Vulnerabilities: Following the Trailblazers, Hon Lau, Symantec, 2007ǯ12·î13Æü

¤¢¤ë¤¤¤Ï¡¢Èà¤é¤Ë¤È¤Ã¤Æ¡¢ÆüËܤǤ·¤«»È¤ï¤ì¤Æ¤¤¤Ê¤¤¥½¥Õ¥È¥¦¥§¥¢¤ÎÀȼåÀ­¤Ï¡¢¤É¤¦¤Ç¤â¤è¤¤¤³¤È¤Ê¤Î¤«¤â¤·¤ì¤Ê¤¤¡£¤³¤ÎÀȼåÀ­¤Î±Æ¶ÁÈϰϤòÃΤë¤Ë¤Ï¡¢°ìÂÀϺ¤òÆþ¼ê¤·¤Æ¥¤¥ó¥¹¥È¡¼¥ë¤¹¤ë¤Ê¤É¤·¤Æ¡¢plug-in¤Î¸ºß¤Ëµ¤¤Å¤¯É¬Íפ¬¤¢¤ë¤¬¡¢¥Þ¥ë¥¦¥§¥¢¤¬¥Ð¥Ã¥Õ¥¡¥ª¡¼¥Ð¡¼¥Õ¥í¡¼ÀȼåÀ­¤òÆͤ¤¤Æ¤¤¤ë¤³¤È¤Ï¡¢°ìÂÀϺ¤òÆþ¼ê¤·¤Ê¤¯¤Æ¤âʬÀϤǤ­¤ë¡£°ìÂÀϺ¤òÆþ¼ê¤·¤Æ¤Þ¤Ç¤½¤Î±Æ¶ÁÈϰϤòõ¤ë¤³¤È¤Ï¡¢³°¹ñ´ë¶È¤Ç¤¢¤ëÈà¤é¤Ë¤È¤Ã¤Æ´Ø¿´¤Î¤Ê¤¤¤³¤È¤Ê¤Î¤«¤â¤·¤ì¤Ê¤¤¡£

ÆüËÜ¿ÍSymantec¼Ò°÷¤ÏÈóÆüËܹṉ̃¤«

¤â¤¦¤Ò¤È¤Ä¤ÎÌäÂê¤Ï¡¢¼ç¤ËÆüËܹñ¤Ë±Æ¶Á¤òµÚ¤Ü¤¹ÀȼåÀ­¤Ç¤¢¤ê¤Ê¤¬¤é¡¢¤½¤Î±Æ¶ÁʬÀϤ¬³°¹ñ¤Î´ë¶È¤Ç¤·¤«¹Ô¤¨¤Ê¤¤¾õÂ֤ˤʤäƤ¤¤ë¤³¤È¤Ç¤¢¤ë¡£

¥¦¥¤¥ë¥¹¸¡ÂΤϡ¢´ðËÜŪ¤Ë¡¢¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¥Ù¥ó¥À¡¼¤Î³°¤ËÄ󶡤µ¤ì¤ë¤³¤È¤Ï¤Ê¤¤¤À¤í¤¦¡£º£²ó¤Î¤è¤¦¤Ê¥±¡¼¥¹¤Ç¤Ï¡¢°ìÂÀϺ¤ÎÀ½Â¤¸µ¤Ç¤¢¤ë¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¤ËÂФ·¤Æ¡¢ÀȼåÀ­¤ò½¤Àµ¤¹¤ë¤Î¤ËɬÍפʾðÊó¤È¤·¤Æ¸¡ÂΤ¬Ä󶡤µ¤ì¤Æ¤¤¤ë¤À¤í¤¦¤¬¡¢¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¤â¡¢¤½¤ì¤ò³°Éô¤ËÄ󶡤¹¤ë¤³¤È¤Ï¤Ê¤¤¤À¤í¤¦¡£

¤½¤¦¤¹¤ë¤È¡¢Â¾¤Îï¤âÀȼåÀ­¤Î¾ÜºÙ¤ò³Îǧ¤¹¤ë¤³¤È¤¬¤Ç¤­¤º¡¢±Æ¶ÁÈϰϤˤĤ¤¤Æ²±Â¬¤Ç¤·¤«¸ì¤ë¤³¤È¤¬¤Ç¤­¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¦¡£8·î¤Î¤È¤­¤Î»ä¤Î¤è¤¦¤Ë¡£

ÆüËܹñ¤Ï¡¢·ÐºÑ»º¶È¾Ê¤Î¹ð¼¨¤Ë´ð¤Å¤­¡¢ÀȼåÀ­¾ðÊó¤Î¼è¤ê°·¤¤ÂÎÀ©¤ò¹½ÃÛ¤·¤Æ¤¤¤ë¡£¹ð¼¨¤Ï¡¢¡Öȯ¸«¼Ô´ð½à¡×¤ò¼¡¤Î¤è¤¦¤ËÄê¤á¤Æ¤¤¤ë¡£

  • ¥½¥Õ¥È¥¦¥¨¥¢ÅùÀȼåÀ­´ØÏ¢¾ðÊó¼è°·´ð½à, Ê¿À®16ǯ·ÐºÑ»º¶È¾Ê¹ð¼¨Âè235¹æ

    ­¸¡¥ËÜ´ð½à¤ÎŬÍÑÈÏ°Ï

    ËÜ´ð½à¤Ï¡¢°Ê²¼¤Ë·Ç¤²¤ë¤â¤Î¤ÎÀȼåÀ­¤Ç¤¢¤Ã¤Æ¡¢¤½¤ÎÀȼåÀ­¤Ëµ¯°ø¤¹¤ëÈï³²¤¬ÉÔÆÃÄê¿¿ô¤Î¼Ô¤Ë±Æ¶Á¤òµÚ¤Ü¤·ÆÀ¤ë¤â¤Î¤ËŬÍѤ¹¤ë¡£

    £±¡¥ÆüËܹñÆâ¤ÇÍøÍѤµ¤ì¤Æ¤¤¤ë¥½¥Õ¥È¥¦¥¨¥¢À½ÉÊ
    ¡Ê¥½¥Õ¥È¥¦¥¨¥¢À½Éʤˤª¤¤¤ÆÄÌ¿®¥×¥í¥È¥³¥ëÅù¤Î»ÅÍͤò¼ÂÁõ¤·¤¿Éôʬ¤ò´Þ¤à¡£¡Ë

