Warning: Declaration of Jetpack_IXR_Client::query() should be compatible with IXR_Client::query(...$args) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php on line 30

Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:0) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:0) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:0) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:0) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:0) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:0) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:0) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794

Warning: Cannot modify header information - headers already sent by (output started at /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-content/plugins/jetpack/class.jetpack-ixr-client.php:0) in /home/httpd/vhosts/it-sicherheit.li/httpdocs/wp-includes/rest-api/class-wp-rest-server.php on line 1794
{"id":151,"date":"2016-09-02T17:29:18","date_gmt":"2016-09-02T15:29:18","guid":{"rendered":"http:\/\/it-sicherheit.li\/?p=151"},"modified":"2016-09-02T17:29:18","modified_gmt":"2016-09-02T15:29:18","slug":"nullbyte-ransomware-anstatt-necrobot-pokemon-go","status":"publish","type":"post","link":"https:\/\/it-sicherheit.li\/nullbyte-ransomware-anstatt-necrobot-pokemon-go\/","title":{"rendered":"Nullbyte Ransomware anstatt NecroBot Pokemon Go"},"content":{"rendered":"<p>Pokemon Go ist toll, man geht raus an die Frische Luft und sucht kleine Digitale Monster. Manche Leute finden jedoch das Laufen und die Frische Luft nicht so toll. F\u00fcr die gibt es Bots. Diese laufen f\u00fcr die User, nat\u00fcrlich nur virtuell, umher und fangen Pokemon. Da lies auch ein Erpresser-Trojaner nicht lange auf sich warten.<\/p>\n<p>Nullbyte Ransomware stopft nun diese, nicht so wichtige L\u00fccke.<\/p>\n<p>Die Ransomware ist als Github Project NecroBot getarnt und auch nach dem \u00f6ffnen und starten sieht man keinen Unterschied.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone\" src=\"https:\/\/i2.wp.com\/www.bleepstatic.com\/images\/news\/ransomware\/d\/detoxcrypto\/necrobot\/github.png?resize=676%2C311\" alt=\"Fake NecroBot Github Page\" width=\"676\" height=\"311\" data-recalc-dims=\"1\" \/><\/p>\n<p>Nach dem Starten werden Logindaten abgefragt. Egal ob diese richtig oder gef\u00e4lscht sind, der Trojaner sendet die Daten an seinen C&amp;C Server. Anschliessend wird die Verschl\u00fcsslung gestartet.<\/p>\n<p>Nach dem Abschluss der Verschl\u00fcsselung wird ein Bild angezeigt mit der Meldung das die Daten verschl\u00fcsselt wurden und ein L\u00f6segeld von 0.1 Bitcoins zu zahlen ist.<\/p>\n<p>Nullbyte Ransomware verschl\u00fcsselt die folgenden Ordner:<\/p>\n<pre><code>%USERPROFILE%\\Documents\r\n%USERPROFILE%\\Downloads\r\n%USERPROFILE%\\Favorites\r\n%USERPROFILE%\\Pictures\r\n%USERPROFILE%\\Music\r\n%USERPROFILE%\\Videos\r\n%USERPROFILE%\\Contacts\r\n%USERPROFILE%\\Desktop<\/code><\/pre>\n<p>Ebenfalls werden die Prozesse von Chrome, CMD, Firefox, iexplorer und Opera beendet um die Suche nach Hilfe zu erschweren. Zum Schluss wird noch ein Screenshot des Desktops zum C&amp;C Server hochgeladen, f\u00fcr was dieser Screenshot benutzt wird ist noch nicht klar. \u00a0<code><br \/>\n<\/code><\/p>\n<p>Dank <a href=\"https:\/\/twitter.com\/demonslay335\" target=\"_blank\">Michael Gillespie<\/a> gibt es jedoch schon ein <a href=\"http:\/\/download.bleepingcomputer.com\/demonslay335\/NullByteDecrypter.zip\" target=\"_blank\">Entschl\u00fcsselungs-Tool<\/a>. Die Anleitung dazu findet ihr <a href=\"http:\/\/www.bleepingcomputer.com\/forums\/t\/625315\/nullbyte-detoxcrypto-ransomware-help-support-nullbyte-extension\/?p=4075785\" target=\"_blank\">hier.