ProHoster > Pūnaewele > Nā Administration > ʻO Troldesh i kahi mask hou: kahi nalu o ka leka uila o kahi virus ransomware

ʻO Troldesh i kahi mask hou: kahi nalu o ka leka uila o kahi virus ransomware

Mai ka hoʻomaka ʻana o kēia lā a hiki i kēia manawa, ua hoʻopaʻa ka poʻe loea ʻo JSOC CERT i kahi puʻupuʻu hewa nui o ka Troldesh encrypting virus. ʻOi aku ka laulā o kāna hana ma mua o ka mea hoʻopunipuni: ma kahi o ka module encryption, hiki iā ia ke hoʻokele mamao i kahi hale hana a hoʻoiho i nā modula hou. Ma Malaki o kēia makahiki mākou hoʻomaopopo e pili ana i ka maʻi maʻi Troldesh - a laila ua uhi ka maʻi i kāna lawe ʻana me ka hoʻohana ʻana i nā polokalamu IoT. I kēia manawa, hoʻohana ʻia nā mana o WordPress a me ka cgi-bin interface no kēia.

ʻO Troldesh i kahi mask hou: kahi nalu o ka leka uila o kahi virus ransomware

Hoʻouna ʻia ka leka uila mai nā ʻōlelo aʻoaʻo a loaʻa i loko o ke kino o ka leka kahi loulou i nā kumuwaiwai pūnaewele ʻae ʻia me nā mea WordPress. Aia ka loulou i kahi waihona i loaʻa kahi palapala ma Javascript. Ma muli o kāna hoʻokō ʻana, hoʻoiho ʻia ka Troldesh encryptor a hoʻokuʻu ʻia.

ʻAʻole ʻike ʻia nā leka uila maikaʻi ʻole e ka hapa nui o nā mea hana palekana no ka mea aia lākou i kahi loulou i kahi punawelewele kūpono, akā ʻo ka ransomware ponoʻī ke ʻike ʻia e ka hapa nui o nā mea hana polokalamu antivirus. E hoʻomaopopo: no ka mea e kamaʻilio ana ka malware me nā kikowaena C&C aia ma ka pūnaewele Tor, hiki ke hoʻoiho i nā modula hoʻouka waho waho i ka mīkini maʻi i hiki ke "hoʻonui" iā ia.

ʻO kekahi o nā hiʻohiʻona maʻamau o kēia nūpepa ʻo:

(1) laʻana o kahi kumuhana nūhou - "No ke kauoha ʻana"

(2) like nā loulou a pau - aia nā huaʻōlelo /wp-content/ a me /doc/, no ka laʻana:
Horsesmouth[.]org/wp-content/themes/InspiredBits/images/dummy/doc/doc/
www.montessori-academy[.]org/wp-content/themes/campus/mythology-core/core-assets/images/social-icons/long-shadow/doc/
chestnutplacejp[.]com/wp-content/ai1wm-backups/doc/

(3) komo ka malware i nā kikowaena mana like ʻole ma o Tor

(4) hana ʻia kahi faila Filename: C:ProgramDataWindowscsrss.exe, i hoʻopaʻa inoa ʻia ma ka papa inoa ma ka lālā SOFTWAREMicrosoftWindowsCurrentVersionRun (inoa parameter - Client Server Runtime Subsystem).

Manaʻo mākou e hōʻoia i kāu ʻikepili polokalamu anti-virus i kēia lā, e noʻonoʻo ana e hoʻomaopopo i nā limahana e pili ana i kēia hoʻoweliweli, a inā hiki, e hoʻoikaika i ka mana ma luna o nā leka e hiki mai ana me nā hōʻailona ma luna.

Source: www.habr.com

Pākuʻi i ka manaʻo hoʻopuka