Previous Article Next Article Linux 也有加密勒索病毒了,也有人真的中了
Posted in Secutiry

Linux 也有加密勒索病毒了,也有人真的中了

Linux 也有加密勒索病毒了,也有人真的中了 Posted on 2015 年 11 月 12 日1 Comment

命名為 Linux.Encoder.1,C 寫的,還用上 PolarSSL library

需要 root 權限才可成功感染

感染路徑

/home
/root
/var/lib/mysql
/var/www
/etc/nginx
/etc/apache2
/var/log

會被加密的檔案型態

".php", ".html", ".tar", ".gz", ".sql", ".js", ".css", ".txt" ".pdf", ".tgz", ".war", ".jar", ".java", ".class", ".ruby", ".rar" ".zip", ".db", ".7z", ".doc", ".pdf", ".xls", ".properties", ".xml" ".jpg", ".jpeg", ".png", ".gif", ".mov", ".avi", ".wmv", ".mp3" ".mp4", ".wma", ".aac", ".wav", ".pem", ".pub", ".docx", ".apk" ".exe", ".dll", ".tpl", ".psd", ".asp", ".phtml", ".aspx", ".csv"

加密方式是 AES-CBC-128

聽說 Bitdefender LABS 有解密工具

尋找樣本中…..

參考

https://vms.drweb.com/virus/?i=7704004&lng=en
http://labs.bitdefender.com/2015/11/linux-ransomware-debut-fails-on-predictable-encryption-key/

1 comment

發佈留言

發佈留言必須填寫的電子郵件地址不會公開。 必填欄位標示為 *