Bitcoin hijacking virus samples
Yesterday, I went to the electronic reading room. Not long after I plugged in the USB flash drive, the teacher suddenly asked everyone to unplug the USB flash drive. Some students found that all the files in the USB flash drive could not be opened, and there were two more documents asking for money
so everyone rushed to check, as long as the U disk inserted in the school computer were poisoned, large-scale computer poisoning occurred in the evening
a lot of people's information and graation thesis are in the computer. I really feel that hacker's behavior is disgusting. For the sake of money, regardless of the future of students, teachers' lifelong scientific research achievements...
hope to catch criminals as soon as possible and give them severe punishment by law
this virus will scan windows devices with open 445 file sharing port. As long as the user's device is on the Internet, hackers can implant blackmail software, remote control Trojan horse, virtual currency mining machine and other malicious programs in computers and servers
some security researchers point out that this large-scale network attack seems to be deployed through a worm application, and wannacry can spread among computers. What's more terrible is that unlike most malicious programs, this program can replicate and spread on its own in the network, and most of the current viruses still need to rely on the successful users to spread by cheating them to click the attachment with the attack code
the attack has affected 99 countries and as many as 75000 computers, but because the virus uses anonymous network and bitcoin anonymous transaction to obtain ransom, it is very difficult to track and locate the originator of the virus
The virus in the "bitcoin virus" incident is known as "ransomware". By encrypting the files in the victim's computer, you can't open them completely to ask for ransom. This is a virus attack launched by lawless elements by using "eternal blue" leaked from NSA hacker's weapon library. It does not need any operation of users. As long as it is turned on and connected to the Internet, lawless elements can implant blackmail software into computers and servers
What's more terrible is that this is just the beginning. Now this blackmail virus has spread to all over the world, including many colleges and universities in China. You can see many students on the Internet showing pictures of their computers being attacked. I have to say that hackers are really well intentioned, even in simplified Chinese
{rrrrrrr}
10
(3) in view of the current technical means, if blackmail virus can not be solved, it can only be completely formatted, Then, the system is reinstalled and the system vulnerability patch is made to prevent the secondary poisoning
Once the computer is infected with this bitcoin blackmail virus, all the file data on the computer will be forcibly encrypted. If it is not delivered in the form of bitcoin to the virus maker & lt; Ransom;, Then these files can't be decrypted and retrieved. Even if the ransom is paid this time, they may be decrypted next time; Patronize & quot& mdash;& mdash; That is to say, this virus is very important to & lt; Pay attention to data & quot; It's hard to estimate the harm that can be caused by the users, especially the enterprise users
How to avoid the harm of bitcoin blackmail virus< p> As soon as bitcoin blackmail virus came into being, it immediately caused an uproar around the world. Major network security organizations and well-known anti-virus software began to pay attention to this problemthere is a lot about & lt; Manually set the firewall to close the sensitive port of the computer, so as to resist the bitcoin blackmail virus; But this kind of method is more suitable for those who know computer better; Non white people;, For example, for a third rate programmer like me, this method is more suitable for me. I can't even use antivirus software
but for the general public, it may be necessary to deal with it in a simpler way
it has been several years since the advent of bitcoin extortion virus. In order to help users' computers fight against bitcoin extortion virus attacks, many anti-virus software have certain defense mechanisms. For example, 360 launched a & lt; Anti blackmail service;, If your data is encrypted by bitcoin extortion virus when 360 is installed on your computer, 360 will compensate for your ransom and recover your data
users who don't know how to use computers can choose to install anti-virus software to defend you against such viruses, but it depends on their hobbies to choose which one
1. Don't open strangers or unknown e-mails to prevent attacks through e-mail attachments
2. Try not to click the office macro running prompt to avoid virus infection from office components
3. Download the required software from the official website, do not double-click to open. JS,. VBS and other suffix files
4. Upgrade NGAF to the latest anti-virus and other security features library
5. Upgrade the anti-virus software to the latest anti-virus library to prevent the attack of existing virus samples
6. Regularly back up important data and files in different places, and recover them in case of virus< According to the characteristics of the blackmail virus, we can judge that its variants can usually hide features, but can not hide its key behavior. After summarizing, the behavior of the blackmail virus in the process of running mainly includes the following aspects:
1. HTTP request through script file; 2
2. Download files through script files
3. Read remote server files
4. Collect computer information
5. Traverse the file
6. Call the encryption algorithm library.
2. Install a computer manager on your computer, then open the toolbox, find the function to fix the vulnerability, and go to repair it