{"id":5641,"date":"2016-09-11T02:07:47","date_gmt":"2016-09-11T02:07:47","guid":{"rendered":"http:\/\/tapchicntt.com\/?p=5641"},"modified":"2016-09-11T02:07:47","modified_gmt":"2016-09-11T02:07:47","slug":"phat-hien-ma-doc-tong-tien-ca-khi-nguoi-dung-ngoai-tuyen","status":"publish","type":"post","link":"https:\/\/tapchicntt.com\/phat-hien-ma-doc-tong-tien-ca-khi-nguoi-dung-ngoai-tuyen\/","title":{"rendered":"Ph\u00e1t hi\u1ec7n m\u00e3 \u0111\u1ed9c t\u1ed1ng ti\u1ec1n c\u1ea3 khi ng\u01b0\u1eddi d\u00f9ng ngo\u1ea1i tuy\u1ebfn"},"content":{"rendered":"

C\u00e1c chuy\u00ean gia Kaspersky Lab v\u1eeba ph\u00e1t hi\u1ec7n bi\u1ebfn th\u1ec3 m\u1edbi c\u1ee7a ransomware RAA – ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u0111\u01b0\u1ee3c vi\u1ebft to\u00e0n b\u1ed9 b\u1eb1ng JScript – c\u00f3 th\u1ec3 m\u00e3 h\u00f3a ngo\u1ea1i tuy\u1ebfn m\u00e0 kh\u00f4ng c\u1ea7n key (ch\u00eca kh\u00f3a) t\u1eeb m\u00e1y ch\u1ee7.<\/p>\n

\"Ph\u00e1t<\/p>\n

Ransomware RAA xu\u1ea5t hi\u1ec7n v\u00e0o th\u00e1ng 6-2016 v\u00e0 l\u00e0 ransomware \u0111\u1ea7u ti\u00ean vi\u1ebft b\u1eb1ng JScript \u0111\u01b0\u1ee3c bi\u1ebft \u0111\u1ebfn. V\u00e0o th\u00e1ng 8, chuy\u00ean gia t\u1ea1i Kaspersky Lab ph\u00e1t hi\u1ec7n phi\u00ean b\u1ea3n m\u1edbi c\u1ee7a ransomware n\u00e0y.<\/p>\n

Ng\u01b0\u1eddi d\u00f9ng kh\u00f4ng online c\u0169ng b\u1ecb t\u1ed1ng ti\u1ec1n<\/strong><\/p>\n

Gi\u1ed1ng nh\u01b0 phi\u00ean b\u1ea3n tr\u01b0\u1edbc \u0111\u01b0\u1ee3c ph\u00e1t t\u00e1n th\u00f4ng qua email nh\u01b0ng gi\u1edd \u0111\u00e2y m\u00e3 \u0111\u1ed9c l\u1ea1i \u1ea9n m\u1eadt m\u00e3 \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 trong t\u1eadp tin n\u00e9n Zip \u0111\u01b0\u1ee3c \u0111\u00ednh k\u00e8m. T\u1ed9i ph\u1ea1m m\u1ea1ng d\u00f9ng c\u00e1ch n\u00e0y ch\u1ee7 y\u1ebfu \u0111\u1ec3 l\u1eeba c\u00e1c gi\u1ea3i ph\u00e1p ch\u1ed1ng virus v\u00ec kh\u00f3 c\u00f3 th\u1ec3 ki\u1ec3m tra ph\u1ea7n \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7.<\/p>\n

