|
|
|
|
|
|
by moyix
3753 days ago
|
|
|
The server isn't on EC2, it's hosted on Tor. The malware uses an HTTP-to-TOR gateway service (onion.nu and onion.link) to pull down the encryption key and README file from one of three different hidden services. In theory you could try to get the gateways to block the connections, but I'm not sure they're likely to be cooperative. |
|
|