Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Sunday November 08 2015, @06:12AM   Printer-friendly
from the malware-for-idiots dept.

A new bit of ransomware is now attacking Linux-based machines, specifically the folders associated with serving web pages. Called Linux.Encoder.1 the ransomware will encrypt your MySQL, Apache, and home/root folders. The system then asks for a single bitcoin to decrypt the files.

From Dr.Web Antivirus:

Once launched with administrator privileges, the Trojan dubbed Linux.Encoder.1 downloads files containing cybercriminals’ demands and a file with the path to a public RSA key. After that, the malicious program starts as a daemon and deletes the original files. Subsequently, the RSA key is used to store AES keys which will be employed by the Trojan to encrypt files on the infected computer.


[Ed's Comment: Emphasis mine.]

Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Runaway1956 on Sunday November 08 2015, @07:39AM

    by Runaway1956 (2926) Subscriber Badge on Sunday November 08 2015, @07:39AM (#260262) Journal
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Thexalon on Sunday November 08 2015, @03:10PM

    by Thexalon (636) on Sunday November 08 2015, @03:10PM (#260365)

    Well, sure it supports Linux. You just have to follow the standard build instructions: Download the tarball, unpack, run ./configure, make, sudo make install.

    --
    The only thing that stops a bad guy with a compiler is a good guy with a compiler.
    • (Score: 2) by VLM on Sunday November 08 2015, @07:28PM

      by VLM (445) Subscriber Badge on Sunday November 08 2015, @07:28PM (#260453)

      There's a modern moronity out there along the lines of:

      wget -O - http://dumbidea.com/install.sh [dumbidea.com] | sudo sh

      I mean what could possibly go wrong? For bonus points make sure to use http instead of https. Also make sure to pack the .sh full of bashisms, after all every civilized individual symlinks /bin/sh to /bin/bash, right? And now improved with bundled ASK toolbar!

      For a good laugh check out:

      http://curlpipesh.tumblr.com/ [tumblr.com]