Quy tr\u00ecnh l\u00e2y nhi\u1ec5m c\u1ee7a ransomware RAA c\u0169ng gi\u1ed1ng v\u1edbi phi\u00ean b\u1ea3n tr\u01b0\u1edbc. N\u1ea1n nh\u00e2n s\u1ebd m\u1edf t\u1eadp tin .js v\u00e0 qu\u00e1 tr\u00ecnh l\u00e2y nhi\u1ec5m b\u1eaft \u0111\u1ea7u. \u0110\u1ec3 \u0111\u00e1nh l\u1ea1c h\u01b0\u1edbng n\u1ea1n nh\u00e2n, Trojan cho hi\u1ec3n th\u1ecb t\u1eadp tin d\u1ea1ng v\u0103n b\u1ea3n ch\u1ee9a m\u1ed9t lo\u1ea1t c\u00e1c nh\u00e2n v\u1eadt ng\u1eabu nhi\u00ean.<\/p>\n

Trong khi n\u1ea1n nh\u00e2n c\u00f2n \u0111ang c\u1ed1 g\u1eafng hi\u1ec3u chuy\u1ec7n g\u00ec \u0111ang x\u1ea3y ra th\u00ec \u1edf ngo\u00e0i m\u00e0n h\u00ecnh, RAA \u0111ang th\u1ef1c hi\u1ec7n m\u00e3 h\u00f3a t\u1eadp tin tr\u00ean m\u00e1y. Cu\u1ed1i c\u00f9ng, ransomware t\u1ea1o ra ghi ch\u00fa ng\u1eabu nhi\u00ean tr\u00ean desktop v\u00e0 to\u00e0n b\u1ed9 nh\u1eefng t\u1eadp tin b\u1ecb m\u00e3 h\u00f3a s\u1ebd c\u00f3 ph\u1ea7n m\u1edf r\u1ed9ng m\u1edbi b\u1ecb kh\u00f3a l\u1ea1i.<\/p>\n

So v\u1edbi phi\u00ean b\u1ea3n tr\u01b0\u1edbc, \u0111i\u1ec3m kh\u00e1c bi\u1ec7t ch\u00ednh l\u00e0 RAA kh\u00f4ng c\u1ea7n li\u00ean l\u1ea1c v\u1edbi m\u00e1y ch\u1ee7 t\u1eeb xa \u0111\u1ec3 m\u00e3 h\u00f3a t\u1eadp tin tr\u00ean m\u00e1y t\u00ednh n\u1ea1n nh\u00e2n nh\u01b0 tr\u01b0\u1edbc \u0111\u00e2y m\u00e0 n\u00f3 s\u1ebd t\u1ef1 t\u1ea1o, m\u00e3 h\u00f3a v\u00e0 l\u01b0u tr\u1eef \u201cch\u00eca kh\u00f3a ch\u1ee7\u201d (key master) tr\u00ean m\u00e1y.<\/p>\n

T\u1ed9i ph\u1ea1m m\u1ea1ng n\u1eafm gi\u1eef kh\u00f3a b\u00ed m\u1eadt d\u00f9ng \u0111\u1ec3 gi\u1ea3i m\u00e3 key master \u0111\u00e3 b\u1ecb m\u00e3 h\u00f3a. Ngay khi \u0111\u00e3 \u0111\u01b0\u1ee3c tr\u1ea3 ti\u1ec1n chu\u1ed9c, t\u1ed9i ph\u1ea1m m\u1ea1ng y\u00eau c\u1ea7u ng\u01b0\u1eddi d\u00f9ng g\u1eedi cho b\u1ecdn ch\u00fang master key \u0111\u00e3 b\u1ecb m\u00e3 h\u00f3a, sau n\u00e0y s\u1ebd \u0111\u01b0\u1ee3c ho\u00e0n tr\u1ea3 l\u1ea1i, c\u00f9ng v\u1edbi ph\u1ea7n m\u1ec1m m\u00e3 h\u00f3a. C\u00e1ch n\u00e0y cho ph\u00e9p ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i m\u00e3 h\u00f3a c\u1ea3 m\u00e1y t\u00ednh offline l\u1eabn m\u00e1y t\u00ednh c\u00f3 k\u1ebft n\u1ed1i Internet.<\/p>\n