<\/a><\/p>\n<a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-facebook nolightbox\" data-provider=\"facebook\" target=\"_blank\" rel=\"nofollow\" title=\"Share on Facebook\" href=\"http:\/\/www.facebook.com\/sharer.php?u=https%3A%2F%2Fit-sicherheit.li%2Fwp-json%2Fwp%2Fv2%2Fposts%2F151&#038;t=Nullbyte%20Ransomware%20anstatt%20NecroBot%20Pokemon%20Go&#038;s=100&#038;p&#091;url&#093;=https%3A%2F%2Fit-sicherheit.li%2Fwp-json%2Fwp%2Fv2%2Fposts%2F151&#038;p&#091;images&#093;&#091;0&#093;=http%3A%2F%2Fwww.bleepstatic.com%2Fimages%2Fnews%2Fransomware%2Fd%2Fdetoxcrypto%2Fnecrobot%2Fgithub.png&#038;p&#091;title&#093;=Nullbyte%20Ransomware%20anstatt%20NecroBot%20Pokemon%20Go\" style=\"font-size: 0px; width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px;\"><img loading=\"lazy\" decoding=\"async\" alt=\"Facebook\" title=\"Share on Facebook\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline; width:24px;height:24px; margin: 0; padding: 0; border: none; box-shadow: none;\" src=\"https:\/\/i1.wp.com\/it-sicherheit.li\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/facebook.png?resize=24%2C24&#038;ssl=1\" data-recalc-dims=\"1\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-twitter nolightbox\" data-provider=\"twitter\" target=\"_blank\" rel=\"nofollow\" title=\"Share on Twitter\" href=\"https:\/\/twitter.com\/intent\/tweet?url=https%3A%2F%2Fit-sicherheit.li%2Fwp-json%2Fwp%2Fv2%2Fposts%2F151&#038;text=Hey%20check%20this%20out\" style=\"font-size: 0px; width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px;\"><img loading=\"lazy\" decoding=\"async\" alt=\"twitter\" title=\"Share on Twitter\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline; width:24px;height:24px; margin: 0; padding: 0; border: none; box-shadow: none;\" src=\"https:\/\/i1.wp.com\/it-sicherheit.li\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/twitter.png?resize=24%2C24&#038;ssl=1\" data-recalc-dims=\"1\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-google_plus nolightbox\" data-provider=\"google_plus\" target=\"_blank\" rel=\"nofollow\" title=\"Share on Google+\" href=\"https:\/\/plus.google.com\/share?url=https%3A%2F%2Fit-sicherheit.li%2Fwp-json%2Fwp%2Fv2%2Fposts%2F151\" style=\"font-size: 0px; width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px;\"><img loading=\"lazy\" decoding=\"async\" alt=\"google_plus\" title=\"Share on Google+\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline; width:24px;height:24px; margin: 0; padding: 0; border: none; box-shadow: none;\" src=\"https:\/\/i2.wp.com\/it-sicherheit.li\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/google_plus.png?resize=24%2C24&#038;ssl=1\" data-recalc-dims=\"1\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-reddit nolightbox\" data-provider=\"reddit\" target=\"_blank\" rel=\"nofollow\" title=\"Share on Reddit\" href=\"http:\/\/www.reddit.com\/submit?url=https%3A%2F%2Fit-sicherheit.li%2Fwp-json%2Fwp%2Fv2%2Fposts%2F151&#038;title=Nullbyte%20Ransomware%20anstatt%20NecroBot%20Pokemon%20Go\" style=\"font-size: 0px; width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px;\"><img loading=\"lazy\" decoding=\"async\" alt=\"reddit\" title=\"Share on Reddit\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline; width:24px;height:24px; margin: 0; padding: 0; border: none; box-shadow: none;\" src=\"https:\/\/i2.wp.com\/it-sicherheit.li\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/reddit.png?resize=24%2C24&#038;ssl=1\" data-recalc-dims=\"1\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-pinterest nolightbox\" data-provider=\"pinterest\" target=\"_blank\" rel=\"nofollow\" title=\"Pin it with