HiddenWasp: i-malware echaphazela iinkqubo zeLinux

Darkcrizt

Imizuzu ye4

EfihliweyoWasp

Kwiintsuku ezithile ezidlulileyo Abaphandi bezokhuseleko bafumanise iindidi ezintsha ze-Linux malware Kubonakala ngathi yenziwe ngabaduni baseTshayina kwaye isetyenziswe njengeendlela zokulawula kude iinkqubo ezosulelekileyo.

Kubizwa ngokuba yi-HiddenWasp, Le malware inendlela yomsebenzisi ye-rootkit, iTrojan, kunye neskripthi sokuqala sokuhambisa.

Ngokungafaniyo nezinye iinkqubo ezinobungozi ezisebenza kwiLinux, ikhowudi kunye nobungqina obuqokelelweyo bubonisa ukuba iikhompyuter ezosulelekileyo sele zichaphazelekile ngaba bagculeli.

Ukuphunyezwa kwe-HiddenWasp kuya kuba linqanaba eliphambili kwikhonkco lokutshatyalaliswa kwesi sisongelo.

Nangona inqaku lisithi asazi ukuba zingaphi iikhompyuter ezosulelekileyo okanye ukuba la manyathelo angentla enziwe njani, kufanele kuqatshelwe ukuba uninzi lweenkqubo zohlobo "lwe-Backdoor" zifakelwe ngokunqakraza kwinto ethile. (ikhonkco, umfanekiso okanye ifayile ephunyeziweyo), ngaphandle komsebenzisi engazi ukuba sisoyikiso.

Ubunjineli kwezentlalo, olu luhlobo lohlaselo olusetyenziswa ziiTrojans ukukhohlisa amaxhoba ukuba afake iipakeji zesoftware ezinje nge-HiddenWasp kwiikhompyuter zazo okanye kwizixhobo eziphathwayo, isenokuba yindlela eyamkelwe ngaba bahlaseli ukufezekisa iinjongo zabo.

Kwindlela yokubaleka kunye nokuthintela isicwangciso, ikiti isebenzisa iskripthi se-bash sikhatshwa yifayile yokubini. Ngokwabaphandi be-Intezer, iifayile ezikhutshelwe kwiTotal Virus zinendlela equlathe igama loluntu lwasenkundleni oluse China.

Malunga neHiddenWasp

I-Malware I-HiddenWasp yenziwe ngezinto ezintathu eziyingozi, ezinje ngeRootkit, iTrojan, kunye neskripthi esibi.

Ezi nkqubo zilandelayo zisebenza njengenxalenye yesoyikiso.

  • Inkqubo yefayile yendawo: Injini ingasetyenziselwa ukufaka zonke iintlobo zeefayile kwimikhosi yexhoba okanye ekuqweqwediseni naluphi na ulwazi lomsebenzisi, kubandakanya ulwazi lomntu kunye nenkqubo. Oku kubaluleke ngakumbi njengoko inokusetyenziselwa ukukhokelela kulwaphulo-mthetho olufana nobusela bemali kunye nobusela besazisi.
  • Ukuphunyezwa komyalelo: Injini ephambili inokuqalisa ngokuzenzekelayo zonke iintlobo zemiyalelo, kubandakanya nezo zinemvume yengcambu, ukuba oko kudlula kukhuseleko kufakiwe.
  • Ulawulo olongezelelweyo lokuhlawula: izifo ezenziweyo zinokusetyenziselwa ukufaka kunye nokwazisa ezinye ii-malware, kubandakanya i -hlengware kunye neeseva ze-cryptocurrency.
  • Imisebenzi yeTrojan: I-Malware ye-HiddenWasp ye-Linux ingasetyenziselwa ukulawula iikhompyuter ezichaphazelekayo.

Kwakhona, i-malware iya kubanjwa kwiiseva zenkampani ebonakalayo yokubamba indawo ebizwa ngokuba yi-Think Dream ebekwe eHong Kong.

"I-Linux malware engaziwa kwamanye amaqonga inokudala imiceli mngeni kuluntu lokhuseleko," ubhale watsho umphandi we-Intezer u-Ignacio Sanmillan kwinqaku lakhe.

"Inyaniso yokuba le nkqubo enobungozi iyakwazi ukuhlala phantsi kwe-radar kufanele ukuba ibe yiflegi ebomvu kumzi mveliso wezokhuseleko ukuzinikela ngakumbi kwimizamo okanye kwizixhobo zokufumana ezi zoyikiso, utshilo.

Ezinye iingcali ziphawule ngalo mbandela, UTom Hegel, umphandi wezokhuseleko e-AT & T Alien Labs:

Zininzi izinto ezingaziwayo, njengoko iziqwenga ezikule khithi zinekhowudi / ukuphinda-phinda ukusebenzisa izixhobo ezahlukeneyo ezivulekileyo. Nangona kunjalo, ngokusekwe kwipateni enkulu yokugqagqana kunye noyilo lwezixhobo, ukongeza ekusetyenzisweni kwayo ekujoliswe kuko, sivavanya ngokuzithemba umbutho kunye neWinnti Umbrella.

UTim Erlin, uSekela Mongameli, uLawulo lweMveliso kunye nesiCwangciso seTripwire:

"I-HiddenWasp ayifani netekhnoloji yayo, ngaphandle kokujolisa kwiLinux. Ukuba ujonga iinkqubo zakho zeLinux ngotshintsho lwefayile, okanye iifayile ezintsha eziza kuvela, okanye olunye utshintsho olukrokrisayo, i-malware inokuchongwa njenge-HiddenWasp ”

Ndiyazi njani ukuba inkqubo yam isengozini?

Ukujonga ukuba ngaba inkqubo yabo inentsholongwane na, banokujonga iifayile ze "ld.so". Ukuba kukho naziphi na iifayile ezingenawo umtya '/etc/ld.so.preload', inkqubo yakho inokuba sesichengeni.

Kungenxa yokuba ukufakelwa kweTrojan kuya kuzama ukubamba iimeko ze-ld.so ukunyanzelisa indlela ye-LD_PRELOAD kwiindawo ezinokungqubana.

Umthombo: https://www.intezer.com/


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Inoxanduva lwedatha: I-AB Internet Networks 2008 SL
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.