\u201cKhuy\u1ebfn m\u00e3i\u201d th\u00eam Trojan<\/strong><\/p>\n

Ngo\u00e0i ransomware RAA, n\u1ea1n nh\u00e2n c\u00f2n ph\u1ea3i nh\u1eadn th\u00eam Trojan Pony. Pony c\u00f3 kh\u1ea3 n\u0103ng \u0111\u00e1nh c\u1eafp m\u1eadt kh\u1ea9u t\u1eeb t\u1ea5t c\u1ea3 email c\u1ee7a kh\u00e1ch h\u00e0ng bao g\u1ed3m doanh nghi\u1ec7p v\u00e0 g\u1eedi ch\u00fang \u0111\u1ebfn k\u1ebb t\u1ea5n c\u00f4ng t\u1eeb xa.<\/p>\n

C\u00f3 \u0111\u01b0\u1ee3c m\u1eadt kh\u1ea9u ngh\u0129a l\u00e0 nh\u1eefng k\u1ebb l\u1eeba \u0111\u1ea3o c\u00f3 th\u1ec3 ph\u00e1t t\u00e1n ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i thay cho ng\u01b0\u1eddi d\u00f9ng b\u1ecb l\u00e2y nhi\u1ec5m, khi\u1ebfn vi\u1ec7c thuy\u1ebft ph\u1ee5c n\u1ea1n nh\u00e2n r\u1eb1ng email n\u00e0y h\u1ee3p ph\u00e1p c\u00e0ng d\u1ec5 d\u00e0ng h\u01a1n. T\u1eeb email n\u1ea1n nh\u00e2n, ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i c\u00f3 th\u1ec3 lan ra to\u00e0n b\u1ed9 danh s\u00e1ch li\u00ean l\u1ea1c. T\u1eeb \u0111\u00f3, nh\u1eefng k\u1ebb l\u1eeba \u0111\u1ea3o c\u00f3 th\u1ec3 ch\u1ecdn ra li\u00ean h\u1ec7 m\u00e0 ch\u00fang c\u00f3 h\u1ee9ng th\u00fa v\u00e0 th\u1ef1c hi\u1ec7n t\u1ea5n c\u00f4ng.<\/p>\n

Fedor Sinitsyn, nh\u00e0 ph\u00e2n t\u00edch ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1\u1ecb t\u1ea1i Kaspersky Lab, cho bi\u1ebft: \u201cS\u1ef1 ph\u1ed1i h\u1ee3p gi\u1eefa ransomware v\u00e0 ph\u1ea7n m\u1ec1m \u0111\u00e1nh c\u1eafp m\u1eadt kh\u1ea9u mang l\u1ea1i cho t\u1ed9i ph\u1ea1m m\u1ea1ng c\u00f4ng c\u1ee5 nguy hi\u1ec3m, gi\u00fap t\u0103ng c\u01a1 h\u1ed9i ki\u1ebfm ti\u1ec1n cho ch\u00fang.<\/p>\n

Tr\u01b0\u1edbc ti\u00ean l\u00e0 t\u1eeb kho\u1ea3n ti\u1ec1n chu\u1ed9c m\u00e0 c\u00f4ng ty s\u1ebd tr\u1ea3 \u0111\u1ec3 gi\u1ea3i m\u00e3 d\u1eef li\u1ec7u, sau \u0111\u00f3 l\u00e0 t\u1eeb nh\u1eefng n\u1ea1n nh\u00e2n ti\u1ec1m n\u0103ng c\u00f3 th\u1ec3 b\u1ecb t\u1ea5n c\u00f4ng b\u1eb1ng c\u00e1ch s\u1eed d\u1ee5ng danh t\u00edn c\u00f4ng tin m\u00e0 Trojan Pony \u0111\u00e3 l\u1ea5y \u0111\u01b0\u1ee3c. Ngo\u00e0i c\u00e1ch m\u00e3 h\u00f3a offline, phi\u00ean b\u1ea3n m\u1edbi c\u1ee7a RAA \u0111\u00e3 t\u0103ng \u0111\u1ed9 nguy hi\u1ec3m c\u1ee7a ch\u00fang l\u00ean\u201d.<\/p>\n

