|
|
Transmission-contained 'KeRanger' ransomware downloaded 6,500 times
|
|
|
|
MacNN Staff
Join Date: Jul 2012
Status:
Offline
|
|
The Transmission BitTorrent client developers have revealed more details about the malware-laden installer for its recent update. Following initial release, the developers claim that the main server hosting the download was attacked, with the compromised installer being substituted for the legitimate one at that time. However, the developers aren't commenting specifically on the avenue of attack on the server, beyond the end result of a disk image swap.
Transmission representative John Clay told Reuters and other venues that the new KeRanger ransomware package was downloaded about 6,500 times on Friday before the substitution was discovered. The package was coded to wait three days before contacting command and control servers through Tor, sending Mac model number, and UUID, which were probably used to derive an encryption key. Following successful communication with the control server, the malware would have started to encrypt documents stored on the host system, should it not have been removed in time or blocked by Apple's security measures put in place after the attack.
Documents encrypted by the malware were nearly every audio and video type, Microsoft documents, source code files, SQL databases, certificates, and compressed archives. Palo Alto noted that it also attempted to encrypt Time Machine backup files -- but without success. After completion, the malware informs the user that a ransom of one bitcoin must be paid to a specific address for decryption of the afflicted files.
Apple has since revoked the certificate of the developer who coded the malware, and blocked the malware from installation with a quiet security patch. Additionally, version 2.92 of Transmission automatically removes the ransomware binaries from an afflicted system.
Clay claims in today's statement that following the disk image swap "security on the server has since been increased." Additionally, he also told Reuters that the company is making "frequent contact" with both security researchers Palo Alto Networks, as well as Apple to further evaluate root causes and preventative measures, so such an attack doesn't happen again.
(
Last edited by NewsPoster; Mar 16, 2016 at 05:45 AM.
)
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Nov 2011
Status:
Offline
|
|
A moest proposal for the elimination of ransomware: ban all BitCoin transactions in the US. The federal government did the same, and enforces it, for offshore online gambling. Why not BitCoin, which exists only for (1) speculation, (2) drug and other black market transactions, and (3) ransomware?
What would we lose or fail to realize if all international financial transactions were monitorable?
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Jun 2008
Status:
Offline
|
|
I don't think you understand what BitCoin really is, because cold, hard cash can be and is used for speculation, drug and other black market transactions, and ransomware, so calling for the ban of a currency because of its potential (and actual) uses is hypocritical. Are you in support of banning cold, hard cash, too?
Also, you missed a perfect opportunity to lambast Bittorrent as an evil, piracy-enabling technology, as there are clearly no non-nefarious uses for it.
(I use both of these technologies on a semi-daily basis for 100% legitimate activities, as many others do as well)
|
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Aug 2001
Location: Maitland, FL
Status:
Offline
|
|
DCQ: Your point about BitCoin is quite valid, but while BitTorrent has legit uses, let's not kid ourselves about what its used for 90+ percent of the time.
This is not to say BT or other P2P distribution systems should be outlawed, but rather to say that most users should probably not involve themselves with the usual uses of such technology: it is also one of the leading distribution systems for malware, because the people using it for its typical purpose -- pirating things -- are not concerned with security, and often pay the price for that. It does not surprise me that the makers of a tool used mostly for illicit purposes were equally careless about their server security.
|
Charles Martin
MacNN Editor
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|