{"id":213733,"date":"2017-02-21T10:49:34","date_gmt":"2017-02-21T09:49:34","guid":{"rendered":"http:\/\/hudo.com\/si\/?p=213733"},"modified":"2017-02-21T10:49:34","modified_gmt":"2017-02-21T09:49:34","slug":"pozor-siri-se-izsiljevalski-virus","status":"publish","type":"post","link":"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/","title":{"rendered":"Pozor, \u0161iri se izsiljevalski virus!"},"content":{"rendered":"<div class=\"text\">\n<p>Pri zaznanih ve\u010d primerih napadov z ribarjenjem oziroma phishingom sta sporo\u010dilom skupna naslova &#8220;webmail update&#8221; ali &#8220;system admin&#8221; ter besedilo, ki je bilo strojno prevedeno v sloven\u0161\u010dino. Pod pretvezo, da bodo imeli zaradi zapolnjenega po\u0161tnega predala blokiran dostop do elektronske po\u0161te, posku\u0161ajo uporabnike prepri\u010dati, da kliknejo na povezavo v sporo\u010dilu.<\/p>\n<p>Povezava vodi na indeksno spletno stran znotraj ene od domen pod vrhnjo domeno .tk, .ml, .ga, .cf, ali .gq. V vseh primerih so bile domene registrirane pri registrarju Freenom, ki omogo\u010da zastonjsko registracijo domen pod temi vrhnjimi domenami, pojasnjujejo v centru.<\/p>\n<p>Spletna stran od uporabnika zahteva vpis uporabni\u0161kega imena, e-naslova in gesla za e-po\u0161to. Na prvi pogled zgleda, da se stran nahaja na predmetni domeni, dejansko pa gre za storitev preusmeritve domene na poljuben spletni naslov, ki jo ponudnik Freenom ponudi tekom registracije domene. Sama spletna stran se dejansko nahaja pri ponudniku zastonjskih spletnih strani IM Creator.<\/p>\n<p>\u010ce uporabniki vpi\u0161ejo svoje podatke, se napadalci prijavijo v njihovo spletno po\u0161to in od tam \u0161irijo napad naprej, tako da vsem kontaktom po\u0161ljejo la\u017eno sporo\u010dilo. Ob tem v SI-CERT svetujejo uporabnikom, ki prejmejo to sporo\u010dilo, naj ga \u010dim prej posredujejo na <a href=\"mailto:cert@cert.si\" target=\"_blank\">cert@cert.si<\/a>.<\/p>\n<p>SI-CERT je poleg tega prejel ve\u010d prijav oku\u017eb z izsiljevalskim virusom, poimenovanim Crypt0L0cker. Sicer ne gre za novo vrsto virusa, se pa v zadnjem \u010dasu najbolj pogosto pojavlja med izsiljevalskimi virusi.<\/p>\n<p>V ve\u010dini primerov se virus \u0161iri preko elektronskih sporo\u010dil v tujem jeziku, ki mu je prilo\u017eena priponka zip. Ta vsebuje datoteko s kon\u010dnico .html ali .js, ki vsebujejo mo\u010dno zamaskirano kodo, ki se odkodira v ve\u010d korakih. V kon\u010dni fazi z nekega oddaljenega spletnega stre\u017enika prenese in za\u017eene izvr\u0161ljivo datoteko &#8211; virus Crypt0L0cker.<\/p>\n<p>Omenjeni virus za\u0161ifrira vse datoteke razen datotek z naslednjimi kon\u010dnicami: avi, wav, mp3, gif, ico, png, bmp, txt, html, inf, manifest, chm, ini, tmp, log, url, lnk, cmd, bat, scr, msi, sys, dll, exe.<\/p>\n<p>V vsaki mapi, kjer je za\u0161ifriral datoteke, odlo\u017ei datoteki HOW_TO_RESTORE_FILES.txt in HOW_TO_RESTORE_FILES.html z navodili za restavriranje datotek. Zamenja tudi sliko namizja z navodili za namestitev brskalnika Tor, s katerim uporabnika preusmerijo na spletno stran v omre\u017eju darkweb (domena s kon\u010dnico .onion) z navodili za pla\u010dilo odkupnine.<\/p>\n<p>Avtorji virusa za \u0161ifrirni klju\u010d zahtevajo 499 dolarjev s pla\u010dilom v bitcoinih. Po 78 urah ceno povi\u0161ajo na 999 dolarjev, po enem mesecu pa \u0161ifrirni klju\u010d nepreklicno izbri\u0161ejo.<\/p>\n<p>Uporabniki, ki jim je virus Crypt0L0cker za\u0161ifriral datoteke, se za pomo\u010d glede mo\u017enosti restavriranja datotek lahko obrnejo na SI-CERT.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Nacionalni odzivni center za obravnavo incidentov s podro\u010dja varnosti elektronskih omre\u017eij in informacij SI-CERT je v zadnjem \u010dasu zaznal ve\u010d primerov napadov na slovenske internetne uporabnike. Gre za primere t. i. ribarjenja, katerih namen je kraja gesel za dostop do e-po\u0161te. Poleg tega je center prejel ve\u010d prijav oku\u017eb z izsiljevalskim virusom.<\/p>\n","protected":false},"author":5,"featured_media":148526,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1179],"tags":[2187,1595,2113],"source":[4511],"supertag":[],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v21.