\u0110\u1ec3 gi\u1ea3m thi\u1ec3u nguy c\u01a1 b\u1ecb l\u00e2y nhi\u1ec5m, Kaspersky khuy\u1ebfn c\u00e1o ng\u01b0\u1eddi d\u00f9ng n\u00ean s\u1eed d\u1ee5ng c\u00f4ng ngh\u1ec7 b\u1ea3o m\u1eadt endpoint v\u00e0 gi\u1ea3i ph\u00e1p ch\u1ed1ng virus m\u1ea1nh m\u1ebd, ch\u1eafn ch\u1eafn m\u1ecdi ch\u1ee9c n\u0103ng ph\u00e1t hi\u1ec7n \u0111\u1ec1u \u0111\u01b0\u1ee3c k\u00edch ho\u1ea1t.<\/p>\n

C\u00e1c c\u00f4ng ty, t\u1ed5 ch\u1ee9c c\u1ea7n ph\u1ea3i c\u00f3 bi\u1ec7n ph\u00e1p t\u0103ng nh\u1eadn th\u1ee9c v\u1ec1 m\u1ea1ng cho nh\u00e2n vi\u00ean, li\u00ean t\u1ee5c c\u1eadp nh\u1eadt ph\u1ea7n m\u1ec1m tr\u00ean m\u00e1y t\u00ednh, th\u01b0\u1eddng xuy\u00ean ki\u1ec3m to\u00e1n an ninh.<\/p>\n

Ng\u01b0\u1eddi d\u00f9ng ph\u1ea3i ch\u00fa \u00fd \u0111\u1ebfn ph\u1ea7n m\u1edf r\u1ed9ng c\u1ee7a t\u1eadp tin tr\u01b0\u1edbc khi m\u1edf ch\u00fang ra. Nh\u1eefng t\u1eadp tin \u1ea9n ch\u1ee9a nguy hi\u1ec3m bao g\u1ed3m: .exe, .hta, .wsf, .js\u2026 H\u00e3y l\u00e0 ng\u01b0\u1eddi d\u00f9ng th\u00f4ng minh v\u00e0 c\u1ea3nh gi\u00e1c v\u1edbi m\u1ecdi email t\u1eeb ng\u01b0\u1eddi g\u1eedi kh\u00f4ng r\u00f5 danh t\u00ednh.<\/p>\n","protected":false},"excerpt":{"rendered":"

C\u00e1c chuy\u00ean gia Kaspersky Lab v\u1eeba ph\u00e1t hi\u1ec7n bi\u1ebfn th\u1ec3 m\u1edbi c\u1ee7a ransomware RAA – ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i \u0111\u01b0\u1ee3c […]<\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-5641","post","type-post","status-publish","format-standard","hentry","category-bao-mat"],"views":392,"_links":{"self":[{"href":"https:\/\/tapchicntt.com\/rest-api\/wp\/v2\/posts\/5641","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/tapchicntt.com\/rest-api\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/tapchicntt.com\/rest-api\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/tapchicntt.com\/rest-api\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/tapchicntt.com\/rest-api\/wp\/v2\/comments?post=5641"}],"version-history":[{"count":0,"href":"https:\/\/tapchicntt.com\/rest-api\/wp\/v2\/posts\/5641\/revisions"}],"wp:attachment":[{"href":"https:\/\/tapchicntt.com\/rest-api\/wp\/v2\/media?parent=5641"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/tapchicntt.com\/rest-api\/wp\/v2\/categories?post=5641"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/tapchicntt.com\/rest-api\/wp\/v2\/tags?post=5641"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}