Ikhowudi enobungozi ifunyenwe ngaphakathi kwe-xploits ebanjwe kwi-GitHub

Darkcrizt

Imizuzu ye4

linux itrojan

Indlela ekungeniswa ngayo ikhowudi ekhohlakeleyo iyaqhubeka nokuguquka ngokuthatha iindlela zakudala kunye nokuphucula indlela amaxhoba akhohliswa ngayo.

Kubonakala ngathi imbono yehashe leTrojan iseluncedo nanamhlanje nangeendlela ezichuliweyo kangangokuba uninzi lwethu lunokungaqatshelwa kwaye kutsha nje abaphandi abavela kwiYunivesithi yaseLeiden (eNetherlands) wafunda ingxaki yokupapasha iiprototypes ezingeyonyani kwi-GitHub.

I ngcamango sebenzisa ezi ukuze ukwazi ukuhlasela abasebenzisi abanomdla abafuna ukuvavanya kwaye bafunde ukuba ezinye izinto ezibuthathaka zingasetyenziswa njani ngezixhobo ezinikezelwayo, yenza olu hlobo lwemeko lube lulungele ukwazisa ikhowudi engalunganga yokuhlasela abasebenzisi.

Kuxelwe ukuba kuphononongo Kuhlalutywe inani elipheleleyo lama-47.313 ovimba abaxhatshaziweyo, ukugubungela ubuthathaka obaziwayo obuchongiweyo ukusuka kwi-2017 ukuya ku-2021. Uhlalutyo lokusebenzisa lubonise ukuba i-4893 (10,3%) yazo iqulethe ikhowudi eyenza izenzo ezikhohlakeleyo.

Yiyo loo nto abasebenzisi abathatha isigqibo sokusebenzisa i-exploits epapashiweyo bayacetyiswa ukuba bahlolisise kuqala ujonge ukufakwa okukrokrisayo kwaye uqhube imisebenzi kuphela koomatshini abanenyani abekelwe bucala kwindlela engundoqo.

Ubungqina bengqiqo (PoC) ukuxhaphazwa kobuthathaka obaziwayo kwabelwana ngokubanzi kuluntu lokhuseleko. Banceda abahlalutyi bezokhuseleko bafunde omnye komnye kwaye baququzelele uvavanyo lokhuseleko kunye neqela lenethiwekhi.

Kule minyaka imbalwa idlulileyo, kuye kwaduma kakhulu ukusasaza ii-PoCs ngokomzekelo kwiiwebhusayithi kunye namaqonga, kunye nakwiikhowudi zoluntu ezifana neGitHub. Nangona kunjalo, iindawo zokugcina iikhowudi zoluntu aziboneleli nasiphi na isiqinisekiso sokuba nayiphi na i-PoC enikiweyo ivela kumthombo othembekileyo okanye nokuba yenza kanye loo nto bekumele ukuba iyenze.

Kweli phepha, siphanda ii-PoCs ekwabelwana ngazo kwi-GitHub ngobuthathaka obaziwayo obufunyenwe ngo-2017-2021. Sifumanise ukuba ayizizo zonke ii-PoCs ezithembekileyo.

Malunga nengxaki Iindidi ezimbini eziphambili zezenzo ezigwenxa ziye zachongwa: Izinto ezisetyenziswayo eziqulathe ikhowudi ekhohlakeleyo, umzekelo umva wenkqubo, ukukhuphela iTrojan, okanye ukudibanisa umatshini kwibhotnet, kunye nokuxhaphaza okuqokelela kunye nokuthumela ulwazi olubuthathaka malunga nomsebenzisi.

Kwakhona, udidi olwahlukileyo lwezenzo zobuxoki ezingenabungozi nazo zachongwa abangenzi izenzo ezikhohlakeleyo, kodwa kananjalo aziqulathanga umsebenzi olindelekileyo, umzekelo, yenzelwe ukuqhatha okanye ukulumkisa abasebenzisi abasebenzisa ikhowudi engaqinisekiswanga kwinethiwekhi.

Obunye ubungqina bengqiqo bubugqwirha (okt ababoneleli ngePoC ukusebenza), okanye
nokuba lunya: umzekelo, bazama ukukhupha idatha kwinkqubo abaqhuba kuyo, okanye bazame ukufaka imalware kulaa nkqubo.

Ukujongana nalo mba, sicebise indlela yokukhangela ukuba i-PoC inonya. Indlela yethu isekelwe ekufumaneni iimpawu esizibonileyo kwisethi yedatha eqokelelweyo, ngenxa
Umzekelo, iifowuni eziya kwiidilesi ze-IP ezinobungozi, ikhowudi efihliweyo, okanye ibandakanya iibhinari ezisetyenziswa kwitrojani.

Ngokusebenzisa le ndlela, siye safumanisa iindawo zokugcina ezikhohlakeleyo ezingama-4893 kwezingama-47313
iindawo zokugcina ezikhutshelweyo zaza zaqinisekiswa (oko kukuthi, i-10,3% yogcino olufundiweyo lukhoyo ikhowudi ekhohlakeleyo). Eli nani libonisa ukuxhaphaka okuxhalabisayo kwee-PoCs ezinobungozi phakathi kwekhowudi yokuxhaphaza esasazwe kwi-GitHub.

Iitshekhi ezahlukeneyo zisetyenzisiwe ukubona izenzo ezigwenxa:

  • Ikhowudi yokuxhaphaza yahlaziywa ubukho beedilesi ze-IP zoluntu ezinengcingo, emva koko iidilesi ezichongiweyo zaphinda zaqinisekiswa ngokuchasene nedathabheyisi efakwe kuluhlu olumnyama lweenginginya ezisetyenziselwa ukulawula ii-botnets kunye nokusabalalisa iifayile ezinobungozi.
  • Izinto ezisetyenziswayo ezinikezelweyo kwifomu ehlanganisiweyo ziye zajongwa nge-anti-virus software.
  • Ubukho be-atypical hexadecimal dumps okanye ukufakwa kwifomathi ye-base64 ichongiwe kwikhowudi, emva koko oko kufakiwe kwacaciswa kwaye kwafundwa.

Kukwacetyiswa kwabo basebenzisi bathanda ukwenza iimvavanyo ngokwabo, bathathe imithombo efana ne-Exploit-DB ngaphambili, kuba ezi zizama ukungqinisisa ukusebenza kunye nokuba semthethweni kwee-PoCs. Kuba, ngokuchaseneyo, ikhowudi yoluntu kumaqonga afana neGitHub ayinayo inkqubo yokuqinisekisa.

Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha zophononongo kule fayile ilandelayo, osuka kuyo Ndabelana ngekhonkco lakho.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.