Site na mmalite nke taa ruo ugbu a, ndị ọkachamara JSOC CERT edekọla oke nkesa ọjọọ nke nje Troldesh na-ezochi ya. Ọrụ ya sara mbara karịa nke onye na-ezoro ezo: na mgbakwunye na modul ezoro ezo, ọ nwere ikike ijikwa ebe a na-arụ ọrụ na nbudata modul ndị ọzọ. Na March nke afọ a anyị ugbua banyere ọrịa Troldesh - mgbe ahụ nje kpuchiri nnyefe ya site na iji ngwaọrụ IoT. Ugbu a, a na-eji ụdị WordPress adịghị ike na interface cgi-bin maka nke a.
A na-eziga ozi ahụ site na adreesị dị iche iche ma nwee n'ime ahụ nke akwụkwọ ozi ahụ njikọ nke ihe ndị na-eme ka weebụ na-emebi emebi na ngwa WordPress. Njikọ ahụ nwere ebe nchekwa nwere script na Javascript. N'ihi ogbugbu ya, a na-ebudata Troldesh encryptor ma malite ya.
Ọtụtụ ngwaọrụ nchekwa anaghị ahụta ozi-e ọjọọ n'ihi na ha nwere njikọ na akụrụngwa webụ ziri ezi, mana ọtụtụ ndị na-emepụta sọftụwia antivirus na-achọpụta ihe mgbapụta n'onwe ya ugbu a. Mara: ebe malware na-ekwurịta okwu na sava C&C dị na netwọk Tor, ọ ga-ekwe omume ibudata modul ibu mpụta ọzọ na igwe butere ọrịa nke nwere ike “ịba ụba” ya.
Ụfọdụ atụmatụ izugbe nke akwụkwọ akụkọ a gụnyere:
(1) ọmụmaatụ nke isiokwu akwụkwọ akụkọ - "Banyere ịtụ"
(2) njikọ niile yitere na mpụga - ha nwere isi okwu /wp-content/ na /doc/, dịka ọmụmaatụ:
Horsesmouth[.]org/wp-content/themes/InspiredBits/images/dummy/doc/doc/
[.]org/wp-ọdịnaya/themes/campus/mythology-core/core-assets/images/social-content/long-shadow/doc/
chestnutplacejp[.]com/wp-content/ai1wm-backups/doc/
(3) malware na-enweta sava njikwa dị iche iche site na Tor
(4) a na-emepụta faịlụ Aha faịlụ: C:ProgramDataWindowscsrss.exe, edebanye aha na ndekọ na ngalaba SOFTWAREMIcrosoftWindowsCurrentVersionRun (aha oke - Client Server Runtime Subsystem).
Anyị na-akwado ijide n'aka na nchekwa data ngwanrọ mgbochi nje gị dị ọhụrụ, na-atụle ịgwa ndị ọrụ gbasara ihe iyi egwu a, yana, ọ bụrụ na ọ ga-ekwe omume, na-ewusi njikwa ike na mkpụrụedemede mbata nwere akara ngosi dị n'elu.
isi: www.habr.com