ProHoster > Blog > Pulega > Troldesh i se matapulepule fou: o se isi galu o le tele o meli o se ransomware virus

Troldesh i se matapulepule fou: o se isi galu o le tele o meli o se ransomware virus

Mai le amataga o aso nei e oʻo mai i le taimi nei, ua faʻamauina e le au atamamai o le JSOC CERT se faʻasalalauga leaga tele o le Troldesh encrypting virus. O lona fa'atinoga e lautele atu nai lo na'o se fa'ailoga: fa'aopoopo i le fa'ailoga fa'ailoga, o lo'o i ai le malosi e fa'atonutonu mamao ai se fale faigaluega ma fa'apipi'i fa'aopoopo modules. Ia Mati o lenei tausaga ua uma logoina e uiga i le faʻamaʻi Troldesh - ona ufiufi lea e le siama lona tuʻuina atu e faʻaaoga ai masini IoT. I le taimi nei, o faʻafitauli vaivai o le WordPress ma le cgi-bin interface o loʻo faʻaaogaina mo lenei mea.

Troldesh i se matapulepule fou: o se isi galu o le tele o meli o se ransomware virus

O le meli e lafo mai tuatusi eseese ma o loʻo i ai i totonu o le tino o le tusi se fesoʻotaʻiga i fesoʻotaʻiga i luga o le upega tafaʻilagi faʻatasi ma vaega WordPress. O le so'oga o lo'o iai se fa'amaumauga o lo'o iai se fa'amaumauga i le Javascript. O se taunuuga o lona faʻataunuʻuina, o le Troldesh encryptor ua sii mai ma faʻalauiloa.

O imeli leaga e le iloa e le tele o mea faigaluega saogalemu ona o loʻo i ai se fesoʻotaʻiga i se punaoa i luga o le upega tafaʻilagi, ae o le ransomware lava ia o loʻo iloa nei e le tele o tagata gaosi polokalame antivirus. Manatua: talu ai o le malware e fesoʻotaʻi ma C&C servers o loʻo i luga o le fesoʻotaʻiga Tor, e ono mafai ona faʻapipiʻi faʻaopoopoga faʻapipiʻi faʻapipiʻi i le masini faʻamaʻi e mafai ona "faʻatamaoaigaina".

O nisi o uiga lautele o lenei nusipepa e aofia ai:

(1) fa'ata'ita'iga o se mataupu fa'asalalau - "E uiga i le fa'atonuina"

(2) e tutusa uma so'otaga i fafo - o lo'o i ai upu autu /wp-content/ ma /doc/, mo se fa'ata'ita'iga:
Horsesmouth[.]org/wp-content/themes/InspiredBits/images/dummy/doc/doc/
www.montessori-academy[.]org/wp-content/themes/campus/mythology-core/core-assets/images/social-icons/long-shadow/doc/
chestnutplacejp[.]com/wp-content/ai1wm-backups/doc/

(3) o loʻo maua e le malware le tele o 'auʻaunaga faʻatonutonu e ala i Tor

(4) faia se faila Filename: C:ProgramDataWindowscsrss.exe, resitaraina i le resitala i le SOFTWAREMicrosoftWindowsCurrentVersionRun lala (igoa parameter - Client Server Runtime Subsystem).

Matou te fautuaina le faʻamautinoaina o loʻo faʻafouina au faʻamaumauga faʻamaumauga a le anti-virus, mafaufau e logoina tagata faigaluega e uiga i lenei faʻamataʻu, ma faʻapea foʻi, pe a mafai, faʻamalosia le pulea o tusi o loʻo oʻo mai ma faʻailoga o loʻo i luga.

puna: www.habr.com

Faaopoopo i ai se faamatalaga