Tuesday, November 10, 2015

A “bad guys” critical failure allows to decode the Linux ransomware

Yesterday, astonished and frightened, we related the emergence of a ransomware that attacks Linux servers. Today we have a smile in our lips when we explain the ending: the ransomware is badly encrypted, so it’s possible know how decode it. We´ll also talk today about the unbearable vulnerability of Adobe Flash Player, the increasingly laziness in the world of certifications and about an intrusion quite soundly in the networks of the Britain Parliament. 

Since yesterday many webs infected by the ransomware Linux Encoder1 have been discovered, the malware uses the hole in the e-commerce platform Magento to enter in the servers of Linux, encrypting their contents, backups included, and asking for a rescue of 1 Bitcoin. Luckily, the firm Bitdefender has discovered a huge failure in the encryption that allows to infer the decoding password. They have created a tool which do it automatically and they offer it by free. But nobody should lower their guard, because for the criminals it’s as easy as releasing another ramsonware, this time without failures.

Everybody against Adobe
The program that is plagued of failures and it seems it always will be is Adobe Flash Player. The firm Recorded Future has made public a study made on 100 exploit kits which proves that the majority use bugs in Adobe Flash to attack their victims. Specifically, 8 of the 10 biggest vulnerabilities used by the principal exploit kits, between 1st of January and the 30th of September of 2015, have been Adobe failures. Moreover, the king of the exploit kits is Angler.

Comodo revokes 8 certifications
Another field that use to frighten us is the Certificate Authorities (CAs). Today we have a new example of the laziness suffered, unfortunately, in this field: Comodo has announced the revocation of eight certifications because they were certificating intern files like “help” or “mailarchive”, representing a serious security threat. Comodo has ensured that other certifications authorities have similar certifications, which are banned. It’s a shame seeing how something as interesting as the certifications has become into a circus with the pass of time.

Hack to the Parliament
And we finish with a hack that specially attracts attention: As we know, nobody had ever got into the informatics networks of the Britain Parliament, specifically the intranet of the 8.500 functionaries and public employees. According to “The Times” the intruders not only copied confidential documents, but also infected with a ransomware the files of a parliamentary and they asked for a rescue.

We don’t know what message wanted to send the intruders; maybe that nobody, neither deputies, are safe. As the old good hackers said: Be careful out there.


Post a Comment