HiddenWasp: malware inobata masisitimu eLinux

YakavanzikaWasp

Mamwe mazuva apfuura Vanochengetedza vekuchengetedza vawana mhando nyowani yeLinux malware Zvinotaridza kunge zvakagadzirwa neveChinese vanoba uye zvakashandiswa senzira yekudzora kure masisitimu ane hutachiona.

Inodaidzwa YakavanzwaWasp, Iyi malware ine mushandisi-modhi rootkit, Trojan, uye yekutanga deployment script.

Kusiyana nemamwe mapurogiramu anomhanyisa anomhanya paLinux, kodhi uye humbowo hwakaunganidzwa hunoratidza kuti makomputa ane hutachiona atokanganiswa neavo vakagura.

Kuitwa kweHiddenWasp saka ichave iri nhanho yepamusoro muketani yekuparadzwa kweiyi tyisidziro.

Kunyangwe chinyorwa ichi chichiti isu hatizive kuti mangani makomputa akatapukirwa kana kuti matanho ari pamusoro akaitwa sei, zvinofanirwa kucherechedzwa kuti mazhinji mapurogiramu erudzi rwe "Backdoor" akaiswa nekudzvanya pachinhu. (batanidzo, mufananidzo kana faira rinobatika), pasina mushandisi aona kuti kutyisidzira.

Zvemagariro mainjiniya, inova imwe nzira yekurwisa inoshandiswa neTrojans kunyengedza vanyajambwa kuti vaise mapakeji esoftware senge HiddenWasp pamakomputa avo kana nharembozha, inogona kunge iri nzira inogamuchirwa nevano rwisa kuzadzisa zvinangwa zvavo

Mukutiza kwayo uye nzira yekudzivirira, iyo kit inoshandisa bash script ichiperekedzwa neyakavanzika faira. Sekureva kweveIntezer vaongorori, mafaera akatorwa kubva kuTotal Virus ane nzira ine zita renzveruzhinji revanhu vanogara kuChina.

Nezve HiddenWasp

Malware HiddenWasp inoumbwa nezvinhu zvitatu zvine njodzi, senge Rootkit, Trojan, uye script yakaipa.

Aya anotevera masisitimu ari kushanda sechikamu chekutyisidzira.

  • Yemunharaunda faira sisitimu yekunyengera: Injini inogona kushandiswa kuisa ese marudzi emafaira kune akaitirwa mauto kana kubira chero ruzivo rwemushandisi, kusanganisira zvemunhu uye zvehurongwa ruzivo. Izvi zvinonyanya kunetsekana sezvo zvichishandiswa kutungamira kumatsotsi senge kubiwa kwemari uye kuba chitupa.
  • Raira kuitisa: iyo mainjini inogona otomatiki kutanga ese marudzi ese emirairo, kusanganisira iwo ane midzi mvumo, kana yakadaro yekuchengetedzwa yekudarika inosanganisirwa.
  • Kuwedzera kubhadhara kubhadharira: gadzira hutachiona hunogona kushandiswa kuisa uye kuvhura imwe malware, inosanganisira rudzikunuro uye maseva e cryptocurrency.
  • Trojan mashandiro: HiddenWasp Linux malware inogona kushandiswa kutora makomputa akanganisa.

Uyewo, iyo malware yaizotambirwa pamaseva eiyo chaiyo server inobata kambani inonzi Fungidzira Kurota iri muHong Kong.

"Linux malware ichiri kuzivikanwa kune mamwe mapuratifomu inogona kuunza matambudziko matsva munharaunda yekuchengetedza," akanyora mutsvakurudzi weIntezer Ignacio Sanmillan mune yake chinyorwa.

"Ichokwadi kuti chirongwa ichi chakashata chinokwanisa kugara pasi pe radar chinofanira kuve mureza mutsvuku kune indasitiri yekuchengetedza kupa simba rakawanda kana zviwanikwa kuti vaone kutyisidzira uku," akadaro.

Dzimwe nyanzvi dzakataurawo nezvenyaya iyi, Tom Hegel, muongorori wezvekuchengetedza kuAT&T Alien Labs:

“Kune zvakawanda zvisingazivikanwe, sezvo zvidimbu zveiyi toolkit zvine kodhi / yekushandisa zvakare inopindirana nematurusi akasvinuka akasiyana siyana. Zvisinei, zvichibva pane yakakura patani yekubatana uye dhizaini dhizaini, pamusoro pekushandisa kwayo muzvinangwa, tinoongorora nechivimbo kusangana neWinnti Umbrella. '

Tim Erlin, Mutevedzeri weMutungamiriri, Chigadzirwa Management uye Isu paTripwire:

"HiddenWasp haina kusarudzika muhunyanzvi hwayo, kunze kwekunangisa Linux. Kana iwe uri kuongorora ako maLinux masisitimu ekutsoropodza mafaira shanduko, kana mafaera matsva kuti aoneke, kana kune zvimwe zvinofungidzirwa shanduko, iyo malware inogona kunge ichinzi HiddenWasp ”

Ndinoziva sei kuti system yangu yakanganiswa?

Kuti vatarise kana system yavo yatapukirwa, vanogona kutsvaga ma "ld.so" mafaera. Kana paine chero mafaera asina tambo '/etc/ld.so.preload', system yako inogona kukanganiswa.

Izvi zvinodaro nekuti iyo Trojan inodyara ichaedza kubaya zviitiko zve ld.so kumanikidza iyo LD_PRELOAD mashandiro kubva munzvimbo dzinopokana.

mabviro: https://www.intezer.com/


Izvo zviri muchinyorwa zvinoomerera pamisimboti yedu ye tsika dzekunyora. Kuti utaure chikanganiso tinya pano.

Iva wekutanga kutaura

Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa.

*

*

  1. Inotarisira data: AB Internet Networks 2008 SL
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako

bool (chokwadi)