I-Symbiote, igciwane elisha, eliyingozi futhi elinobuqili elithinta i-Linux

Pablinux

Imizuzu ye-4

I-Symbiote

Izolo sishicilele udaba lapho sibike khona ukuthi banalo ukukhubazeka okulungisiwe okungu-7 ku-GRUB kwe-Linux. Futhi kungenxa yokuthi asikujwayele noma akulungile: vele kukhona amaphutha okuphepha namagciwane ku-Linux, njengaku-Windows, macOS kanye ne-iOS/iPadOS, izinhlelo ezivaliwe kakhulu ezikhona. Isistimu ephelele ayikho, futhi nakuba ezinye zivikeleke kakhulu, ingxenye yokuvikeleka kwethu kungenxa yokuthi sisebenzisa isistimu yokusebenza enesabelo esincane semakethe. Kodwa okuncane akuyena uziro, futhi lokhu kwaziwa ngabathuthukisi abanonya njengalabo abadalile I-Symbiote.

BekuyiBlackberry ngoLwesine olwedlule kukhale i-alamu, nakuba engaqali kahle uma ezama ukuchaza igama losongo. Ithi i-symbiont iyisilwane esiphila ngokuhambisana nenye into ephilayo. Kuze kube manje senza kahle. Okungekuhle kakhulu uma ethi kwesinye isikhathi i-symbiote ingaba i-parasite lapho izuzisa futhi ilimaza enye, kodwa hhayi, noma enye noma enye: uma kokubili kuzuzisa, njengoshaka kanye ne-remora, kuyi-symbiosis. Uma i-remora ilimaze ushaka, khona-ke izophenduka i-parasite ngokuzenzekelayo, kodwa lesi akusona isigaba sebhayoloji noma idokhumentari yasolwandle.

I-Symbiote ithelela ezinye izinqubo ukuze zidale umonakalo

Ichazwe ngenhla, i-Symbiote ayikwazi ukuba ngaphezu kwe-parasite. Igama lakhe kufanele livele, mhlawumbe, kulokho asibuboni ubukhona bakho. Kungenzeka ukuthi sisebenzisa ikhompuyutha enaleli gciwane ngaphandle kokuyiqaphela, kodwa uma singayiqapheli futhi intshontsha idatha kithi, iyasilimaza, ngakho-ke akukho "symbiosis" engenzeka. I-Blackberry iyachaza:

Okwenza i-Symbiote ihluke kolunye uhlelo olungayilungele ikhompuyutha ye-Linux esivame ukuhlangana nayo ukuthi idinga ukuthelela ezinye izinqubo ezisebenzayo ukuze idale umonakalo emishinini ethelelekile. Kunokuba kube ifayela elisebenzisekayo elizimele lodwa elisetshenziswa ukuthelela umshini, liyilabhulali yento okwabelwana ngayo (i-OS) ezilayisha ngokwayo kuzo zonke izinqubo ezisebenzayo kusetshenziswa i-LD_PRELOAD (T1574.006), bese ingena emshinini. Uma isithelele zonke izinqubo ezisebenzayo, ihlinzeka umlingisi osongelayo ngokusebenza kwe-rootkit, ikhono lokuqoqa imininingwane, kanye nekhono lokufinyelela kude.

Kutholwe ngoNovemba 2021

UBlackberry waqala ukubona iSymbiote ngoNovemba 2021, futhi kubukeka sengathi indawo abaya kuyo iwumkhakha wezezimali waseLatin America. Uma isithelele ikhompuyutha yethu, iyazifihla kanye nanoma iyiphi enye i-malware esetshenziswa usongo, okwenza kube nzima kakhulu ukuthola izifo. Wonke umsebenzi wakho ufihliwe, okuhlanganisa umsebenzi wenethiwekhi, okwenza kucishe kungenzeki ukwazi ukuthi ilapho. Kodwa into embi akukhona ukuthi injalo, kodwa ukuthi inikeza i-backdoor ukuze iziveze njenganoma yimuphi umsebenzisi obhaliswe kukhompuyutha nge-password enokubethela okuqinile, futhi ingenza imiyalo ngamalungelo aphezulu.

Kuyaziwa ukuthi likhona, kodwa lithelele amakhompyutha ambalwa kakhulu futhi abukho ubufakazi obutholakele bokuthi kusetshenziswe ukuhlaselwa okuhlosiwe kakhulu noma okubanzi. I-Symbiote isebenzisa I-Berkeley Packet Filter ukuze fihla ithrafikhi enonya wekhompyutha ethelelekile:

Uma umlawuli eqala noma yiliphi ithuluzi lokuthwebula iphakethe emshinini onegciwane, i-BPF bytecode ijovwa ku-kernel echaza ukuthi yimaphi amaphakethe okufanele athwetshulwe. Kule nqubo, i-Symbiote iqala yengeza i-bytecode yayo ukuze ikwazi ukuhlunga ithrafikhi yenethiwekhi engafuni ukuthi isoftware yokuthwebula iphakethe ibonwe.

I-Symbiote ifihla njengeGorgonite (amaqhawe amancane)

I-Symbiote yakhelwe ukuthi ilayishwe isixhumi nge-LD_PRELOAD. Lokhu kuyivumela ukuthi ilayishe ngaphambi kwanoma yiziphi ezinye izinto okwabelwana ngazo. Njengoba ilayishwe ngaphambilini, ingaduna okungenisiwe kwamanye amafayela omtapo wolwazi alayishwe uhlelo lokusebenza. I-symbiote isebenzisa lokhu ukuze fihla ubukhona babo ukuxhuma ku-libc kanye ne-libpcap. Uma uhlelo lokusebenza lokushaya luzama ukufinyelela ifayela noma ifolda ngaphakathi kwe/proc, uhlelo olungayilungele ikhompuyutha lususa okuphumayo kwamagama enqubo asohlwini lwayo. Uma ingazami ukufinyelela noma yini ngaphakathi/proc, bese isusa umphumela ohlwini lwamafayela.

IBlackberry iphetha indatshana yayo ithi sibhekene nohlelo olungayilungele ikhompuyutha. Yabo inhloso ukuthola iziqinisekiso futhi unikeze i-backdoor kumakhompyutha anegciwane. Kunzima kakhulu ukukubona, ngakho-ke into kuphela esingathemba ngayo ukuthi ama-patches azokhishwa ngokushesha ngangokunokwenzeka. Akwaziwa ukuthi isetshenziswe kakhulu, kodwa iyingozi. Kusukela lapha, njengenjwayelo, khumbula ukubaluleka kokusebenzisa iziqephu zokuphepha ngokushesha nje lapho sezitholakala.


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Unomthwalo wemfanelo ngedatha: AB Internet Networks 2008 SL
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.

  1.   ja kusho
    kwenza iminyaka 2

    nokuthi udinga ukunikeza izimvume zempande yangaphambilini ukuze ukwazi ukuyifaka, akunjalo?

    Phendula ku-ja