Pulogalamu ya ProHoster > Blog > Ulamuliro > Troldesh mu chigoba chatsopano: funde lina la kutumiza anthu ambiri kachilombo ka ransomware

Troldesh mu chigoba chatsopano: funde lina la kutumiza anthu ambiri kachilombo ka ransomware

Kuyambira lero mpaka pano, akatswiri a JSOC CERT alemba kufalitsa koyipa kwa kachilombo ka Troldesh encrypting. Ntchito yake ndi yotakata kuposa ya encryptor: kuwonjezera pa gawo la encryption, imatha kuwongolera patali ndikutsitsa ma module owonjezera. Mu March chaka chino ife kale kudziwitsa za mliri wa Troldesh - ndiye kuti kachilomboka kamabisala kwake pogwiritsa ntchito zida za IoT. Tsopano, mitundu yosatetezeka ya WordPress ndi mawonekedwe a cgi-bin amagwiritsidwa ntchito pa izi.

Troldesh mu chigoba chatsopano: funde lina la kutumiza anthu ambiri kachilombo ka ransomware

Makalata amatumizidwa kuchokera ku ma adilesi osiyanasiyana ndipo ali m'chikalatacho ulalo wazinthu zomwe zasokonekera ndi WordPress. Ulalowu uli ndi zosunga zakale zomwe zili ndi script mu Javascript. Chifukwa cha kuphedwa kwake, Troldesh encryptor imatsitsidwa ndikuyambitsidwa.

Maimelo oyipa samazindikiridwa ndi zida zambiri zachitetezo chifukwa ali ndi ulalo wopezeka patsamba lovomerezeka, koma ransomware yokha imadziwika ndi ambiri opanga mapulogalamu a antivayirasi. Zindikirani: popeza pulogalamu yaumbanda imalumikizana ndi ma seva a C&C omwe ali pa netiweki ya Tor, ndizotheka kutsitsa ma module owonjezera akunja pamakina omwe ali ndi kachilombo omwe "amalemeretsa".

Zina mwazinthu zomwe zili mukalatayi ndi izi:

(1) chitsanzo cha nkhani zamakalata - "Za kuyitanitsa"

(2) maulalo onse ndi ofanana kunja - ali ndi mawu osakira / wp-content/ ndi /doc/, mwachitsanzo:
Horsesmouth[.]org/wp-content/themes/InspiredBits/images/dummy/doc/doc/
www.montessori-academy[.]org/wp-content/themes/campus/mythology-core/core-assets/images/social-icons/long-shadow/doc/
chestnutplacejp[.]com/wp-content/ai1wm-backups/doc/

(3) pulogalamu yaumbanda imapeza ma seva osiyanasiyana owongolera kudzera pa Tor

(4) fayilo imapangidwa Dzina la Fayilo: C:ProgramDataWindowscsrss.exe, yolembetsedwa mu registry mu nthambi ya SOFTWAREMicrosoftWindowsCurrentVersionRun (dzina la parameter - Client Server Runtime Subsystem).

Tikukulimbikitsani kuwonetsetsa kuti mapulogalamu anu odana ndi ma virus asinthidwa, poganizira zodziwitsa antchito za chiwopsezochi, komanso, ngati n'kotheka, kulimbikitsa kuwongolera zilembo zomwe zikubwera ndi zizindikiro pamwambapa.

Source: www.habr.com

Kuwonjezera ndemanga