    £²¡¥¼ç¤ËÆüËܹñÆ⤫¤é¤Î¥¢¥¯¥»¥¹¤¬ÁÛÄꤵ¤ì¤Æ¤¤¤ë¥¦¥§¥Ö¥µ¥¤¥È¤Ç²ÔƯ¤¹¤ë¥¦¥§¥Ö¥¢¥×¥ê¥±¡¼¥·¥ç¥ó

    ­¹¡¥Âоݤ¬¥½¥Õ¥È¥¦¥¨¥¢À½ÉʤǤ¢¤ë¾ì¹ç¤ÎÀȼåÀ­´ØÏ¢¾ðÊó¼è°·´ð½à

    °ì¡¥È¯¸«¼Ô¤¬À½Éʳ«È¯¼Ô¤Ç¤Ï¤Ê¤¤¡¢Ëô¤Ï¡¢È¯¸«¼Ô¤¬À½Éʳ«È¯¼Ô¤Ç¤¢¤êȯ¸«¼ã¤·¤¯¤Ï¼èÆÀ¤·¤¿ÀȼåÀ­´ØÏ¢¾ðÊó¤Î±Æ¶ÁÈϰϤ¬¼«¼Ò¤Î¥½¥Õ¥È¥¦¥¨¥¢À½Éʤ˸¤é¤Ê¤¤¾ì¹ç

    Âоݤ¬¥½¥Õ¥È¥¦¥¨¥¢À½ÉʤǤ¢¤ê¡¢¤«¤Ä¡¢È¯¸«¼Ô¤¬À½Éʳ«È¯¼Ô¤Ç¤Ï¤Ê¤¤¡¢Ëô¤Ï¡¢È¯¸«¼Ô¤¬À½ÉÊ ³«È¯¼Ô¤Ç¤¢¤êȯ¸«¼ã¤·¤¯¤Ï¼èÆÀ¤·¤¿ÀȼåÀ­´ØÏ¢¾ðÊó¤Î±Æ¶ÁÈϰϤ¬¼«¼Ò¤Î¥½¥Õ¥È¥¦¥¨¥¢À½Éʤ˸ ¤é¤Ê¤¤¾ì¹ç¤Ë¤ª¤±¤ëÀȼåÀ­´ØÏ¢¾ðÊó¤Î¼è°·¤¤¤Îή¤ì¤ò°Ê²¼¤Ë¼¨¤¹¡£

    ¡Êüñ¡Ëȯ¸«¼Ô¤Ï¡¢ÀȼåÀ­´ØÏ¢¾ðÊó¤ò¼õÉÕµ¡´Ø¤ËÆϤ±½Ð¤ë¡£

    ¡Êά¡Ë

    £±¡¥È¯¸«¼Ô´ð½à

    ¡Ê£±¡Ëȯ¸«¼Ô¡Ê¼«¤é³«È¯Åù¤ò¹Ô¤Ã¤¿¥½¥Õ¥È¥¦¥¨¥¢À½Éʤ˱ƶÁÈϰϤ¬¸Â¤é¤ì¤ë¤Èǧ¤á¤é¤ì¤ëÀȼåÀ­´ØÏ¢¾ðÊó¤òȯ¸«Ëô¤Ï¼èÆÀ¤·¤¿À½Éʳ«È¯¼Ô¤ò½ü¤¯¡£¡Ë¤Ï¡¢È¯¸«Ëô¤Ï¼èÆÀ¤·¤¿ÀȼåÀ­´ØÏ¢¾ðÊó¤ò·ÐºÑ»º¶ÈÂç¿Ã¤¬Ê̤˻ØÄꤹ¤ë¼õÉÕµ¡´Ø¤ËÆϤ±½Ð¤ë¤³¤È¡£¤¿¤À¤·¡¢Åö³ºÀ½Éʳ«È¯¼Ô¤ËÂФ·Æ±¤¸ÆâÍƤòÆϤ±½Ð¤ë¤³¤È¤ò˸¤²¤Ê¤¤¡£

    ¡Ê£²¡Ëȯ¸«¼Ô¤Ï¡¢°Ê²¼¤ÎÅÀ¤òÌÀ¼¨¤·¤¿¾å¤ÇÀȼåÀ­´ØÏ¢¾ðÊó¤òÆϤ±½Ð¤ë¤³¤È¡£¡Êά¡Ë

    ¡Ê£³¡Ë°ãË¡¤ÊÊýË¡¤Ë¤è¤êÀȼåÀ­´ØÏ¢¾ðÊó¤òȯ¸«Ëô¤Ï¼èÆÀ¤·¤Ê¤¤¤³¤È¡£

    ¡Ê£´¡Ëȯ¸«¼Ô¤Ï¡¢Åö³ºÀȼåÀ­¾ðÊ󤬼õÉÕµ¡´ØµÚ¤ÓÄ´À°µ¡´Ø¤«¤é¸øɽ¤µ¤ì¤ë¤Þ¤Ç¤Î´Ö¡¢Åö³ºÀȼåÀ­´ØÏ¢¾ðÊó¤òÂè»°¼Ô¤Ëϳ¤¨¤¤¤·¤Ê¤¤¤è¤¦Å¬Àڤ˴ÉÍý¤¹¤ë¤³¤È¡£¤¿¤À¤·¡¢Åö³ºÀȼåÀ­´ØÏ¢¾ðÊó ¤òÀµÅö¤ÊÍýͳ¤Ë¤è¤êÂè»°¼Ô¤Ë³«¼¨¤¹¤ë¾ì¹ç¡¢¤¢¤é¤«¤¸¤á¼õÉÕµ¡´Ø¤ËÌ䤤¹ç¤ï¤»¤ò¤¹¤ë¤³¤È¡£

    ¡Êά¡Ë

°ìÂÀϺ¤ÎÀȼåÀ­¤Ï 8·ïȯ³Ð¤·¤Æ¤¤¤ë¤ï¤±¤À¤¬¡¢°­ÍѤµ¤ì¤ëÁ°¤Ëȯ¸«¤µ¤ì¤¿ 3·ï*1¤ò½ü¤¯¡¢zero-day¹¶·â¤Ë°­ÍѤµ¤ì¤¿ 5·ï¤ÎÀȼåÀ­¤Ë¤Ä¤¤¤Æ¸«¤Æ¤ß¤ë¤È¡¢¤½¤Î¤É¤ì¤â¡¢ÀȼåÀ­´ØÏ¢¾ðÊó¼è°·´ð½à¤Ë§¤Ã¤¿½èÍý¤¬¹Ô¤ï¤ì¤Æ¤¤¤Ê¤¤¤è¤¦¤À¡£JVN¤Î VN-JP¤ò¸«¤ë¤È¡¢°­ÍѤµ¤ì¤ëÁ°¤Ëȯ¸«¤µ¤ì¤ÆÆϤ±½Ð¤é¤ì¤¿ 3·ï¤Î¤â¤Î¤·¤«·ÇºÜ¤µ¤ì¤Æ¤¤¤Ê¤¤¡£

