Play games with hackers: Use CryptoWall tracker to mess up hacker actionsPreface:
In a TED speech, I personally demonstrated a game that interacts with 419 scammers-what happens after you reply to spam, so I also had the idea of playing a guerrilla warfare with hackers.
So in February 10, I published all the information about CryptoWall on a website and published it as "
Threat focus: CRYPTOWALL4
Continuously updated malwareOriginal article: http://blog.talosintel.com/2015/12/cryptowall-4.html
0x00 Abstract
In the past year, Talos has spent a lot of time studying the operating principles of ransomware, managing it with other malware, and its economic impact. This research is of great value for developing detection methods and cracking attacks by attackers. CrytoWall is a malware. In the past year, it was first upgr
. Interestingly, the ransomware operators they recruited are primarily victims. Chimera is also mainly transmitted via email and written in. NET Framework. Analysis showed that the first stage of malware not only decrypts and extracts the code of the second stage, but does not execute any malicious functions. In the second stage, the run_pe () function calls fnDllEntry () in metadata reflection (). In stage 3, the core features of malware began to emerge. 5.
printing in the code, and the file is uploaded from Ukraine. These indicate that the initiators use VirusTotal to detect whether their malware is detected by Heuristic software. The first variant uploaded on this website is 0.01a-154d:
WIN32-VS-x32-RELEASE-Feb 1 2016-15:33:48 v.0.01a-154d
The version we get is 0.02a-155, which means the malware has grown a lot.Conclusion
We have seen that there are new families of ransomware in the network for some time, probably because of the success of Cry
another problem: "If you are infected with these software one day in the future, it will be unlucky ."
Ransomware's rise
Ransomware has become one of the greatest threats to Internet users in recent years.
The authors of the notorious CryptoWall ransomware earned more than $0.325 billion in the past year alone.
Generally, hackers use malicious ransomware to gain access to users' computers and use powerful encryption algorithms to encrypt a large numb
irreversible, users are more inclined to pay for the recovery of contacts, information conversations, images and files.Important survey results
19.55% of threats around the world are fake apps. These apps are installed with malware or are vulnerable to attacks;
45.53% of Android ransomware in the world points to the United States;
78.36% Of the world's SMS-sending malware targets American users;
The most ransomware countries are Germany, followed by Britain and Australia;
Ransomware benefi
Blogger: Ali Security Research Laboratory-Cheijun
Release date: 2016-1-26
Blog content: background
In the current global network threat activities, foreign attackers mainly use Zeus, CryptoWall, BEDEP, all kinds of common rat tools, such as malicious load, but in the recent monitoring of the malicious threat, we found that individual advanced sample attack using a relatively rare betabot trojan, There are few related to this Trojan
0x01 Initial knowl
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.