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Pozor, \u0161iri se izsiljevalski virus! - Hudo Slovenija<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/\" \/>\n<meta property=\"og:locale\" content=\"sl_SI\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Pozor, \u0161iri se izsiljevalski virus! - Hudo Slovenija\" \/>\n<meta property=\"og:description\" content=\"Nacionalni odzivni center za obravnavo incidentov s podro\u010dja varnosti elektronskih omre\u017eij in informacij SI-CERT je v zadnjem \u010dasu zaznal ve\u010d primerov napadov na slovenske internetne uporabnike. Gre za primere t. i. ribarjenja, katerih namen je kraja gesel za dostop do e-po\u0161te. Poleg tega je center prejel ve\u010d prijav oku\u017eb z izsiljevalskim virusom.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/\" \/>\n<meta property=\"og:site_name\" content=\"Hudo Slovenija\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/hudo.si\" \/>\n<meta property=\"article:published_time\" content=\"2017-02-21T09:49:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/hudo.com\/si\/wp-content\/uploads\/sites\/2\/2016\/10\/profimedia-0261394530.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1250\" \/>\n\t<meta property=\"og:image:height\" content=\"828\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"A. G., STA\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@hudo_si\" \/>\n<meta name=\"twitter:site\" content=\"@hudo_si\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"A. G., STA\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minuti\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/\"},\"author\":{\"name\":\"A. G., STA\",\"@id\":\"https:\/\/hudo.com\/si\/#\/schema\/person\/2391667a63ea075ba94f2f2dc6b77537\"},\"headline\":\"Pozor, \u0161iri se izsiljevalski virus!\",\"datePublished\":\"2017-02-21T09:49:34+00:00\",\"dateModified\":\"2017-02-21T09:49:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/\"},\"wordCount\":456,\"publisher\":{\"@id\":\"https:\/\/hudo.com\/si\/#organization\"},\"keywords\":[\"internet\",\"Slovenija\",\"varnost\"],\"articleSection\":[\"Aktualno\"],\"inLanguage\":\"sl-SI\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/\",\"url\":\"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/\",\"name\":\"Pozor, \u0161iri se izsiljevalski virus! - Hudo Slovenija\",\"isPartOf\":{\"@id\":\"https:\/\/hudo.com\/si\/#website\"},\"datePublished\":\"2017-02-21T09:49:34+00:00\",\"dateModified\":\"2017-02-21T09:49:34+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/#breadcrumb\"},\"inLanguage\":\"sl-SI\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/hudo.com\/si\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Pozor, \u0161iri se izsiljevalski virus!\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/hudo.com\/si\/#website\",\"url\":\"https:\/\/hudo.com\/si\/\",\"name\":\"Hudo Slovenija\",\"description\":\"Vse novice iz Slovenije in sveta\",\"publisher\":{\"@id\":\"https:\/\/hudo.com\/si\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/hudo.com\/si\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"sl-SI\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/hudo.com\/si\/#organization\",\"name\":\"VSN Media\",\"url\":\"https:\/\/hudo.com\/si\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"sl-SI\",\"@id\":\"https:\/\/hudo.com\/si\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/hudo.com\/si\/wp-content\/uploads\/sites\/2\/2021\/03\/hudo-app-2.png\",\"contentUrl\":\"https:\/\/hudo.com\/si\/wp-content\/uploads\/sites\/2\/2021\/03\/hudo-app-2.png\",\"width\":2185,\"height\":2167,\"caption\":\"VSN Media\"},\"image\":{\"@id\":\"https:\/\/hudo.com\/si\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/hudo.si\",\"https:\/\/twitter.com\/hudo_si\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/hudo.com\/si\/#\/schema\/person\/2391667a63ea075ba94f2f2dc6b77537\",\"name\":\"A. G., STA\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"sl-SI\",\"@id\":\"https:\/\/hudo.com\/si\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/e13d22ac3e442658d5025fbbe6238a79?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/e13d22ac3e442658d5025fbbe6238a79?s=96&d=mm&r=g\",\"caption\":\"A. G., STA\"},\"url\":\"https:\/\/hudo.com\/si\/author\/alenka\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Pozor, \u0161iri se izsiljevalski virus! - Hudo Slovenija","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/","og_locale":"sl_SI","og_type":"article","og_title":"Pozor, \u0161iri se izsiljevalski virus! - Hudo Slovenija","og_description":"Nacionalni odzivni center za obravnavo incidentov s podro\u010dja varnosti elektronskih omre\u017eij in informacij SI-CERT je v zadnjem \u010dasu zaznal ve\u010d primerov napadov na slovenske internetne uporabnike. Gre za primere t. i. ribarjenja, katerih