0

1

باج افزار WCry ابتدا سیستم را  آلوده نموده و پس از  Encrypt کردن اطلاعات، از شما می خواهد تا 300 دلار پول به صورت Bitcoin به حساب صاحبان باج افزار واریز کنید. در صورتی که بعد از گذشت 3 روز مبلغ درخواستی را پرداخت نکنید،  باید مبلغ 600 دلار پرداخت کنید و اگر مجدد تا 7 روز این مبلغ را واریز نکنید، باج افزار اطلاعات Encrypt شده را حذف می کند.
این باج افزار با استفاده از ضعفی که در SMBv1  پیدا شده است سیستم ها را آلوده می کند و بعد از آن اقدام به Encypt کردن فایل ها می کند. همچنین توانایی انتشار خود به سایر سیستم های آسیب پذیر  با استفاده از شبکه را دارد. (SMBv1  در سیستم عامل های مایکروسافت مورد استفاده قرار می گیرد.)
سیستم هایی که SMBv1 در آن ها فعال است در معرض آلودگی به به این باج افزار هستند. SMB پروتکل اشتراک گذاری فایل در سیستم عامل ویندوز است. این پروتکل نسخه های مختلفی دارد و همراه با عرضه نسخه های جدیدتر ویندوز، نسخه های جدیدی از SMB عرضه شده است. البته به منظور سازگاری با سیستم عامل های قدیمی تر، نسخه های قبلی SMB هم در ویندوزهای جدید پشتیبانی می شود.

  • منتشر شده توسط: zahra
  • 17 تیر 1397
  • 9 ماه پیش

ارسال پاسخ :


به جمع کاربران آذرآنلاین بپیوندید.

Whoops! There was an error.
ErrorException (E_NOTICE)
ob_end_flush(): failed to send buffer of zlib output compression (0) ErrorException thrown with message "ob_end_flush(): failed to send buffer of zlib output compression (0)" Stacktrace: #3 ErrorException in /home/community/public_html/vendor/symfony/http-foundation/Response.php:1285 #2 ob_end_flush in /home/community/public_html/vendor/symfony/http-foundation/Response.php:1285 #1 Symfony\Component\HttpFoundation\Response:closeOutputBuffers in /home/community/public_html/vendor/symfony/http-foundation/Response.php:378 #0 Symfony\Component\HttpFoundation\Response:send in /home/community/public_html/public/index.php:58
3
ErrorException
/
vendor
/
symfony
/
http-foundation
/
Response.php
1285
2
ob_end_flush
/
vendor
/
symfony
/
http-foundation
/
Response.php
1285
1
Symfony
\
Component
\
HttpFoundation
\
Response
closeOutputBuffers
/
vendor
/
symfony
/
http-foundation
/
Response.php
378
0
Symfony
\
Component
\
HttpFoundation
\
Response
send
/
public
/
index.php
58
/
home
/
community
/
public_html
/
vendor
/
symfony
/
http-foundation
/
Response.php
    /**
     * Cleans or flushes output buffers up to target level.
     *
     * Resulting level can be greater than target level if a non-removable buffer has been encountered.
     *
     * @param int  $targetLevel The target output buffering level
     * @param bool $flush       Whether to flush or clean the buffers
     *
     * @final since version 3.3
     */
    public static function closeOutputBuffers($targetLevel, $flush)
    {
        $status = ob_get_status(true);
        $level = \count($status);
        // PHP_OUTPUT_HANDLER_* are not defined on HHVM 3.3
        $flags = \defined('PHP_OUTPUT_HANDLER_REMOVABLE') ? PHP_OUTPUT_HANDLER_REMOVABLE | ($flush ? PHP_OUTPUT_HANDLER_FLUSHABLE : PHP_OUTPUT_HANDLER_CLEANABLE) : -1;
 
        while ($level-- > $targetLevel && ($s = $status[$level]) && (!isset($s['del']) ? !isset($s['flags']) || ($s['flags'] & $flags) === $flags : $s['del'])) {
            if ($flush) {
                ob_end_flush();
            } else {
                ob_end_clean();
            }
        }
    }
 
    /**
     * Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
     *
     * @see http://support.microsoft.com/kb/323308
     *
     * @final since version 3.3
     */
    protected function ensureIEOverSSLCompatibility(Request $request)
    {
        if (false !== stripos($this->headers->get('Content-Disposition'), 'attachment') && 1 == preg_match('/MSIE (.*?);/i', $request->server->get('HTTP_USER_AGENT'), $match) && true === $request->isSecure()) {
            if ((int) preg_replace('/(MSIE )(.*?);/', '$2', $match[0]) < 9) {
                $this->headers->remove('Cache-Control');
            }
        }
Arguments
  1. "ob_end_flush(): failed to send buffer of zlib output compression (0)"
    
