ProHoster > Π‘Π»ΠΎΠ³ > Maamulka > Troldesh oo ku jira maaskaro cusub: mowjad kale oo diritaan wadareed ah oo ah fayraska ransomware

Troldesh oo ku jira maaskaro cusub: mowjad kale oo diritaan wadareed ah oo ah fayraska ransomware

Laga bilaabo bilawgii maanta ilaa hadda, khubarada JSOC CERT waxay diiwaangeliyeen sida wayn ee xun ee loo qaybiyay fayraska sirta ah ee Troldesh. Shaqadiisu way ka ballaadhan tahay kan encryptor-ka oo keliya: marka lagu daro moduleka sirta ah, waxa ay awood u leedahay in ay meel fog ka maamusho goobta shaqada oo ay soo dejiso qaybo dheeraad ah. Bishii Maarso ee sanadkan ayaanu hore u nahay lagu wargeliyay ku saabsan cudurka faafa ee Troldesh - ka dib fayrasku wuxuu daboolay gaarsiintiisa isagoo adeegsanaya aaladaha IoT. Hadda, noocyada nugul ee WordPress iyo cgi-bin interface ayaa loo isticmaalaa tan.

Troldesh oo ku jira maaskaro cusub: mowjad kale oo diritaan wadareed ah oo ah fayraska ransomware

Boostada waxaa laga soo diraa ciwaano kala duwan waxayna ka kooban tahay jirka warqadda xiriirinta ilaha shabakada ee la jabsaday ee leh qaybaha WordPress. Xidhiidhku waxa uu ka kooban yahay kayd ka kooban qoraal Javascript ah. Natiijadii fulinteeda, Troldesh encryptor waa la soo dejiyay oo la bilaabay.

Iimaylyada xaasidnimada leh laguma ogaado inta badan aaladaha amniga sababtoo ah waxay ka kooban yihiin isku xirka ilaha shabakada ee sharciga ah, laakiin madax furashada lafteeda ayaa hadda la ogaadaa inta badan soosaarayaasha software-ka antivirus. Fiiro gaar ah: mar haddii malware uu la xiriiro server-yada C&C ee ku yaal shabakadda Tor, waxaa suurtagal ah in la soo dejiyo qaybo rar dheeri ah oo dibadda ah mashiinka cudurka kaas oo β€œkorin kara”

Qaar ka mid ah astaamaha guud ee warsidahan waxaa ka mid ah:

(1) tusaale mawduuca warsidaha - "Ku saabsan dalbashada"

(2) dhammaan iskuxirayaashu waa isku mid dibadda - waxay ka kooban yihiin ereyada muhiimka ah /wp-content/ iyo /doc/, tusaale ahaan:
Horsesmouth[.]org/wp-content/themes/InspiredBits/images/dummy/doc/doc/
www.montessori-academy[.] org/wp-content/themes/campus/mythology-core/core-assets/images/social-icons/hadhka dheer/doc/
chestnutplacejp[.]com/wp-content/ai1wm-backups/doc/

(3) Malware-ku wuxuu gelayaa kontaroolada kala duwan ee server-yada Tor

(4) fayl ayaa la sameeyay Filename: C:ProgramDataWindowscsrss.exe, oo ka diiwaan gashan diiwaanka SOFTWAREMIcrosoftWindowsCurrentVersionRun laanta (magaca cabbirka -Client Server Runtime Subsystem).

Waxaan kugula talineynaa inaad hubiso in xogtaada software-ka ka-hortagga fayraska ay tahay mid casri ah, iyadoo la tixgelinayo suurtagalnimada in la ogeysiiyo shaqaalaha khatartan, iyo sidoo kale, haddii ay suurtagal tahay, xoojinta xakamaynta waraaqaha soo galaya ee leh calaamadaha kor ku xusan.

Source: www.habr.com

Add a comment