20160419 網路星期二:天啊,我的資料被誰加密了?
TRANSCRIPT
http://en.wikipedia.org/wiki/Liebig's_law_of_the_minimum
WHO
WHY
WHAT
WHOM
WHERE
WHEN
HOW
HOW MUCH
WHO
WHY
WHAT
WHOM
WHERE
Ref: https://www.facebook.com/thehackernews/posts/1307041839309686
WHEN
HOW
HOW MUCH
HOW MUCH
黑色產業
• Malware Malicious Software
•
• • • •
• Virus
• Worm
• Backdoor
• Exploit
• Trojan
• Rootkit
• HackTool
• Spyware
• Macros
• Scripts
Virus
• • •
• CIH
Worm
• • •
• Blaster
Backdoor
•
• Web web shell
Exploit
•
•
Trojan
• • • Keylog
• Poison Ivy
Rootkit
• •
• Sony BMG CD rootkit
HackTool
• • •
• Nmap John the Ripper
Spyware
• • •
• 3721
Macro
• Microsoft Office
• •
• Taiwan No.1
Script
• Script VBS JS BATPHP Python
•
• • • •
• • • • • •
• • • USB
•
• – –
• –
• DLL Injection API Hooking
• – UPX http://upx.sourceforge.net/ – ASPack http://www.aspack.com/
• – ASProtect http://www.aspack.com/ – Themida http://www.oreans.com/
• – Registry
– – Services – – Ini
– Inf – DLL Hijacking – WMI
–
• • •
• Gpcode.ak._CRYPT
READ ME!.txt
Sysinternals
• http://technet.microsoft.com/sysinternals
• Process Explorer • Process Monitor • Autoruns • TCPView
Process Explorer
Process Monitor
Autoruns
TCPView
Sandboxie
• http://www.sandboxie.com/
IDA Pro
• http://www.hex-rays.com/idapro/
Ollydbg
• http://www.ollydbg.de/
GFI Sandbox (CWSandbox)
• http://www.threattrack.com/
VirusTotal
• http://www.virustotal.com/
https://youtu.be/Sm5TbBKeFvU
AABBCCDDEE password
!@#%$%^&#$^&^%
AABBCCDDEEpassword
!@#%$%^&#$^&^%
AABBCCDDEE
!@#%$%^&#$^&^%
AABBCCDDEE
!@#%$%^&#$^&^%
AABBCCDDEE
!@#%$%^&#$^&^%
AABBCCDDEE
!@#%$%^&#$^&^%
Public Key
Private Key
https://blockchain.info/address/19PYBCFK7UoR8PMhhoB8M4gwCPAPXUL3xr