/
home
/
community
/
public_html
/
vendor
/
symfony
/
http-foundation
/
Response.php
    /**
     * Cleans or flushes output buffers up to target level.
     *
     * Resulting level can be greater than target level if a non-removable buffer has been encountered.
     *
     * @param int  $targetLevel The target output buffering level
     * @param bool $flush       Whether to flush or clean the buffers
     *
     * @final since version 3.3
     */
    public static function closeOutputBuffers($targetLevel, $flush)
    {
        $status = ob_get_status(true);
        $level = \count($status);
        // PHP_OUTPUT_HANDLER_* are not defined on HHVM 3.3
        $flags = \defined('PHP_OUTPUT_HANDLER_REMOVABLE') ? PHP_OUTPUT_HANDLER_REMOVABLE | ($flush ? PHP_OUTPUT_HANDLER_FLUSHABLE : PHP_OUTPUT_HANDLER_CLEANABLE) : -1;
 
        while ($level-- > $targetLevel && ($s = $status[$level]) && (!isset($s['del']) ? !isset($s['flags']) || ($s['flags'] & $flags) === $flags : $s['del'])) {
            if ($flush) {
                ob_end_flush();
            } else {
                ob_end_clean();
            }
        }
    }
 
    /**
     * Checks if we need to remove Cache-Control for SSL encrypted downloads when using IE < 9.
     *
     * @see http://support.microsoft.com/kb/323308
     *
     * @final since version 3.3
     */
    protected function ensureIEOverSSLCompatibility(Request $request)
    {
        if (false !== stripos($this->headers->get('Content-Disposition'), 'attachment') && 1 == preg_match('/MSIE (.*?);/i', $request->server->get('HTTP_USER_AGENT'), $match) && true === $request->isSecure()) {
            if ((int) preg_replace('/(MSIE )(.*?);/', '$2', $match[0]) < 9) {
                $this->headers->remove('Cache-Control');
            }
        }
/
home
/
community
/
public_html
/
vendor
/
symfony
/
http-foundation
/
Response.php
    {
        echo $this->content;
 
        return $this;
    }
 
    /**
     * Sends HTTP headers and content.
     *
     * @return $this
     */
    public function send()
    {
        $this->sendHeaders();
        $this->sendContent();
 
        if (\function_exists('fastcgi_finish_request')) {
            fastcgi_finish_request();
        } elseif (!\in_array(\PHP_SAPI, array('cli', 'phpdbg'), true)) {
            static::closeOutputBuffers(0, true);
        }
 
        return $this;
    }
 
    /**
     * Sets the response content.
     *
     * Valid types are strings, numbers, null, and objects that implement a __toString() method.
     *
     * @param mixed $content Content that can be cast to string
     *
     * @return $this
     *
     * @throws \UnexpectedValueException
     */
    public function setContent($content)
    {
        if (null !== $content && !\is_string($content) && !is_numeric($content) && !\is_callable(array($content, '__toString'))) {
            throw new \UnexpectedValueException(sprintf('The Response content must be a string or object implementing __toString(), "%s" given.', \gettype($content)));
Arguments
  1. 0
    
  2. true
    
/
home
/
community
/
public_html
/
public
/
index.php
 
/*
|--------------------------------------------------------------------------
| Run The Application
|--------------------------------------------------------------------------
|
| Once we have the application, we can handle the incoming request
| through the kernel, and send the associated response back to
| the client's browser allowing them to enjoy the creative
| and wonderful application we have prepared for them.
|
*/
 
$kernel = $app->make(Illuminate\Contracts\Http\Kernel::class);
 
$response = $kernel->handle(
    $request = Illuminate\Http\Request::capture()
);
 
$response->send();
 
$kernel->terminate($request, $response);
 

Environment & details:

