Page 9 of 9 FirstFirst ... 56789
Results 201 to 207 of 207

Thread: CryptoLocker

  1. 06-05-16, 10:12 #201
    radja's Avatar
    radja
    radja is offline Senior Member
    Join Date
    Sep 2010
    Posts
    4,123
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    1
    Thanked in
    1 Post

    Default

    Quote Originally Posted by BlackVelvet View Post
    Mislim na privatne mail servere korporativnih preduzeca koji imaju solidnu antivirus i antispam zastitu na svom smtp serveru.
    Jednostavno mail stigne do korisnika, obican .zip fajl sa java skriptom unutra, i retardiran korisnik ne samo sto otvori zip fajl nego otvori i java skript.
    I kaze ja sam otvorio nista se ne desava
    Smijeh za taj komentar, da se ništa ne dešava.
    Quote Originally Posted by heliumht View Post
    I naravno, koristiti AVG
    E da, još ubjeđuju druge da je dobar antivirus.

    Da, kazem ja, još pogotovo što je FREE verzija.

    Poslato sa Huawei P8 lite
    Reply With Quote Reply With Quote
  2. 06-05-16, 10:46 #202
    cvetkoc's Avatar
    cvetkoc
    cvetkoc is offline Member
    Join Date
    Jan 2011
    Posts
    727
    Thanks Thanks Given 
    2
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts

    Default

    Evo analiza sa Virustotal od js fajla virusa Locky Ransomware

    https://www.virustotal.com/en/file/f...0344/analysis/
    Reply With Quote Reply With Quote
  3. 07-05-16, 16:02 #203
    LINK servis's Avatar
    LINK servis
    LINK servis is offline Member
    Join Date
    Nov 2015
    Posts
    634
    Thanks Thanks Given 
    11
    Thanks Thanks Received 
    7
    Thanked in
    5 Posts

    Default

    AVG je jedini od dva AVa koji detektuje .js fajl kao virus. Sami javascript je trojanski konj, i trebao bi biti detektovan od strane antivirusa.

    Što se tiče "retardiran korisnik ne samo sto otvori zip fajl nego otvori i java skript", većina korisnika nažalost ne zna kako da prepozna ove tipove trojanskih konja.
    Reply With Quote Reply With Quote
  4. 07-05-16, 16:10 #204
    LINK servis's Avatar
    LINK servis
    LINK servis is offline Member
    Join Date
    Nov 2015
    Posts
    634
    Thanks Thanks Given 
    11
    Thanks Thanks Received 
    7
    Thanked in
    5 Posts

    Default

    quod erat demonstrandum:
    https://www.virustotal.com/en/file/0...is/1462371705/
    Reply With Quote Reply With Quote
  5. 19-05-16, 14:30 #205
    LINK servis's Avatar
    LINK servis
    LINK servis is offline Member
    Join Date
    Nov 2015
    Posts
    634
    Thanks Thanks Given 
    11
    Thanks Thanks Received 
    7
    Thanked in
    5 Posts

    Default

    Ovi napreduju sa ovim virusom, sad je macro infested word dokument:



    Mislim da ovaj neće napraviti puno štete jer malo ko enejbluje makroe u Word (samo otvaranje dokumenta ne inficira komp). Mada kad se otvori dokument je prazan, pa će možda neko nasjesti i pokrenuti makro.
    Nakon pokretanja makroa fajl "hendibe.exe" se ekstraktuje u temp, pokrene, trojanska procedura, i isti "All frsyarof egxotyourefilesevtfsigrofiarecencryptedewithbRSA-2048 and zllhrkcxmkAES-128 dlgzthkxciphers..." tekst (tj. iz nekog razloga skrembluje copy/paste text).
    Reply With Quote Reply With Quote
  6. 19-05-16, 14:41 #206
    LINK servis's Avatar
    LINK servis
    LINK servis is offline Member
    Join Date
    Nov 2015
    Posts
    634
    Thanks Thanks Given 
    11
    Thanks Thanks Received 
    7
    Thanked in
    5 Posts

    Default

    I da, unaprijed za priučene eksperte (da ne lupaju) koji misle da će ih AV spasiti; ovo je nivo detekcije za sad (Word dokumenta sa pakovanim LOCKY trojancem):

    https://www.virustotal.com/en/file/a...6f69/analysis/



    A ovo je nivo detekcije fajla koji je upakovan u Word dokument, tj "hendibe.exe" (ovaj malware vrši enkriptovanje fajlova):

    https://www.virustotal.com/en/file/5...b906/analysis/
    Reply With Quote Reply With Quote
  7. 19-05-16, 14:43 #207
    LINK servis's Avatar
    LINK servis
    LINK servis is offline Member
    Join Date
    Nov 2015
    Posts
    634
    Thanks Thanks Given 
    11
    Thanks Thanks Received 
    7
    Thanked in
    5 Posts

    Default

    U trenutku postovanja nivo detekcije je bio 4 za Word dokument i 5 za "hendibe.exe"; vidim posle refresha je već 5/6.

    Očekujem da će detekcija u sledećih par sati porasti, ali nakon što ovaj virus napravi štetu.
    Last edited by LINK servis; 19-05-16 at 14:47.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules