技术控

    今日:17| 主题:51423
收藏本版 (1)
最新软件应用技术尽在掌握

[其他] Polyglot – the fake CTB-locker

[复制链接]
摩天輪的仰望 发表于 2016-10-4 00:38:14
195 1

立即注册CoLaBug.com会员,免费获得投稿人的专业资料,享用更多功能,玩转个人品牌!

您需要 登录 才可以下载或查看,没有帐号?立即注册

x
Cryptor malware programs currently pose a very real cybersecurity threat to users and companies. Clearly, organizing effective security requires the use of security solutions that incorporate a broad range of technologies capable of preventing a cryptor program from landing on a potential victim’s computer or reacting quickly to stop an ongoing data encryption process and roll back any malicious changes. However, what can be done if an infection does occur and important data has been encrypted? (Infection can occur on nodes that, for whatever reason, were not protected by a security solution, or if the solution was disabled by an administrator.) In this case, the victim’s only hope is that the attackers made some mistakes when implementing the cryptographic algorithm, or used a weak encryption algorithm.
  A brief description

  The cryptor dubbed Polyglot emerged in late August. According to the information available to us, it is distributed in spam emails that contain a link to a malicious RAR archive. The archive contains the cryptor’s executable code.
  Here are some examples of the links used:
  hXXp://bank-info.gq/downloads/reshenie_suda.rar
  hXXp://bank-info.gq/downloads/dogovor.rar
  When the infected file is launched, nothing appears to happen. However, the cryptor copies itself under random names to a dozen or so places, writes itself to the autostart folder and to TaskScheduler. When the installation is complete, file encryption starts. The user’s files do not appear to change (their names remain the same), but the user is no longer able to open them.
   
Polyglot – the fake CTB-locker-1 (currently,available,companies,effective,important)

  When encryption is complete, the cryptor changes the desktop wallpaper, (interestingly, the wallpaper image is unique to each victim) and displays the ransom message.
  The cryptor’s main window

Polyglot – the fake CTB-locker-2 (currently,available,companies,effective,important)

  New desktop wallpaper with the “open key” block unique to each victim computer
  The user is offered the chance to decrypt several files for free.
友荐云推荐




上一篇:Driving digital transformation with the cloud
下一篇:The biggest news at Microsoft Ignite was all about Azure
酷辣虫提示酷辣虫禁止发表任何与中华人民共和国法律有抵触的内容!所有内容由用户发布,并不代表酷辣虫的观点,酷辣虫无法对用户发布内容真实性提供任何的保证,请自行验证并承担风险与后果。如您有版权、违规等问题,请通过"联系我们"或"违规举报"告知我们处理。

sgqtbdmg 发表于 2016-10-10 22:51:28
sgqtbdmg涨姿势了
回复 支持 反对

使用道具 举报

*滑动验证:
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

我要投稿

推荐阅读

扫码访问 @iTTTTT瑞翔 的微博
回页顶回复上一篇下一篇回列表手机版
手机版/CoLaBug.com ( 粤ICP备05003221号 | 文网文[2010]257号 )|网站地图 酷辣虫

© 2001-2017 Comsenz Inc. Design: Dean. DiscuzFans.

返回顶部 返回列表