¤Ä¤Þ¤ê¡¢ÀȼåÀ­¤Îȯ¸«¼Ô¤Ç¤¢¤ë Symantec¤Ï¡¢IPA¤ËÀȼåÀ­¾ðÊó¤òÆϤ±¤Æ¤¤¤Ê¤¤¤È¿äÄꤵ¤ì¤ë¡£

¤â¤Ã¤È¤â¡¢ÆüËܹñ¤Î·ÐºÑ»º¶È¾Ê¹ð¼¨¤¬¡¢Êƹñ¤Î²ñ¼Ò¤Ë¤ÏµÚ¤Ö¤³¤È¤Ï¤Ê¤¤¤Î¤«¤â¤·¤ì¤Ê¤¤¡£¤À¤¬¡¢Á°½Ò¤Î Symantec Security Response Weblog ¤ÎÃø¼Ô¤ò¸«¤ë¤È¡¢³°¹ñ¿Í»á̾¤Î̾Á°¤Ëʤó¤Ç¡¢¡ÖShunichi Imano¡×¡¢¡ÖJoji Hamada¡×¤È¤¤¤¦ÆüËܿͤդ¦¤Î̾Á°¤¬¤¢¤ë¡£

¤â¤Ã¤È¤â¡¢¤³¤Î2̾¤¬ÆüËܹṉ̃¤«¤Ï¤ï¤«¤é¤Ê¤¤¤·¡¢ÆüËܤ˵サ¤·¤Æ¤¤¤ë¤«¡¢¶Ð̳À褬ÆüËܤ˸ºß¤¹¤ë¤Î¤«¤â¤ï¤«¤é¤Ê¤¤¤Î¤Ç¡¢·ÐºÑ»º¶È¾Ê¹ð¼¨¤ÎµÚ¤ÖÂоݤ«¤É¤¦¤«¤Ï¤ï¤«¤é¤Ê¤¤¡£

Èó¹ṉ̃¤Ïï¡©

¤Ç¤Ï¡¢zero-day¹¶·â¤ÎɸŪ¤Ë¤µ¤ì¤¿¡¢¥¦¥¤¥ë¥¹¸¡ÂΤÎÄ󶡼ԤǤ¢¤ë¤È¤³¤í¤Î¡¢Ææ¤ÎÁÈ¿¥¤Ï¤É¤¦¤À¤í¤¦¤«¡£¤½¤ì¤¬ÆüËܤÎÀ¯Éܵ¡´Ø¤Ç¤¢¤ë²ÄǽÀ­¤Ï¹â¤¤¤·¡¢¾¯¤Ê¤¯¤È¤âÆüËܤ˴ط¸¤¹¤ëÁÈ¿¥¤Ç¤¢¤ë¤³¤È¤Ïµ¿¤¤¤Î;ÃϤ¬¤Ê¤¤¤À¤í¤¦¡£

ÆüËܤÎÀ¯ÉÜÁÈ¿¥¤¬¡¢·ÐºÑ»º¶È¾Ê¹ð¼¨¤ò̵»ë¤·¤Æ¡¢³°¹ñ´ë¶È¤Ë¾ðÊóÄ󶡤·¤Æ¤¤¤ë¤Î¤À¤í¤¦¤«¡© ¤Þ¤µ¤«¤½¤ì¤Ï¤Ê¤¤¤À¤í¤¦¡£¤»¤¤¤¼¤¤¡¢Ã±¤Ë¡¢ÆüËܤÎÀ¯ÉÜÁÈ¿¥¤Ë½ê°¤¹¤ë¾ðÊó¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬¡¢ÆÈÃÇ¤Ç Symantec¤Ë¾ðÊó¤òή¤·¤Æ¤¤¤ë²ÄǽÀ­¤ÎÊý¤¬¤¢¤êÆÀ¤½¤¦¤ÊÏäÀ¡£

¤¿¤À¡¢¼õ¿®¤·¤¿¥¦¥¤¥ë¥¹¤ò Symantec¤ËÄ󶡤¹¤ë¹Ô°Ù¤Ï¡¢Ä¾¤Á¤Ë¡¢¹ð¼¨¤ò̵»ë¤·¤¿ÇØ¿®¹Ô°Ù¤È¤Þ¤Ç¤Ï¸À¤¨¤Ê¤¤¡£¤Ê¤¼¤Ê¤é¡¢¡ÖÀȼåÀ­¤òȯ¸«¤·¤¿¤ï¤±¤Ç¤Ï¤Ê¤¤¡×¤È¤¤¤¦¹³ÊÛ¤¬²Äǽ¤À¤«¤é¤À¡£ÀȼåÀ­¤Îȯ¸«¼Ô¤Ï Symantec¼Ò¤Ç¤¢¤ê¡¢¸¡ÂΤÎÄ󶡼ԤÏÀȼåÀ­¤Îȯ¸«¤ò¤·¤Æ¤¤¤Ê¤¤¤Î¤À¤È¡£

¤·¤«¤·¤É¤¦¤À¤í¤¦¡© 2006ǯ8·î¤Î½é²ó¤Ï¤½¤Î¤è¤¦¤Ê¹Í¤¨Êý¤âÍý²ò¤Ç¤­¤ë¤¬¡¢¤½¤Î¸å¡¢Æ±Íͤ˷«¤êÊÖ¤·µ¯¤­¤¿ 4·ï¤Ë¤Ä¤¤¤Æ¤Ï¤É¤¦¤«¡£Æ±¤¸ÁÈ¿¥¤Ê¤¤¤·¿Íʪ¤¬Ä󶡤·¤Æ¤¤¤ë¤Î¤Ê¤é¡¢¡Ö¿·¤¿¤Ê̤ÃΤÎÀȼåÀ­¤òÆͤ¯¤â¤Î¤«¤â¤·¤ì¤Ê¤¤¡×¤Èǧ¼±¤·¤Ä¤Ä¡¢Symantec¤ËÄ󶡤·¤¿¤Î¤Ç¤Ï¤Ê¤«¤í¤¦¤«¡©