empty
empty
empty
empty
empty
Key Value
PATH
"/bin:/usr/bin:/usr/local/bin"
HTTP_ACCEPT
"text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
HTTP_ACCEPT_ENCODING
"gzip"
HTTP_CONNECTION
"close"
HTTP_HOST
"community.azaronline.com"
HTTP_USER_AGENT
"CCBot/2.0 (https://commoncrawl.org/faq/)"
HTTP_IF_MODIFIED_SINCE
"Mon, 21 Jan 2019 07:10:49 GMT"
HTTP_X_FORWARDED_FOR
"34.236.145.124"
HTTP_CDN_LOOP
"cloudflare"
HTTP_CF_CONNECTING_IP
"34.236.145.124"
HTTP_CF_IPCOUNTRY
"US"
HTTP_CF_ORIGIN_HTTPS
"on"
HTTP_CF_RAY
"4bdddafff840cf16-ORD"
HTTP_CF_VISITOR
"{"scheme":"https"}"
HTTP_X_FORWARDED_PROTO
"https"
DOCUMENT_ROOT
"/home/community/public_html"
REMOTE_ADDR
"34.236.145.124"
REMOTE_PORT
"56036"
SERVER_ADDR
"37.72.169.219"
SERVER_NAME
"community.azaronline.com"
SERVER_ADMIN
"webmaster@community.azaronline.com"
SERVER_PORT
"443"
REQUEST_URI
"/topic/71/%D8%A8%D8%A7%D8%AC-%D8%A7%D9%81%D8%B2%D8%A7%D8%B1-wannacry"
REDIRECT_URL
"/public/topic/71/باج-افزار-wannacry"
PROXY_REMOTE_ADDR
"162.158.72.22"
HTTPS
"on"
REDIRECT_STATUS
"200"
BASE
"/public"
SSL_PROTOCOL
"TLSv1.2"
SSL_SESSION_ID
"ba9936ab7315acc75f2fef90e0ace07c7b673f7f86c76a12dfeb16b5d2539714"
SSL_CIPHER
"ECDHE-RSA-AES256-GCM-SHA384"
SSL_CIPHER_USEKEYSIZE
"256"
SSL_CIPHER_ALGKEYSIZE
"256"
SCRIPT_FILENAME
"/home/community/public_html/public/index.php"
QUERY_STRING
""
SCRIPT_URI
"https://community.azaronline.com/topic/71/باج-افزار-wannacry"
SCRIPT_URL
"/topic/71/باج-افزار-wannacry"
SCRIPT_NAME
"/public/index.php"
SERVER_PROTOCOL
"HTTP/1.1"
SERVER_SOFTWARE
"LiteSpeed"
REQUEST_METHOD
"GET"
X-LSCACHE
"on"
PHP_SELF
"/public/index.php"
REQUEST_TIME_FLOAT
1553652915.2301
REQUEST_TIME
1553652915
argv
[]
argc
0
APP_NAME
"Community"
APP_ENV
"production"
APP_KEY
"base64:8brdUOUXlbb4vgCrZdab1WLd/9PMzBZC4OD6PmSJGNI="
APP_DEBUG
"true"
APP_LOG_LEVEL
"debug"
APP_URL
"https://community.azaronline.com"
SESSION_DOMAIN
".azaronline.com"
DB_CONNECTION
"mysql"
DB_HOST
"localhost"
DB_PORT
"3306"
DB_DATABASE
"communit_comm"
DB_USERNAME
"communit_comm"
DB_PASSWORD
"!#P%37rO-x.f"
BROADCAST_DRIVER
"log"
CACHE_DRIVER
"file"
SESSION_DRIVER
"file"
SESSION_LIFETIME
"120"
QUEUE_DRIVER
"sync"
REDIS_HOST
"127.0.0.1"
REDIS_PASSWORD
"null"
REDIS_PORT
"6379"
PUSHER_APP_ID
""
PUSHER_APP_KEY
""
PUSHER_APP_SECRET
""
WHMCS_UNIQUE_NAME
"WHMCSVM1p1JmdVz96"
WHMCS_UNIQUE_HASH
"w66PfJuR2mdHxLOGGKGF3947yWRP1OInLE3Qenx6zBEXcjuIT0dN08LpUs5M7D0I"
GOOGLE_CLIENT_ID
"1030761251929-s1o3e6qmvakdido5gnl363dor76ful1k.apps.googleusercontent.com"
GOOGLE_CLIENT_SECRET
"s_XoCke9PXD6gJwT8lWZxkvw"
MAIL_DRIVER
"smtp"
MAIL_HOST
"smtp.mandrillapp.com"
MAIL_PORT
"587"
MAIL_USERNAME
"paypal@monovm.com"
MAIL_PASSWORD
"WVPWp0WgdJnYbZ2eLYA14w"
MAIL_ENCRYPTION
"tls"
Key Value
APP_NAME
"Community"
APP_ENV
"production"
APP_KEY
"base64:8brdUOUXlbb4vgCrZdab1WLd/9PMzBZC4OD6PmSJGNI="
APP_DEBUG
"true"
APP_LOG_LEVEL
"debug"
APP_URL
"https://community.azaronline.com"
SESSION_DOMAIN
".azaronline.com"
DB_CONNECTION
"mysql"
DB_HOST
"localhost"
DB_PORT
"3306"
DB_DATABASE
"communit_comm"
DB_USERNAME
"communit_comm"
DB_PASSWORD
"!#P%37rO-x.f"
BROADCAST_DRIVER
"log"
CACHE_DRIVER
"file"
SESSION_DRIVER
"file"
SESSION_LIFETIME
"120"
QUEUE_DRIVER
"sync"
REDIS_HOST
"127.0.0.1"
REDIS_PASSWORD
"null"
REDIS_PORT
"6379"
PUSHER_APP_ID
""
PUSHER_APP_KEY
""
PUSHER_APP_SECRET
""
WHMCS_UNIQUE_NAME
"WHMCSVM1p1JmdVz96"
WHMCS_UNIQUE_HASH
"w66PfJuR2mdHxLOGGKGF3947yWRP1OInLE3Qenx6zBEXcjuIT0dN08LpUs5M7D0I"
GOOGLE_CLIENT_ID
"1030761251929-s1o3e6qmvakdido5gnl363dor76ful1k.apps.googleusercontent.com"
GOOGLE_CLIENT_SECRET
"s_XoCke9PXD6gJwT8lWZxkvw"
MAIL_DRIVER
"smtp"
MAIL_HOST
"smtp.mandrillapp.com"
MAIL_PORT
"587"
MAIL_USERNAME
"paypal@monovm.com"
MAIL_PASSWORD
"WVPWp0WgdJnYbZ2eLYA14w"
MAIL_ENCRYPTION
"tls"
0. Whoops\Handler\PrettyPageHandler