今天早上收到了一个邮件,全英文,部分内容如下(其实我刚开始看到前面说入侵了我的电脑的时候我以为说的是我的服务器被黑了,还真的吓我一跳)
Just a few months ago (04/03/2019) I hacked your operating system and I have
full control of your device.
I implanted a small application into your device which sends me your current
IP address and allows me to connect to your device just like remote desktop.
Even if you change your password, it won ’ t help.
How I infected you?
The router that you used to connect to Internet had a security hole.
You can read about this problem by searching for CVE-2018-10562.
I hacked your router and I put my code into it, and when you tried to
connect to Internet, my program infected your device.
Later I made a full copy of your hard drive (I have all your email contact
lists, list of websites you visited, phone numbers, your passwords etc.)
A little while later, when I was searching your web browsing history I was
shocked by what I saw!!
The sites for adults you are visiting... you know what I mean...
I just want to say - your fantasies are shifted far away from the normal
course!...
For the last 2 months I have been spying on you through your device camera..
especially when you visited those sites to have fun...
Those videos show clearly you having fun and the content for adults you were
watching.. this is pretty nasty and I would be very worried if I were you.
大意就是利用漏洞入侵了我的电脑并且控制摄像头录了一些视频(我摄像头封着呢)
然后我很快就找到了很多类似的邮件,其实 V2 上面也有相关帖子。
我找到了一个网站,是一个收集类似的勒索邮件(我觉得应该算是诈骗邮件)使用的比特币账号的信息数据库,网址 https://www.bitcoinabuse.com/reports 上面真的是一堆这种邮件,而且都是通过比特币诈骗。
怎么说呢,这种邮件的确是钓鱼邮件,撒网传播,遇到个信的就赚了。但是我并不想讨论这种诈骗的意思,我是想从技术角度来讨论一下,邮件里面说到的这些技术,黑客真的可以做到吗?
1.真的可以利用路由器漏洞(邮件里面说到的 CVE-2018-10562,我查过,是个漏洞病毒)实现远程控制 window 吗?
2.真的可以实现植入小程序或者代码,控制电脑的硬件(邮件提到的摄像头,还有录屏功能)吗?
3.以上两个问题,加起来看,能在使用者五察觉(或者说系统无察觉)的情况下实现吗?
不知道 V 站有没有大佬对这方面比较了解的,可以科普一下
这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。
V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。
V2EX is a community of developers, designers and creative people.