³°¹ñ´ë¶È¤Ë¾ðÊóÄ󶡤¹¤ë¤³¤È¤¬°­¤¤¤³¤È¤È¸À¤Ã¤Æ¤¤¤ë¤Î¤Ç¤Ï¤Ê¤¤¡£¾¯¤Ê¤¯¤È¤â¡¢¹ð¼¨¤Î´ð½à¤Ë½¾¤¦¤Ù¤­¤À¤í¤¦¡£Ì±´Ö¿Í¤Ê¤é¤Þ¤À¤·¤â¡¢¸ø̳°÷¤Ê¤éÅöÁ³¤Ë¡£

¤È¤Ï¤¤¤¨¡¢¤½¤¦ÀÕ¤á¤é¤ì¤ë¤â¤Î¤Ç¤â¤Ê¤¤¤«¤â¤·¤ì¤Ê¤¤¡£¥¦¥¤¥ë¥¹¸¡ÂΤò Symantec¤ËÄ󶡤·¤Æ¤¤¤ë¿Íʪ¤¬¡¢Ã±¤Ê¤ë ITÁǿͤʤÀ¤±¤«¤â¤·¤ì¤Ê¤¤¡£¡Ö¥»¥­¥å¥ê¥Æ¥£¤È¤¤¤¨¤Ð¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¡×¤È¤¤¤¦Ç§¼±¤ÎÁǿͤǤ¢¤ì¤Ð¡¢¥·¥Þ¥ó¥Æ¥Ã¥¯¤ä¥È¥ì¥ó¥É¥Þ¥¤¥¯¥í¤ËÁêÃ̤¹¤ì¤ÐÏäϤ¹¤Ù¤Æ²ò·è¤·¤Æ¤¯¤ì¤ë¤È»×¤Ã¤Æ¤¤¤ë¤Î¤Ç¤Ï¤Ê¤«¤í¤¦¤«¡£

¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¼Ò¤â·ÐºÑ»º¶È¾Ê¹ð¼¨¤ò̵»ë¡©

¤½¤Î°ÕÌ£¤Ç¤Ï¡¢°ìÂÀϺ¤ÎÀ½Â¤¸µ¤Ç¤¢¤ë¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¼Ò¤â¡¢¡Ö¥»¥­¥å¥ê¥Æ¥£¤È¤¤¤¨¤Ð¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È¤Î¤³¤È¡×¤È¤¤¤¦Ç§¼±¤Î ITÁǿͤǤ¢¤ëµ¿¤¤¤¬¤¢¤ë¡£¤³¤ì¤Ë¤Ä¤¤¤Æ¤Ï10·î30Æü¤ÎÆüµ­¤Î¡Ö¥Ñ¥½¥³¥ó½é¿´¼ÔʤߤÎǧ¼±¤Î¥½¥Õ¥È²ñ¼Ò¡×¤ÎÀá¤Ç½ñ¤¤¤¿¡£¥·¥Þ¥ó¥Æ¥Ã¥¯¤¬¥¦¥¤¥ë¥¹¤Î´¶À÷¾õ¶·¤ò¡ÖRisk Level 1: Very Low¡×¤Èȯɽ¤·¤¿¤â¤Î¤ò¡¢ÀȼåÀ­¤Î´í¸±À­¤È¼è¤ê°ã¤¨¤Æ¡Ö´í¸±ÅÙȽÄꡧÄã¡×¤Ê¤É¤Èȯɽ¤¹¤ëÁǿ֤ͤê¤À¤Ã¤¿¡£

¤½¤ì¤À¤±¤Ç¤Ï¤Ê¤¤¡£¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¼Ò¤â·ÐºÑ»º¶È¾Ê¹ð¼¨¤ò̵»ë¤·¤Æ¤¤¤ë¤È¸À¤¨¤ë¤«¤â¤·¤ì¤Ê¤¤¡£¤³¤Î¹ð¼¨¤Ë¤Ï¼¡¤ÎÄê¤á¤â¤¢¤ë¡£

  • ¥½¥Õ¥È¥¦¥¨¥¢ÅùÀȼåÀ­´ØÏ¢¾ðÊó¼è°·´ð½à, Ê¿À®16ǯ·ÐºÑ»º¶È¾Ê¹ð¼¨Âè235¹æ

    Æó¡¥È¯¸«¼Ô¤¬À½Éʳ«È¯¼Ô¤Ç¤¢¤ê¡¢È¯¸«Ëô¤Ï¼èÆÀ¤·¤¿ÀȼåÀ­´ØÏ¢¾ðÊó¤Î±Æ¶ÁÈϰϤ¬¼«¼Ò¤Î¥½¥Õ¥È¥¦¥¨¥¢À½Éʤ˸¤é¤ì¤ë¾ì¹ç

    Âоݤ¬¥½¥Õ¥È¥¦¥¨¥¢À½ÉʤǤ¢¤ê¡¢¤«¤Ä¡¢È¯¸«¼Ô¤¬À½Éʳ«È¯¼Ô¤Ç¤¢¤ê¡¢È¯¸«Ëô¤Ï¼èÆÀ¤·¤¿Àȼå À­´ØÏ¢¾ðÊó¤Î±Æ¶ÁÈϰϤ¬¼«¼Ò¤Î¥½¥Õ¥È¥¦¥¨¥¢À½Éʤ˸¤é¤ì¤ë¾ì¹ç¤Ë¤ª¤±¤ë´Ø·¸¼Ô¤Î¹ÔÆ°´ð½à¤ò °Ê²¼¤ËÄê¤á¤ë¡£

    ¡Ê£±¡ËÀ½Éʳ«È¯¼Ô¤Ï¡¢¼«¤é³«È¯Åù¤ò¹Ô¤Ã¤¿¥½¥Õ¥È¥¦¥¨¥¢À½Éʤ˱ƶÁ¤¬¸Â¤é¤ì¤ë¤Èǧ¤á¤é¤ì¤ëÀȼåÀ­´ØÏ¢¾ðÊó¤òȯ¸«Ëô¤Ï¼èÆÀ¤·¤¿¾ì¹ç¡¢ÂкöÊýË¡¤òºîÀ®¤·¡¢Åö³ºÀȼåÀ­´ØÏ¢¾ðÊóµÚ¤ÓÂкöÊýË¡¤ò¼õÉÕµ¡´ØµÚ¤ÓÄ´À°µ¡´Ø¤ËÄÌÃΤ¹¤ë¤³¤È¡£

