ACBackdoor, malware matsva anokanganisa Linux neWindows

Pablinux

4 maminitsi

ACBackdoor

Maminetsi mashoma apfuura isu takaburitsa chinyorwa chatakati hapana software yakakwana. Uye ndeekuti mabhurawuza akaita seChannel, Edge kana Safari ari "nyore" kubira. Munyaya yacho, takataura kuti software haina kukwana, uye ndizvo zvazviri muzvirongwa / maapplication pamwe neanoshanda masystem, asi pakanga paine kutaura kwekushomeka kunowanikwa muzvirongwa. Iye zvino tinofanirwa kuita zvakafanana, asi pane anoshanda masystem: nyowani malware inobata Linux neWindows yakawanikwa uye zita rayo ndere ACBackdoor.

Kunge yakashuma Kurara Komputa, vezvekuchengetedzeka vatsvaguriri vakawana nyowani muchinjikwa-chikuva backdoor icho inokanganisa mashandiro eWindows neLinux. Iyi malware inogona kushandiswa kuita kodhi yakaipa uye mabhainari pamakomputa akanganisa. Kubva pakuonekwa kwayo, inovandudzwa neboka rine ruzivo mukugadzira zvishandiso zvine hunyanzvi zveLinux, zvese mumazwi aIgnacio Sanmillan anobva kuIntenzer.

ACBackdoor ine njodzi paLinux pane paWindows

Kune maviri akasiyana uye ese ari maviri anogovera iwo iwo iwo wekuraira uye wekutonga server (C2). Nzira dzehutachiona dzavanoshandisa dzakasiyana: iyo vhezheni yeWindows iri kusimudzirwa nekusanganisa zvakanaka nerubatsiro rweFallout Exploit Kit, nepo Linux mubhadharo wakadonhedzwa kuburikidza zvisati zvazivikanwa kuendesa system.

Iyo yazvino vhezheni yemarware inotarisana nematambudziko CVE-2018-15982, yakabatana mbaravara Player, and the CVE-2018-8174, Yakanangana neInternet Explorer VBScript injini. Muzviitiko zvese izvi, chinangwa ndechekutapurira vashanyi kumapeji ewebhu anotungamirirwa nemurwisi. Tinogona kutaura izvozvo, kunyangwe tichisimbirira kuti hapana software yakakwana, mune Flash Player inonaya pamusoro pemvura.

Chinhu chinoshamisa kwazvo, kana kuti ngatitii zvakajairika, ndechekuti iyo Windows vhezheni haina kuunza kutyisidzira kwakaomarara. Shanduro ye ACBackdoor ye Windows i "chiteshi" cheLinux:

Iyo yeLinux yekudyara yakanyatso shamisa kunyorwa kupfuura iyo Windows kudyara, ichijekesa kumisikidza kwekushingirira mashandiro pamwe neakasiyana ekumashure mirairo uye zvimwe zvinowoneka zvisingaonekwe muWindows vhezheni, sekugadzira akasiyana maitiro uye kumisazve maitiro.

Mashandiro anoita iri kumashure

Mushure mekukanganisa komputa, iyo malware inotanga unganidza system ruzivo, kusanganisira maumbirwo ayo uye kero yeMAC. Kuti zvibudirire izvi, inoshandisa maturatifomu-akasarudzika maturusi, ane Windows API mashandiro paWindows, uye iyo UNIX uname chirongwa chinowanzo shandiswa kupurinda system ruzivo paLinux. Kana zvangoitwa neruzivo rwekuunganidza mabasa, ACBackdoor ichawedzera kupinda muRejista yeWindows uye inogadzira akati wandei ekufananidza zvinongedzo, nepo paLinux ichagadzira script initrd kuti uwane kushingirira uye kuvhura otomatiki pane yega reboot.

PaWindows, iyo yekunze yekunze ichaedzawo kuzvishandura pachayo seMsMpEng.exe maitiro, Microsoft Windows Defender antimalware uye spyware utility. MuLinux ichave yakavharidzirwa nekuteedzera Ubuntu's nyowani yekuzivisa ziviso yekushandisa (GadzirisoNotifier) ​​uye ichatumidza zita rako se [kworker / u8: 7-ev], iyo inoenderana neLinux kernel.

ACBackdoor inotumira ruzivo kuburikidza neHTTPS

Kuti utaure nec2 server, ese ari maviri malware shandisa HTTPS senzira yekutaurirana, kutumira ruzivo rwese rwakaunganidzwa seBASE64 encoded payload. Kune rimwe divi, ACBackdoor inogona kugamuchira ruzivo, kuitisa uye kugadzirisa mirairo kubva yakataurwa C2 server, iyo inobvumidza varidzi vayo kuita mirairo yegobolondo, mabhainari uye kugadzirisa malware yatove mune hutachiona system.

Kufunga zvakanaka ndiyo nzira yakanakisa yekudzivirira izvi nemamwe matambudziko e-malware. Chinhu chekutanga kusashanyira mapeji ewebhu anezvinotangira mavambo, chimwe chinhu icho chazvino browser chinobatsira icho chinotiyambira kana webhusaiti iri / inogona kuva nenjodzi. Kune rimwe divi, uye izvi ichokwadi kune chero anoshanda masisitimu, zvinogara zvichikosha kuve nazvo software yakagadziridzwa yatiri kushandisa. Iko hakuna chinhu chakadai seyakakwana software, iyo inosanganisira mashandiro masystem, uye ACBackdoor ndiyo ichangoburwa humbowo hweizvozvo.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   anonymous akadaro
    inoita 4 makore

    Kubva pane flashplayer .... ndokumbirawo uone chiremba wepfungwa.
    Ndiani opa cube iyo ichiri kushandisa flashplayer, isina kumbovapo kwemakore.
    Ini ndinotenda chaizvo kuti muchina uyu unobhadharwa kuti usasvibise gnu / linux, ini handina dzimwe nzira dzakawanda dzekufunga nezvadzo, dzakaipa, dzakaipa, ZVAKAIPA ZVAKAIPA.

    Pindura kune asingazivikanwe
    1.    HACKERCRAC3850K akadaro
      inoita 4 makore

      Kana iwe uine Laptop kana PC uye iwe uchishandisa bhurawuza rako, chero zvazvingava, ndine chokwadi chekuti unoshandisa Adobe Flash player, nekuti kunze kwaizvozvo haugone kuwana hafu yezviziviso uye mapeji acho haashande zvakanaka futi. Kana iwe usingazive nezvazvo, usataure chero chinhu

      Pindura HACKERCRAC3850K
  2.   Daniel akadaro
    inoita 4 makore

    Ufffff, kungwarira ipapo yenzvimbo dzinopokana, mumazuva edu hapana munhu akachengeteka zvachose. Chakanakisa chinyorwa chinyorwa, kukwazisa.

    Pindura Danieri
  3.   Leo akadaro
    inoita 4 makore

    Vane zvekuchenesa zvishandiso zvakagadzirwa zveLinux kurwisa izvi hutachiona?

    Pindura kuna Leo
    1.    Pepe akadaro
      inoita 4 makore

      Kuchenesa maturusi?
      Ichave ichiisa antimalware, kana zvimwe kana zvishoma. Ndosaka ndisingashandisi linux, chero chinhu chinopinda mukati imomo chinogara, ndichingoona mamwe maseva ane Trojans mukati kwemakore.

      Pindura Pepe