Pinterest\" href=\"http:\/\/pinterest.com\/pin\/create\/button\/?url=https%3A%2F%2Fit-sicherheit.li%2Fwp-json%2Fwp%2Fv2%2Fposts%2F151&#038;media=http%3A%2F%2Fwww.bleepstatic.com%2Fimages%2Fnews%2Fransomware%2Fd%2Fdetoxcrypto%2Fnecrobot%2Fgithub.png&#038;description=Nullbyte%20Ransomware%20anstatt%20NecroBot%20Pokemon%20Go\" style=\"font-size: 0px; width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px;\"><img loading=\"lazy\" decoding=\"async\" alt=\"pinterest\" title=\"Pin it with Pinterest\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline; width:24px;height:24px; margin: 0; padding: 0; border: none; box-shadow: none;\" src=\"https:\/\/i2.wp.com\/it-sicherheit.li\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/pinterest.png?resize=24%2C24&#038;ssl=1\" data-recalc-dims=\"1\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-linkedin nolightbox\" data-provider=\"linkedin\" target=\"_blank\" rel=\"nofollow\" title=\"Share on Linkedin\" href=\"http:\/\/www.linkedin.com\/shareArticle?mini=true&#038;url=https%3A%2F%2Fit-sicherheit.li%2Fwp-json%2Fwp%2Fv2%2Fposts%2F151&#038;title=Nullbyte%20Ransomware%20anstatt%20NecroBot%20Pokemon%20Go\" style=\"font-size: 0px; width:24px;height:24px;margin:0;margin-bottom:5px;margin-right:5px;\"><img loading=\"lazy\" decoding=\"async\" alt=\"linkedin\" title=\"Share on Linkedin\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline; width:24px;height:24px; margin: 0; padding: 0; border: none; box-shadow: none;\" src=\"https:\/\/i0.wp.com\/it-sicherheit.li\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/linkedin.png?resize=24%2C24&#038;ssl=1\" data-recalc-dims=\"1\" \/><\/a><a class=\"synved-social-button synved-social-button-share synved-social-size-24 synved-social-resolution-single synved-social-provider-mail nolightbox\" data-provider=\"mail\" rel=\"nofollow\" title=\"Share by email\" href=\"mailto:?subject=Nullbyte%20Ransomware%20anstatt%20NecroBot%20Pokemon%20Go&#038;body=Hey%20check%20this%20out:%20https%3A%2F%2Fit-sicherheit.li%2Fwp-json%2Fwp%2Fv2%2Fposts%2F151\" style=\"font-size: 0px; width:24px;height:24px;margin:0;margin-bottom:5px;\"><img loading=\"lazy\" decoding=\"async\" alt=\"mail\" title=\"Share by email\" class=\"synved-share-image synved-social-image synved-social-image-share\" width=\"24\" height=\"24\" style=\"display: inline; width:24px;height:24px; margin: 0; padding: 0; border: none; box-shadow: none;\" src=\"https:\/\/i0.wp.com\/it-sicherheit.li\/wp-content\/plugins\/social-media-feather\/synved-social\/image\/social\/regular\/48x48\/mail.png?resize=24%2C24&#038;ssl=1\" data-recalc-dims=\"1\" \/><\/a>","protected":false},"excerpt":{"rendered":"<p>Pokemon Go ist toll, man geht raus an die Frische Luft und sucht kleine Digitale Monster. Manche Leute finden jedoch das Laufen und die Frische Luft nicht so toll. F\u00fcr die gibt es Bots. Diese laufen f\u00fcr die User, nat\u00fcrlich nur virtuell, umher und fangen Pokemon. Da lies auch ein Erpresser-Trojaner nicht lange auf sich [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,43],"tags":[49,48,47,26],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/posts\/151"}],"collection":[{"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/comments?post=151"}],"version-history":[{"count":1,"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/posts\/151\/revisions"}],"predecessor-version":[{"id":152,"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/posts\/151\/revisions\/152"}],"wp:attachment":[{"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/media?parent=151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/categories?post=151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/it-sicherheit.li\/wp-json\/wp\/v2\/tags?post=151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}