    ¡Ê£²¡Ë¼õÉÕµ¡´ØµÚ¤ÓÄ´À°µ¡´Ø¤Ï¡¢¡Ê£±¡Ë¤Ë¤è¤ëÄÌÃΤò¼õ¤±¤¿¤È¤­¤Ï¡¢Åö³ºÀȼåÀ­¾ðÊóµÚ¤ÓÂкöÊýË¡¤ò¥¤¥ó¥¿¡¼¥Í¥Ã¥ÈÅù¤òÄ̤¸¤Æ¸øɽ¤¹¤ë¤³¤È¡£¤¿¤À¤·¡¢Ä´À°µ¡´Ø¤Ï¤½¤ì¤é¤ò¸øɽ¤¹¤Ù¤­Æü¤Ë¤Ä¤¤¤Æ¡¢Åö³ºÀ½Éʳ«È¯¼Ô¤«¤é°Õ¸«¤òÄ°¼è¤·¤¿¾å¤ÇÄê¤á¤ë¤³¤È¡£

¤³¤³¤Ç²ò¼á¤¬Èù̯¤Ë¤Ê¤ë¤Î¤Ï¡¢È¯¸«¼Ô¤¬³°¹ñ´ë¶È¤Ç¤¢¤Ã¤Æ¡¢¹ñÆâ¤Ç½é¤á¤Æ¤½¤Î»ö¼Â¤òÃΤ餵¤ì¤¿¤Î¤¬À½Éʳ«È¯¼Ô¤Ç¤¢¤ë¾ì¹ç¤Ë¡¢À½Éʳ«È¯¼Ô¤Ï¡Öȯ¸«¼Ô¡×¤È¸À¤¨¤ë¤Î¤«¤É¤¦¤«¤À¡£

¤Þ¤¿¡¢´û¤Ë¾¤«¤é¸øɽ¤µ¤ì¤Æ¤¤¤ë¾ðÊó¤ò¸µ¤ËÃΤ俾ì¹ç¤Ë¡Öȯ¸«¼Ô¡×¤È¸À¤¨¤ë¤Î¤«¤É¤¦¤«¤È¤¤¤¦ÅÀ¤â¤¢¤ë¡£ÆϽÐÍͼ°¤Ë¤Ï¡Ö¾ðÊó¤ÎÆþ¼êÀè¡×¤ÎÁªÂò»è¤È¤·¤Æ¡Ö¥¦¥§¥Ö¥µ¥¤¥È¤«¤éÆþ¼ê¡×¤âÍÑ°Õ¤µ¤ì¤Æ¤¤¤ë¤³¤È¤«¤é¡¢É¬¤º¤·¤â¸øÃΤξðÊó¤òÆϤ±½Ð¤Æ¤Ï¤Ê¤é¤Ê¤¤¤ï¤±¤Ç¤Ï¤Ê¤µ¤½¤¦¤À¤¬¡¢¸øÃΤÎƱ¤¸°Æ·ï¤¬¤¿¤¯¤µ¤ó¤Î¿Í¤Ë¤è¤Ã¤ÆÆϤ±½Ð¤é¤ì¤ë¤È¤¤¤¦¤Î¤â¾éŤǤ¢¤í¤¦¤«¤é¡¢´ðËÜŪ¤Ë¤Ï½é´üÃʳ¬¤ÇÃΤ俼Ԥ¬¡Öȯ¸«¼Ô¡×¤Ç¤¢¤í¤¦¡£

¤À¤¬¡¢¾ï¼±Åª¤Ë¹Í¤¨¤Æ¡¢¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¼Ò¤Ï¡Öȯ¸«¼Ô¡×¤Ë³ºÅö¤¹¤ë¤À¤í¤¦¡£¤Ê¤¼¤Ê¤é¡¢ÀȼåÀ­¤Î¸ºß¼«ÂΤϸøÃΤˤʤäƤ¤¤Æ¤â¡¢ÀȼåÀ­¤ÎºÆ¸½¼ê½ç¡ÊÆϽÐÍͼ°¤Çɬ¿Ü¤Îµ­Æþ¹àÌܡˤòÃΤäƤ¤¤ë¤Î¤Ï Symantec¤È¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¤À¤±¤À¤«¤é¤À¡£

¤½¤·¤Æ¡¢¤½¤Î¡ÖÀȼåÀ­¤ÎºÆ¸½¼ê½ç¡×¤¬ Symantec¼Ò¤È¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¼Ò¤Î¼ê¤Ë¤·¤«¤Ê¤¤¤¬¸Î¤Ë¡¢ÀȼåÀ­¤Î±Æ¶ÁÈϰϤòÀµ¤·¤¯ÆüËܹṉ̃¤ËÅÁ¤¨¤ë¤³¤È¤¬ÉÔ²Äǽ¤È¤Ê¤ê¡¢ÆüËܹñ¤Ë¤È¤Ã¤Æ¤Î¸ø±×¤¬Â»¤Ê¤ï¤ì¤Æ¤¤¤ë¡£

¤È¤Ï¤¤¤¨¡¢¥¸¥ã¥¹¥È¥·¥¹¥Æ¥à¼Ò¤Ï¡¢¥¦¥¤¥ë¥¹¤Î´¶À÷¾õ¶·¤ÈÀȼåÀ­¤Î´í¸±ÅÙ¤òº®Æ±¤¹¤ë¤è¤¦¤Ê ITÁǿͤʤΤǡ¢¤·¤«¤¿¤¬¤Ê¤¤¡£

