暗网“Tox”:把勒索软件变成一门服务
McAfee安全实验室最近在暗网发现了一款名为“Tox”的勒索软件。Salient Points:
Tox is free. You just have to register on the site.
Tox is dependent on TOR and Bitcoin. That allows for some degree of anonymity.
The malware works as advertised.
Out of the gate, the standard of antimalware evasion is fairly high, meaning the malware’s targets would need additional controls in place (HIPS, whitelisting, sandboxing) to catch or prevent this.
Once you register for the product, you can create your malware in three simple steps.
Enter the ransom amount. (The site takes 20% of the ransom.)
Enter your “cause.”
Submit the captcha.
Network Information
The malware first downloads Curl and the TOR client:
hxxp://www.paehl.com/open_source/?download=curl_742_1.zip
hxxp://dist.torproject.org/torbrowser/4.5.1/tor-win32-0.2.6.7.zip
All downloaded files and artifacts are stored in the following path:
C:\Users\<username>\AppData\Roaming\
After execution, Tox will start TOR in SOCKS5 proxy mode with the following command-line parameters:
-socks5-hostname 127.0.0.1:9050 –data \
敢不敢先翻译 欺负我英文不好 敢不敢先翻译 欺负我英文不好 :'(:'(:'( 英语渣渣,查着字典来试一试:
重要简讯:TOX是免费的。你只需要在网站上注册。TOX是依赖于Tor和比特币的(笔者理解类似于乌云币?还是说他们接收这两种方式赞助?)。允许一定程度的匿名性。恶意软件的可以用作广告(什么鬼?说的应该是流氓软件自动修改主页,连带下载其他产品的意思?)。然而,若出了这扇大门,对反恶意软件的规避标准就会相当高,意味着恶意软件的目标将在所需要的额外的控制(HIPS,白名单,沙箱)链接或阻止这些。一旦你注册的产品,你可以在三个简单的步骤创制您的恶意软件。
1.进入付款金额页面。(该网站需要20%的押金。)
2.进入你的“动机”(说明使用本产品的原因?申明一下勿用作非法用途,违者与该公司无关?巴拉巴拉。。。。。。)。
3.提交验证码。
若是译的一塌糊涂还请不要打死! 支持中国红客联盟(ihonker.org) 感谢楼主的分享~ 支持,看起来不错呢!