最近,勒索病毒全球蔓延,近百国遭黑客攻击。—署名为MalwareTech的一名英国信息安全研究员,将该病毒中隐藏的“删除开关”找了出来,成功阻止了该病毒在全球的传播扩散。这位英国小哥分析了病毒代码后发现一个特殊的域名地址,12日之前,网络上完全没有针对该域名的访问,而此后其访问量激增,峰值达到每小时1400多次,出于职业习惯,他花费8.29英镑注册了该域名,注册成功后,这个域名接到了几乎全世界各个国家的电脑连接。随后,安全人员在代码中找到这样的语句:“如果这个域名存在,则退出一切;如果这个域名不存在,则继续攻击。”也就是说,这个域名,是病毒作者为了防止事态失控而留给自己的一个紧急停止开关, 一旦该域名被注册,病毒就会停止传播。事后,英国小哥在twitter上自嘲道:“我坦白,在注册这个域名前,完全不知道能停止这次病毒的传播,这是一个意外。” MalwareTech因此被誉为“以外英雄”
An anonymous internet blogger, who asked to be known only by his online alias Malware Tech, stumbled on the "off switch" that halted an attack by a ransomware virus that affected computer systems in over 100 countries, the BBC reported, citing an interview with the man.
His discovery halted the virus, which freezes computer systems and access to files unless a cash ransom is paid, but will not repair any damage already done, he said.
The blogger, who works for a UK Internet security company, was on a week's holiday when he heard about the virus and decided to check it out.
He told the BBC he saw that each time the virus entered a new computer system, it would try and contact a specific web address, which he discovered was unregistered. He immediately acquired it for eight pounds.
His ownership of the site meant his investigations accidentally triggered the "off switch" and halted the further spread of the virus, which hit Britain's National Health Service, Nissan's car plant in northern England, Spanish telecoms giant Telefonica, Spanish energy company Iberdrola and Russian government ministries, the BBC reported.
MalwareTech now thinks the code was originally designed to thwart researchers trying to investigate the ransomware, but it backfired by letting them remotely disable it.
"It was actually partly accidental," he told the BBC, after spending the night investigating. "I have not slept a wink."
He added that his boss had given him an extra week off to recover from what he called "a train wreck of a holiday."
Security experts said that new variants of the malware that ignore the "kill switch" will appear.
"This variant shouldn't be spreading any further, however there'll almost certainly be copycats," said security researcher Troy Hunt, according to the BBC.
MalwareTech warned: "We have stopped this one, but there will be another one coming and it will not be stoppable by us.
"There's a lot of money in this, there is no reason for them to stop. It's not much effort for them to change the code and start over."