¸½¹Ô¤ÎÆϽÐÀ©ÅÙ¤Ïzero-day¹¶·â¤ËÂбþ¤·¤Æ¤¤¤Ê¤¤

¤½¤¦¤¹¤ë¤È¡¢¸½¾õ¤Ç·ç¤±¤Æ¤¤¤ëÌäÂê¤Îº¬ËܤϤ³¤¦¤À¤í¤¦¡£

zero-day¹¶·â¤ÎɸŪ¤Ë¤µ¤ì¤¿ÁÈ¿¥¤¬¡¢¤½¤³¤Ë̤ÃΤÎÀȼåÀ­¤¬¤¢¤ë¤Èȯ¸«¤¹¤ë¤Ë»ê¤é¤Ê¤«¤Ã¤¿¤Ë¤·¤Æ¤â¡¢¸¡ÂΤò¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È²ñ¼Ò¤ËÄ󶡤¹¤ë¤Î¤Ç¤Ï¤Ê¤¯¡¢¹ñÆâ¤ÎŬÀڤʤȤ³¤í¤ËÆϤ±½Ð¤ë¤è¤¦¤Ê»ÅÁȤߤˤʤäƤ¤¤ì¤Ð¡¢¤½¤ì¤Ç¤è¤¤¤Ï¤º¤À¡£Ì¤ÃΤÎÀȼåÀ­¤¬Æͤ«¤ì¤Æ¤¤¤ë¤«¤Ï¡¢ÆϽФò¼õ¤±¤¿µ¡´Ø¤¬Ê¬ÀϤ¹¤ì¤Ð¤è¤¤¡£

¥¦¥¤¥ë¥¹¤ÎÆϽФȤ¤¤¨¤Ð¡¢IPA¤¬´û¤Ë¤ä¤Ã¤Æ¤¤¤ë¡£

¤³¤ì¤Ï1990ǯ¤«¤é¹Ô¤ï¤ì¤Æ¤¤¤ë¤â¤Î¤Ç¡¢Ê¿À®7ǯÄ̾¦»º¶È¾Ê¹ð¼¨Âè429¹æ¡Ö¥³¥ó¥Ô¥å¡¼¥¿¥¦¥¤¥ë¥¹Âкö´ð½à¡×¤Ë´ð¤Å¤¯¤â¤Î¤Ç¤¢¤ë¡£

¤·¤«¤·¡¢¤½¤ÎÆâÍƤϡ¢´ðËÜŪ¤Ë¡¢¥¦¥¤¥ë¥¹´¶À÷»ö¸ÎȯÀ¸»þ¤Î³Æ¼«¤ÎÂкö¤Î¤¢¤êÊý¤ò¼¨¤¹¤â¤Î¤Ç¤¢¤ê¡¢¡Ö»ö¸åÂбþ¡×¤È¤·¤Æ¡¢¡Ö¥¦¥¤¥ë¥¹Èï³²¤Î³ÈÂçµÚ¤ÓºÆȯ¤òËɻߤ¹¤ë¤¿¤á¡¢É¬ÍפʾðÊó¤ò·ÐºÑ»º¶ÈÂç¿Ã¤¬Ê̤˻ØÄꤹ¤ë¼Ô¤ËÆϤ±½Ð¤ë¤³¤È¡×¤È¤¤¤¦µ­½Ò¤Ï¤¢¤ë¤â¤Î¤Î¡¢¤³¤ì¤Ï¡¢zero-day¹¶·â»þ¤ÎÀȼåÀ­Ê¬ÀϤòÌÜŪ¤È¤·¤¿¤â¤Î¤Ç¤Ï¤Ê¤¤¡£

¼ÂºÝ¡¢¤³¤Î¡ÖÆϤ±½Ð¤ë¤³¤È¡×¤È¤¤¤¦Äê¤á¤Ï·Á³¼²½¤·¤Æ¤ª¤ê¡¢¥¦¥¤¥ë¥¹¤ò¸«¤«¤±¤Æ¤âÆϤ±¤Ê¤¤¿Í¡¢¥Í¥Ã¥È¥ï¡¼¥¯´ÉÍý¼Ô¡¢´ë¶È¤Ï¾¯¤Ê¤¯¤Ê¤¤¤À¤í¤¦¡£¤½¤ì¤Ï¡¢ÀΤΥ¦¥¤¥ë¥¹¤Ï´¶À÷¤¹¤ë¤³¤È¤Ç¼ê¤Ë¤¹¤ë¤â¤Î¤¬ÂçȾ¤À¤Ã¤¿¤Î¤ËÂФ·¡¢2000ǯ°Ê¹ß¤Ï¡¢¥á¡¼¥ë¤ÇÆϤ¯¥ï¡¼¥à¤Î¤è¤¦¤Ë¡¢´¶À÷¤¹¤ëÁ°¤Ë¼ê¸µ¤ËÆϤ¯¤è¤¦¤Ë¤Ê¤Ã¤¿¤¿¤á¡¢¡ÖÈï³²¤ËÁø¤Ã¤Æ¤â¤¤¤Ê¤¤¤Ê¤¤¤Î¤Ë¡¢¼õ¿®¤·¤¿¤À¤±¤Ç°ì¡¹ÆϤ±½Ð¤ë¤Ê¤ó¤Æ¡¢ÂÅÅöÀ­¤¬¤Ê¤¤¡×¤È¹Í¤¨¤é¤ì¤ë¤è¤¦¤Ë¤Ê¤Ã¤¿¤¿¤á¤À¤È»×¤¦¡£

¤³¤ÎÀ©ÅÙ¤¬Ìò¤ËΩ¤Ã¤Æ¤¤¤ë¤Î¤Ï¡¢Äê´üŪ¤Ëȯɽ¤µ¤ì¤ëÆϽзï¿ô¤Î¿ô»ú¤À¤±¤Ç¡¢¥¦¥¤¥ë¥¹¤¬Áý¤¨¤¿¤«¸º¤Ã¤¿¤«¤È¤¤¤Ã¤¿¼ÂÂÖÇÄ°®¤ÎÌÜŪ¤Ë¤·¤«¤Ê¤Ã¤Æ¤¤¤Ê¤¤¡£¡Ê´¶À÷µ¡Ç½¤ò»ý¤¿¤Ê¤¤Ã±È¯·¿¤Î¥È¥í¥¤¤¬Áý¤¨¤Æ¤¤¤ëºÇ¶á¤Ç¤Ï¡¢¤³¤ÎÁý¸º¾õ¶·¤Î¾ðÊ󤵤¨¿®ÍêÀ­¤¬Äã²¼¤·¤Æ¤¤¤ë¤È»×¤ï¤ì¤ë¡£¡Ë

¤Þ¤¿¡¢¤³¤Î¥¦¥¤¥ë¥¹¤ÎÆϽФȡ¢ÀȼåÀ­¤ÎÆϽФÏÏ¢·È¤·¤Æ¤ª¤é¤º¡¢ÁÈ¿¥¤âÊÌ¡¹¤Ë¤Ê¤Ã¤Æ¤¤¤ë¤È»ä¤ÏÍý²ò¤·¤Æ¤¤¤ë¡Ê¤¢¤Þ¤ê¤è¤¯ÃΤé¤Ê¤¤¤±¤É¤â¡Ë¡£

