ProHoster > Блог > Gudanarwa > Troldesh a cikin sabon abin rufe fuska: wani guguwar aika wasiku na kwayar cutar ransomware

Troldesh a cikin sabon abin rufe fuska: wani guguwar aika wasiku na kwayar cutar ransomware

Tun daga farkon yau zuwa yau, ƙwararrun JSOC CERT sun yi rikodin ɓarnar rarraba ɓoyayyen ƙwayar cuta ta Troldesh. Ayyukansa ya fi na mai ɓoye kawai: ban da tsarin ɓoyewa, yana da ikon sarrafa wurin aiki da nisa da zazzage ƙarin kayayyaki. A watan Maris na wannan shekara mun riga sanarwa game da annobar Troldesh - sannan kwayar cutar ta rufe isar da ita ta amfani da na'urorin IoT. Yanzu, ana amfani da nau'ikan WordPress masu rauni da ƙirar cgi-bin don wannan.

Troldesh a cikin sabon abin rufe fuska: wani guguwar aika wasiku na kwayar cutar ransomware

Ana aika saƙon daga adireshi daban-daban kuma yana ƙunshe a cikin jikin wasiƙar hanyar haɗi zuwa gaɓataccen albarkatun yanar gizo tare da abubuwan WordPress. Mahaɗin yana ƙunshe da rumbun adana bayanai mai ɗauke da rubutun a Javascript. Sakamakon aiwatar da shi, Troldesh encryptor an zazzage shi kuma an ƙaddamar da shi.

Yawancin kayan aikin tsaro ba su gano saƙon ƙeta ba saboda suna ɗauke da hanyar haɗi zuwa halaltacciyar hanyar yanar gizo, amma a halin yanzu yawancin masana'antun software na riga-kafi suna gano kayan fansa. Lura: tun da malware yana sadarwa tare da sabobin C&C da ke kan hanyar sadarwar Tor, yana da yuwuwar zazzage ƙarin na'urorin lodi na waje zuwa na'urar da ta kamu da cutar da za ta iya “wadatar da ita.

Wasu daga cikin manyan abubuwan wannan wasiƙar sun haɗa da:

(1) misalin batun labarai - "Game da oda"

(2) duk hanyoyin haɗin gwiwa suna kama da waje - suna ɗauke da kalmomin /wp-content/ da /doc/, misali:
Horsesmouth[.] org/wp-content/themes/InspiredBits/images/dummy/doc/doc/
www.montessori-academy[.] org/wp-abun ciki/jigogi/campus/mythology-core/core-kadara/images/social-icons/long-shadow/doc/
chestnutplacejp[.]com/wp-content/ai1wm-backups/doc/

(3) malware yana samun damar shiga sabar sarrafawa daban-daban ta Tor

(4) an ƙirƙiri fayil Sunan Fayil: C:ProgramDataWindowscsrss.exe, rajista a cikin wurin yin rajista a cikin SOFTWAREMIcrosoftWindowsCurrentVersionRun reshen (sunan sigar - Client Server Runtime Subsystem).

Muna ba da shawarar tabbatar da cewa bayanan software na anti-virus sun sabunta, la'akari da sanar da ma'aikata game da wannan barazanar, kuma, idan zai yiwu, ƙarfafa iko akan haruffa masu shigowa tare da alamun da ke sama.

source: www.habr.com

Add a comment