namen je kraja gesel za dostop do e-po\u0161te. Poleg tega je center prejel ve\u010d prijav oku\u017eb z izsiljevalskim virusom.","og_url":"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/","og_site_name":"Hudo Slovenija","article_publisher":"https:\/\/www.facebook.com\/hudo.si","article_published_time":"2017-02-21T09:49:34+00:00","og_image":[{"width":1250,"height":828,"url":"https:\/\/hudo.com\/si\/wp-content\/uploads\/sites\/2\/2016\/10\/profimedia-0261394530.jpg","type":"image\/jpeg"}],"author":"A. G., STA","twitter_card":"summary_large_image","twitter_creator":"@hudo_si","twitter_site":"@hudo_si","twitter_misc":{"Written by":"A. G., STA","Est. reading time":"2 minuti"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/#article","isPartOf":{"@id":"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/"},"author":{"name":"A. G., STA","@id":"https:\/\/hudo.com\/si\/#\/schema\/person\/2391667a63ea075ba94f2f2dc6b77537"},"headline":"Pozor, \u0161iri se izsiljevalski virus!","datePublished":"2017-02-21T09:49:34+00:00","dateModified":"2017-02-21T09:49:34+00:00","mainEntityOfPage":{"@id":"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/"},"wordCount":456,"publisher":{"@id":"https:\/\/hudo.com\/si\/#organization"},"keywords":["internet","Slovenija","varnost"],"articleSection":["Aktualno"],"inLanguage":"sl-SI"},{"@type":"WebPage","@id":"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/","url":"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/","name":"Pozor, \u0161iri se izsiljevalski virus! - Hudo Slovenija","isPartOf":{"@id":"https:\/\/hudo.com\/si\/#website"},"datePublished":"2017-02-21T09:49:34+00:00","dateModified":"2017-02-21T09:49:34+00:00","breadcrumb":{"@id":"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/#breadcrumb"},"inLanguage":"sl-SI","potentialAction":[{"@type":"ReadAction","target":["https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/hudo.com\/si\/aktualno\/pozor-siri-se-izsiljevalski-virus\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/hudo.com\/si\/"},{"@type":"ListItem","position":2,"name":"Pozor, \u0161iri se izsiljevalski virus!"}]},{"@type":"WebSite","@id":"https:\/\/hudo.com\/si\/#website","url":"https:\/\/hudo.com\/si\/","name":"Hudo Slovenija","description":"Vse novice iz Slovenije in sveta","publisher":{"@id":"https:\/\/hudo.com\/si\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/hudo.com\/si\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"sl-SI"},{"@type":"Organization","@id":"https:\/\/hudo.com\/si\/#organization","name":"VSN Media","url":"https:\/\/hudo.com\/si\/","logo":{"@type":"ImageObject","inLanguage":"sl-SI","@id":"https:\/\/hudo.com\/si\/#\/schema\/logo\/image\/","url":"https:\/\/hudo.com\/si\/wp-content\/uploads\/sites\/2\/2021\/03\/hudo-app-2.png","contentUrl":"https:\/\/hudo.com\/si\/wp-content\/uploads\/sites\/2\/2021\/03\/hudo-app-2.png","width":2185,"height":2167,"caption":"VSN Media"},"image":{"@id":"https:\/\/hudo.com\/si\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/hudo.si","https:\/\/twitter.com\/hudo_si"]},{"@type":"Person","@id":"https:\/\/hudo.com\/si\/#\/schema\/person\/2391667a63ea075ba94f2f2dc6b77537","name":"A. G., STA","image":{"@type":"ImageObject","inLanguage":"sl-SI","@id":"https:\/\/hudo.com\/si\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/e13d22ac3e442658d5025fbbe6238a79?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/e13d22ac3e442658d5025fbbe6238a79?s=96&d=mm&r=g","caption":"A. G., STA"},"url":"https:\/\/hudo.com\/si\/author\/alenka\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/posts\/213733"}],"collection":[{"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/comments?post=213733"}],"version-history":[{"count":1,"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/posts\/213733\/revisions"}],"predecessor-version":[{"id":213734,"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/posts\/213733\/revisions\/213734"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/media\/148526"}],"wp:attachment":[{"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/media?parent=213733"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/categories?post=213733"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/tags?post=213733"},{"taxonomy":"source","embeddable":true,"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/source?post=213733"},{"taxonomy":"supertag","embeddable":true,"href":"https:\/\/hudo.com\/si\/wp-json\/wp\/v2\/supertag?post=213733"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}