¥¦¥¤¥ë¥¹ÆϽÐÁë¸ý¤ÎÌÜŪ¤Ï¡¢¡Ö¤³¤ó¤Ê¥¦¥¤¥ë¥¹¤¬Î®¹Ô¤Ã¤Æ¤¤¤Þ¤¹¡ª¡×¤ÈÃí°Õ´­µ¯¤¹¤ë¤³¤È¤Ë¤¢¤ë¤¿¤á¡¢Áë¸ý¤Î´Ø¿´»ö¤Ï¡¢¤¢¤ëÄøÅ٤ε¬ÌϤdzȻ¶¤·¤Æ¤¤¤ë¥¦¥¤¥ë¥¹¤Î¾ðÊó¤Ë¤¢¤ê¡¢targeted attack¤Î¤è¤¦¤Ë¸ÄÊ̤ËÀìÍѤ˺î¤é¤ì¤¿¥Þ¥ë¥¦¥§¥¢¤Ë¤Ï¤ª¤½¤é¤¯´Ø¿´¤¬Ä㤤¤Ç¤¢¤í¤¦¡£¤½¤³¤Ë¡¢zero-dayÀȼåÀ­¤È¤¤¤¦µ®½Å¤Ê¾ðÊó¤¬Àø¤ó¤Ç¤¤¤Æ¤â¡¢¥¦¥¤¥ë¥¹ÆϽÐÁë¸ý¤Î´Ø¿´»ö¤Ç¤Ï¤Ê¤¤¤È»×¤ï¤ì¤ë¡£

¤Ä¤Þ¤ê¡¢º£É¬Íפʤ³¤È¤Ï¡¢Ì¤ÃΤÎÀȼåÀ­¤òÆͤ¤¤¿¥Þ¥ë¥¦¥§¥¢¤ò¼ý½¸¤Ç¤­¤ë¤è¤¦¡¢ÆϽФλÅÁȤߤòÊѤ¨¤ë¤³¤È¤Ç¤Ï¤Ê¤¤¤À¤í¤¦¤«¡£

¤â¤Ã¤È¤â¡¢IPA¤Ë¡¢¥Þ¥ë¥¦¥§¥¢¤ÎʬÀϤò¤¹¤ëǽÎϤϤʤ¤¤«¤â¤·¤ì¤Ê¤¤¡£Ê¬ÀϤò³°Ãí¤¹¤ë¤·¤«¤Ê¤¤¤«¤â¤·¤ì¤Ê¤¤¡£

·ë¶É¤Ï̱´Ö¤Î¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È²ñ¼Ò¤ËʬÀϤò³°Ãí¤¹¤ë¤³¤È¤Ë¤Ê¤ë¡Ê¥³¥¹¥ÈŪ¤Ë¤½¤ì¤¬ÂÅÅö¡Ë¤Î¤À¤È¤·¤Æ¤â¡¢¤½¤ì¤Ï¡¢Èï³²¼Ô¤«¤éľÀÜSymantec¤Ë¸¡ÂΤ¬Ä󶡤µ¤ì¤Æ¤·¤Þ¤Ã¤Æ¤¤¤ë¸½¾õ¤ÈƱ¤¸¤³¤È¤Ç¤Ï¤Ê¤¤¡£¤Ê¤¼¤Ê¤é¡¢Ä̾¥¦¥¤¥ë¥¹Âкö¥½¥Õ¥È²ñ¼Ò¤Î»Å»ö¤Ï¥Ñ¥¿¡¼¥ó¥Õ¥¡¥¤¥ë¤òºî¤ë¤³¤È¤Ç¤¢¤ê¡¢Ä󶡤µ¤ì¤¿¸¡ÂΤϥѥ¿¡¼¥ó¥Õ¥¡¥¤¥ë¤ÎºîÀ®¤Ë¤Î¤ßÍøÍѤµ¤ì¤ë¤È¤³¤í¡¢IPAÅù¤«¤é¤ÎȯÃí¤Ç¹Ô¤ï¤ì¤ëʬÀϤǤϡ¢¸ø±×¤Ë»ñ¤¹¤ë¤è¤¦Ê¬ÀÏÆâÍƤò»ØÄꤷ¡¢ÀȼåÀ­È¯¸«»þ¤ËÀȼåÀ­¤Î¾ÜºÙ¤òÊó¹ð¤¹¤ë¤³¤È¤òÌò̳¤È¤·¤Æ»ØÄê¤Ç¤­¤ë¤Ï¤º¤À¤«¤é¤À¡£

zero-day¹¶·â¤ò¸«¤Ä¤±¤ë¤¿¤á¤Ë¤¹¤Ù¤Æ¤Î¥¦¥¤¥ë¥¹¤ò½¸¤á¤ÆʬÀϤ¹¤ë¤È¤¤¤¦¤Î¤Ï¸½¼ÂŪ¤Ç¤Ê¤¤¤¬¡¢¾¯¤Ê¤¯¤È¤â¡¢À¯Éܵ¡´Ø¤ËÁ÷¤êÉÕ¤±¤é¤ì¤¿¥¦¥¤¥ë¥¹¤Ë¤Ä¤¤¤Æ¤Ï¼«¹ñ¤ÇʬÀϤ¹¤ë¤Î¤¬ÅöÁ³¤Ç¤Ï¤Ê¤¤¤«¡£³°ÃíÀ褬³°»ñ·Ï´ë¶È¤Ç¡¢¼ÂºÝ¤ÎʬÀϤ¬³°¹ñ¤Ç¹Ô¤ï¤ì¤ë¤³¤È¤Ï¡¢¤Þ¤¢¡¢¤·¤«¤¿¤Ê¤¤¤Ë¤·¤Æ¤â¡¢¹ñ¤ÎȯÃí¤Ë¤è¤Ã¤ÆʬÀϤµ¤»¤ë¤³¤È¤¬É¬ÍפǤ¢¤í¤¦¡£¤Þ¤·¤Æ¤ä¡¢zero-day¹¶·â¤Î°ì¼¡¾ðÊ󤬡¢³°¹ñ´ë¶È¤Î blog¤Ç¾¿Í»ö¤Î¤è¤¦¤Ë˽Ϫ¤µ¤ì¤¿µ­»ö¡ÊSymantec¤ÏÆþ¼ê¸µ¤òÌÀ¤é¤«¤Ë¤·¤Æ¤¤¤Ê¤¤¤¬¡Ë¤È¤¤¤¦¤Î¤Ï¡¢¹ñ¿«¤È¤È¤é¤¨¤Æ¤·¤«¤ë¤Ù¤­¤Ç¤Ï¤Ê¤¤¤«¡£

