ESET yakaratidza 21 yakaipa mapakeji anotsiva OpenSSH

Darkcrizt

4 maminitsi

ESET Linux

ESET nguva pfupi yadarika yakaita posvo (53 peji PDF) uko inoratidza mhedzisiro yekutarisa kwevamwe Trojan mapakeji kuti hackers akaiswa mushure mekukanganisa Linux inomiririra.

Izvi ckuitira kuti usiye musuwo wekumashure kana kuti ubvise mapassword emushandisi uku uchibatanidza kune mamwe mauto.

Zvese zvinofungidzirwa zvakasiyana zveTrojan software zvakatsiva OpenSSH mutengi kana sevha maitiro maitiro.

Nezve zvakaonekwa mapaketi

ari 18 sarudzo dzakatarwa dzaisanganisira mabasa ekutora mapassword ekupinda uye kiyi yekunyorera uye gumi neshanu yakapihwa kumashure mabasa iyo inobvumira anorwisa kuti awane pachivande kupinda kune akabiwa mutariri achishandisa chirevo chakatsanangurwa.

Uyezve, lVatsvagiri vakaona kuti SSH backdoor inoshandiswa neVashandisi veRimaLeech yakafanana neiya yakashandiswa naCarbanak makore mashoma gare gare uye izvo vatambi vekutyisidzira vakagadzira huwandu hwakawanda hwekunetseka mukushandisa kwekunze kwekunze, kubva kuzvirongwa zvakashata zvinowanikwa kuruzhinji. Zvirongwa zveNetwork uye sampuli.

Izvi zvaigoneka sei?

Zvinhu zvinokuvadza zvakaendeswa mushure mekurwisa kwakabudirira pachirongwa; sekutonga, varwisi vakawana mukana kuburikidza nesarudzo yemamwe mapassword kana kushandisa zvisizvo zvisina kunyorwa mumashandisirwo ewebhu kana madhiraivha eseva, mushure mezvo masisitimu echinyakare akashandisa kurwisa kuwedzera rombo ravo.

Iyo yekuzivisa nhoroondo yezvirongwa zvakashata izvi inofanirwa kutariswa.

Mukuita kwekuongorora Windigo botnet, vaongorori akateerera kodhi kuti atsive ssh neEbury backdoor, iyo isati yatanga, yakasimbisa kuiswa kwevamwe vemashure eOpenSSH.

Kuona makwikwi eTrojans, runyorwa rwemazita makumi mana ekuongorora rwakashandiswa.

Uchishandisa aya mabasa, Vamiriri veESET vakaona kuti mazhinji acho aisavhara mikova yekumashure yaimbozivikanwa uye vakabva vatanga kutsvaga izvo zvisipo, kusanganisira nekutumira dandemutande remaseva eheoneotot.

Semagumo, 21 Trojan package misiyano inozivikanwa sekutsiva SSH, inoramba ichishanda mumakore achangopfuura.

Linux_Security

Vashandi veESET vanopokana nezvei pamusoro penyaya iyi?

Vatsvakurudzi veESET vakabvuma kuti havana kuwana izvi zvinopararira ruoko rwekutanga. Iko kukudzwa kunoenda kune vanogadzira imwe Linux malware inonzi Windigo (aka Ebury).

ESET inoti ichiri kuongorora iyo Windigo botnet nepakati payo Ebury backdoor, vakaona kuti Ebury yaive nemukati mechimiro iyo yaitsvaga mamwe emuno akaisirwa OpenSSH madhoo ekumashure.

Maitiro akaita timu yeWindigo izvi, ESET akadaro, kwaive kushandisa Perl script iyo yakaongorora makumi mana masiginecha (hashes).

"Patakaongorora masiginecha aya, takakurumidza kuona kuti takanga tisina masampuli akaenzana nemikova yekumashure yakatsanangurwa muchinyorwa ichi," akadaro Marc-Etienne M. Léveillé, muongorori wezve malware.

"Vashandisi ve malware chaizvo vaive neruzivo rwakawanda uye kuoneka kweSSH backdoors kupfuura isu," akawedzera.

Chirevo hachiende mune zvakadzama nezvekuti vashandisi ve botnet vanodyara sei idzi OpenSSH shanduro pane vane hutachiona hutachiona.

Asi kana isu takadzidza chero chinhu kubva kumishumo yapfuura pane Linux malware mashandiro, ndizvozvo Vabiridzi vanowanzo vimba nematekinoroji ekare ekare kuti vawane nzvimbo paLinux masisitimu:

Brute simba kana duramazwi kurwisa kunoedza kufungidzira SSH mapassword. Uchishandisa mapassword akasimba kana akasarudzika kana IP kusefa sisitimu yeSSH logins inofanirwa kudzivirira idzi mhando dzekurwiswa

Kushandiswa kwekusakwanisa mune zvinoshandiswa zvinomhanya pane server yeLinux (semuenzaniso, webhu kunyorera, CMS, nezvimwewo).

Kana iko kunyorera / sevhisi isina kugadziridzwa ine midzi yekuwana kana kana iye anorwisa akashandisa mukana wekukwira kwekukwira, kukanganisa kwakajairika kwekutanga kwema plugins echinyakare eWordPress kunogona kukwidziridzwa nyore nyore kune iri pasi pekushandisa system.

Kuchengeta zvese zviri zvechizvino, zvese mashandiro uye mashandiro anomhanyisa pairi anofanirwa kudzivirira rudzi urwu rwekurwiswa.

Se vakagadzirira script uye mitemo yeantivirus uye tafura ine simba ine hunhu hwerudzi rwese rweSSH Trojans.

Mafaira akanganiswa paLinux

Zvakare nekuwedzera mafaera akagadzirwa musystem uye mapassword ekuti uwane kuburikidza nemusuwo wekumashure, kuti uone zvikamu zveOpenSSH zvakatsiviwa.

Somuenzaniso, mune zvimwe zviitiko, mafaera senge iwo anoshandiswa kurekodha mapassword akabatwa:

  • "/Usr/include/sn.h",
  • "/Usr/lib/mozilla/extensions/mozzlia.ini",
  • "/Usr/local/share/man/man1/Openssh.1",
  • "/ Etc / ssh / ssh_known_hosts2",
  • "/Usr/share/boot.sync",
  • "/Usr/lib/libpanel.so.a.3",
  • "/Usr/lib/libcurl.a.2.1",
  • "/ Var / danda / utmp",
  • "/Usr/share/man/man5/ttyl.5.gz",
  • "/Usr/share/man/man0/.cache",
  • "/Var/tmp/.pipe.sock",
  • "/Etc/ssh/.sshd_auth",
  • "/Usr/include/X11/sessmgr/coredump.in",
  • «/ Etc / gshadow-«,
  • "/Etc/X11/.pr"

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

  1.   nick89 akadaro
    inoita 5 makore

    chinyorwa chinonakidza
    tsvaga rimwe nerimwe mune madhairekitori uye uwane rimwe
    "/ Etc / gshadow--",
    chii chichaitika kana ndikadzima

    Pindura kunick89
  2.   Jorge akadaro
    inoita 5 makore

    Iyo "gshadow" faira rinowonekawo kwandiri uye rinokumbira midzi mvumo yekuiongorora ...

    Pindura Jorge