颜林林的个人网站

啊哈!我终于也收到这封勒索电子邮件了

2019-11-27 00:09

导言: 传说中的勒索电子邮件,逐句读下来,还挺有喜感的。


今天打开邮箱,收到一封上图所示的勒索电子邮件。之前只是道听途说,而这次终于见着“活的”了。由于知道这类邮件多是虚张声势,所以这次见到时,看着满屏都是喜感。逐句读下来,还挺有意思。分享给大家一乐(以下内容英文为邮件原文,穿插的蓝色和绿色中文,分别是我的翻译和解读):

Dear user of mail.cbi.pku.edu.cn!
亲爱的mail.cbi.pku.edu.cn的用户!(邮件域名部分,直接替换到模板中)

I am a spyware software developer.
Your account has been hacked by me in the summer of 2019.
我是一个做间谍程序的码农,(开门见山,自我介绍)
您的帐号已于2019年夏天被我攻破。(详述时间,这得手后还忍了小半年才发邮件,是有耐心呢,还是想表明自己收集了不少数据)

The hacking was carried out using a hardware vulnerability through which you went online (Cisco router, vulnerability CVE-2019-12643).
这次攻击是利用了您上网使用的硬件设备的漏洞(思科路由器,漏洞编号CVE-2019-12643)(怕受害人不相信,给些专业的具体信息,先侃晕再说)

I went around the security system in the router, installed an exploit there.
When you went online, my exploit downloaded my malicious code (rootkit) to your device.
This is driver software, I constantly updated it, so your antivirus is silent all time.
我已经绕过了路由器的系统安全防线,并在上面安装了一个渗透程序。当您连线时,我的这个渗透程序就会下载木马(恶意代码)到您的设备上。
这是驱动程序软件,我一直在更新它,所以您的防病毒软件不会起作用。(详细解释入侵过程,简直就像是在给IT小白做科普;并特别叮嘱防病毒软件不会生效,避免受害人自以为有防病毒软件,就对勒索毫不在乎)

Since then I have been following you (I can connect to your device via the VNC protocol). That is, I can see absolutely everything that you do, view and download your files and any data to yourself.
I also have access to the camera on your device, and I periodically take photos and videos with you.
自那时起,我就盯上您啦(我能通过VNC协议连接到您的设备)。
也就是说,我绝对能够看到您的一举一动,浏览并下载您的文件和任何数据。
我同时也有您设备上摄像头的权限,我能够定期拍下您的照片和视频。(还得向受害人详细科普自己如何访问到内网,以及如何获取文件、照片和视频的;关键信息,多下功夫,挺敬业)

At the moment, I have harvested a solid dirt… on you…
I saved all your email and chats from your messangers. I also saved the entire history of the sites you visit.
此时此刻,我已收获了您的一大堆艳照……
我保存了您的所有电子邮件和聊天记录。我还保存了您访问过的所有网站的历史记录。(这可真是一项浩大且要求特别认真的备份工程啊)

I note that it is useless to change the passwords. My malware update passwords from your accounts every times.
我得提醒您,修改密码是没有用的。我安装的木马每次都会把您的密码记下来。(想得真周到,不让受害人多做无用功,以便将时间花到核心任务上)

I know what you like hard funs (adult sites).
Oh, yes .. I’m know your secret life, which you are hiding from everyone.
Oh my God, what are your like… I saw THIS … Oh, you dirty naughty person … :)
我知道您喜欢找啥乐子(成人网站)。
嗯,是的……我知道您的那点小秘密,背着所有人的小秘密。
哦,我的天哪,您还喜欢这个……我看到了……噢,您可真是个污污小淘气……:)(这段表演真够生动的,可惜是电子邮件,只能用文字表达,除了显得更滑稽外,也没别的作用了)

I took photos and videos of your most passionate funs with adult content, and synchronized them in real time with the image of your camera.
Believe it turned out very high quality!
在您高光激情表演时,我拍了照片和视频,并把它们实时同步了出来。绝对是高质量的哦!(生怕前面表演式的说辞表达不够清楚,特意再强调地陈述一遍)

So, to the business!
I’m sure you don’t want to show these files and visiting history to all your contacts.
所以,来谈笔交易吧!
我敢肯定您并不希望这些文件和访问历史记录被公布给您的所有联系人吧。(嗯,这就是核心恐吓点啦,连这个都不怕,就没啥可怕的了)

Transfer $912 to my Bitcoin cryptocurrency wallet: 1CDKLgab6xUnAwP5q5x3jdDy8978Bt2iCZ Just copy and paste the wallet number when transferring.
If you do not know how to do this - ask Google.
给我比特币钱包转912美元:1CDKLgab6xUnAwP5q5x3jdDy8978Bt2iCZ。只需要拷贝粘贴这串字符码然后转账即可。您要是还不会,自己查Google。(连转帐都不会,这受害人也太菜了,老子都实在不想教了;看来耐心终究也是有限的,转账步骤啊,真是功亏一篑;而且,完全不考虑.cn域名的我们上网有困难嘛)

My system automatically recognizes the translation.
As soon as the specified amount is received, all your data will be destroyed from my server, and the rootkit will be automatically removed from your system.
Do not worry, I really will delete everything, since I am ‘working’ with many people who have fallen into your position.
You will only have to inform your provider about the vulnerabilities in the router so that other hackers will not use it.
我的系统会自动识别转帐。一旦接受到该特定交易额,您的所有数据都将从我的服务器上销毁,木马也会从您的系统上自动清除。(清晰说明自己提供的交换条件:清理数据和木马;问题是,钱转多了也不行么)
别担心,我真的会删除所有东西的,因为我跟其他很多与您同样处境的人,都是这么“交易”的。(还重申自己“讲信誉”,能信么)
您只需要通知您的网络供应商,告诉他们路由器存在漏洞,这样别的黑客就不会再利用该漏洞了。(还友情告知如何避免再中招,不想同行抢生意吧)

Since opening this letter you have 48 hours.
If funds not will be received, after the specified time has elapsed, the disk of your device will be formatted,
and from my server will automatically send email and sms to all your contacts with compromising material.
从收到这封邮件起,您有48小时。
如果到时没有收到钱,您的设备上的硬盘将被自动格式化,同时我的服务器还将通过邮件和短信把那些不雅内容发给您的所有联系人。(套路,还是套路!限制时间,制造紧张感,制造恐慌;艳照恐吓不够,再追加一个格式化本地硬盘的招)

P.S. Do not try to contact me (this is impossible, sender’s address was randomly generated).
备注:不要试图联系我(这是不可能做到的,发件人地址是随机生成的)(强调自己是不会被追踪到的,算是自我打气么)

I advise you to remain prudent and not engage in nonsense (all files on my server).
我建议您保持谨慎,不要做无谓挣扎(所有文件可都还在我的服务器上)(不忘记再威胁一下,说得太多,怕受害人忘记,估计自己都差不多忘记了吧)

Good luck!
祝好运!

言归正传,遭遇这样的邮件,其实完全不必惊慌,惊慌失措,瞎折腾一气,没准反倒误点了对方的链接圈套,让对方掌握了原本其实没有掌握的把柄。平时做到一些基本的信息安全防范意识,就完全可以不用担心这类问题。简单列举几条如下:

  1. 重要数据一定多做备份;
  2. 不明来源的程序一定不要随便打开;
  3. 不要从可疑网站上下载和运行任何程序。
--- END ---

注:本文首发表于“不靠谱颜论”公众号,并同步至本站。