¢£ ÌÀ¸åÆü¡¢¡ÖSecurityDay2007¡×¤Ç¥Ñ¥Í¥ëƤÏÀ

ÌÀ¸åÆü18Æü¤Ï¡¢SecurityDay2007¤È¤¤¤¦¥¤¥Ù¥ó¥È¤Ç¡¢¥Ñ¥Í¥ëƤÏÀ¤ËÅÐÃŤ¹¤ë¡£²ñ¾ì¤Ï¡ÖÀÄ»³TEPIA 4³¬¥Û¡¼¥ë¡×¤È¤Î¤³¤È¡£

¢£ Äɵ­¡Ê24Æü¡Ë

18Æü¤Î¥Ñ¥Í¥ëƤÏÀ¤Î¥¹¥é¥¤¥É¤¬°Ê²¼¤Ë¤¢¤ë¡£

¤Þ¤¿¡¢¾å¤Î¡ÖÊóÆ»¤òʤ٤Ƥߤë¡×¤Î¤È¤³¤í¤ËÄɵ­¤·¤¿¡£

*1 Æ±»þ´ü¤Ë¸øɽ¤µ¤ì¤¿Ê£¿ô¤ÎÀȼåÀ­¤ò1·ï¤È¤·¤Æ¥«¥¦¥ó¥È¤·¤Æ¤¤¤ë¡£

¸¡º÷

<Á°¤ÎÆüµ­(2007ǯ12·î15Æü) ¼¡¤ÎÆüµ­(2007ǯ12·î22Æü)> ºÇ¿· ÊÔ½¸

ºÇ¶á¤Î¥¿¥¤¥È¥ë

2024ǯ03·î16Æü

2024ǯ03·î13Æü

2024ǯ03·î11Æü

2023ǯ03·î27Æü

2022ǯ12·î30Æü

2022ǯ12·î25Æü

2022ǯ06·î09Æü

2022ǯ04·î01Æü

2022ǯ01·î19Æü

2021ǯ12·î26Æü

2021ǯ10·î06Æü

2021ǯ08·î23Æü

2021ǯ07·î12Æü

2020ǯ09·î14Æü

2020ǯ08·î01Æü

2019ǯ10·î05Æü

2019ǯ08·î03Æü

2019ǯ07·î08Æü

2019ǯ06·î25Æü

2019ǯ06·î09Æü

2019ǯ05·î19Æü

2019ǯ05·î12Æü

2019ǯ03·î19Æü

2019ǯ03·î16Æü

2019ǯ03·î09Æü

2019ǯ03·î07Æü

2019ǯ02·î19Æü

2019ǯ02·î11Æü

2018ǯ12·î26Æü

2018ǯ10·î31Æü

2018ǯ06·î17Æü

2018ǯ06·î10Æü

2018ǯ05·î19Æü

2018ǯ05·î04Æü

2018ǯ03·î07Æü

2017ǯ12·î29Æü

2017ǯ10·î29Æü

2017ǯ10·î22Æü

2017ǯ07·î22Æü

2017ǯ06·î04Æü

2017ǯ05·î13Æü

2017ǯ05·î05Æü

2017ǯ04·î08Æü

2017ǯ03·î10Æü

2017ǯ03·î05Æü

2017ǯ02·î18Æü

2017ǯ01·î08Æü

2017ǯ01·î04Æü

2016ǯ12·î30Æü

2016ǯ12·î04Æü

2016ǯ11·î29Æü

2016ǯ11·î23Æü

2016ǯ11·î05Æü

2016ǯ10·î25Æü

2016ǯ10·î10Æü

2016ǯ08·î23Æü

2016ǯ07·î23Æü

2016ǯ07·î16Æü

2016ǯ07·î02Æü

2016ǯ06·î12Æü

2016ǯ06·î03Æü

2016ǯ04·î23Æü

2016ǯ04·î06Æü

2016ǯ03·î27Æü

2016ǯ03·î14Æü

2016ǯ03·î06Æü

2016ǯ02·î24Æü

2016ǯ02·î20Æü

2016ǯ02·î11Æü

2016ǯ02·î05Æü

2016ǯ01·î31Æü

2015ǯ12·î12Æü

2015ǯ12·î06Æü

2015ǯ11·î23Æü

2015ǯ11·î21Æü

2015ǯ11·î07Æü

2015ǯ10·î20Æü

2015ǯ07·î02Æü

2015ǯ06·î14Æü

2015ǯ03·î15Æü

2015ǯ03·î10Æü

2015ǯ03·î08Æü

2015ǯ01·î05Æü

2014ǯ12·î27Æü

2014ǯ11·î12Æü

2014ǯ09·î07Æü

2014ǯ07·î18Æü

2014ǯ04·î23Æü

2014ǯ04·î22Æü

2000|01|
2003|05|06|07|08|09|10|11|12|
2004|01|02|03|04|05|06|07|08|09|10|11|12|
2005|01|02|03|04|05|06|07|08|09|10|11|12|
2006|01|02|03|04|05|06|07|08|09|10|11|12|
2007|01|02|03|04|05|06|07|08|09|10|11|12|
2008|01|02|03|04|05|06|07|08|09|10|11|12|
2009|01|02|03|05|06|07|08|09|10|11|12|
2010|01|02|03|04|05|06|07|08|09|10|11|12|
2011|01|02|03|05|06|07|08|09|10|11|12|
2012|02|03|04|05|06|07|08|09|
2013|01|02|03|04|05|06|07|
2014|01|04|07|09|11|12|
2015|01|03|06|07|10|11|12|
2016|01|02|03|04|06|07|08|10|11|12|
2017|01|02|03|04|05|06|07|10|12|
2018|03|05|06|10|12|
2019|02|03|05|06|07|08|10|
2020|08|09|
2021|07|08|10|12|
2022|01|04|06|12|
2023|03|
2024|03|
<Á°¤ÎÆüµ­(2007ǯ12·î15Æü) ¼¡¤ÎÆüµ­(2007ǯ12·î22Æü)> ºÇ¿· ÊÔ½¸