The critical remote-code-execution (RCE) Log4Shell is a severe vulnerability that was disclosed to the public on December 10, 2021. It exploits a bug in the wide-spread Log4j library. Any service that uses the library and exposes an interface to the Internet is potentially vulnerable. In this paper, we measure the rush of scanners during the two months after the disclosure. We use several vantage points to observe both researchers and attackers. For this purpose, we collect and analyze payloads sent by benign and malicious communication parties, their origins, and churn. We find that the initial rush of scanners quickly ebbed. Especially non-malicious scanners were only interested in the days after the disclosure. In contrast, malicious scanners continue targeting the vulnerability.
翻译:关键远程代码执行(RCE) Log4Shell 是2021年12月10日向公众披露的严重脆弱性。 它利用了广博的Log4j图书馆的错误。 任何使用图书馆并暴露与互联网接口的服务都可能很脆弱。 在本文中, 我们测量了披露后两个月内扫描器的匆忙程度。 我们使用几个有利点观察研究人员和攻击者。 为此, 我们收集和分析了友好和恶意通信方发送的有效载荷, 其来源和音频。 我们发现最初的扫描器快速膨胀。 特别是非恶意的扫描器只在披露后几天才感兴趣。 相反, 恶意扫描器继续针对脆弱性。