Ziwopsezo zosiyanasiyana zogwiritsa ntchito mitu ya coronavirus zikupitilira kuwonekera pa intaneti. Ndipo lero tikufuna kugawana zambiri za chochitika chimodzi chosangalatsa chomwe chikuwonetsa momveka bwino chikhumbo cha omwe akuukira kuti awonjezere phindu lawo. Chiwopsezo cha gulu la "2-in-1" chimadzitcha CoronaVirus. Ndipo zambiri za pulogalamu yaumbanda zili pansi.
Kugwiritsa ntchito mutu wa coronavirus kudayamba kuposa mwezi wapitawo. Achiwembuwo adatengerapo mwayi chifukwa cha chidwi cha anthu pazambiri zakufalikira kwa mliriwu komanso zomwe adachita. Kuchuluka kwa zidziwitso zosiyanasiyana, mapulogalamu apadera ndi masamba abodza awonekera pa intaneti omwe amasokoneza ogwiritsa ntchito, amaba zidziwitso, ndipo nthawi zina amabisa zomwe zili mu chipangizocho ndikufuna dipo. Izi ndi zomwe pulogalamu yam'manja ya Coronavirus Tracker imachita, kutsekereza mwayi wopeza chipangizocho komanso kufuna dipo.
Nkhani ina yofalitsa pulogalamu yaumbanda inali chisokonezo ndi njira zothandizira ndalama. Mβmaiko ambiri, boma lalonjeza thandizo ndi thandizo kwa nzika wamba ndi oyimilira mabizinesi pa nthawi ya mliri. Ndipo pafupifupi palibe paliponse akulandira chithandizo chosavuta komanso chowonekera. Komanso, ambiri akuyembekeza kuti adzathandizidwa ndi ndalama, koma sakudziwa ngati aphatikizidwa pandandanda wa omwe adzalandira thandizo la boma kapena ayi. Ndipo iwo omwe alandira kale chinachake kuchokera ku boma sangathe kukana thandizo lina.
Izi ndi zomwe owukira amapezerapo mwayi. Amatumiza makalata m'malo mwa mabanki, oyang'anira zachuma ndi akuluakulu a chitetezo cha anthu, kupereka chithandizo. Mukungoyenera kutsatira ulalo ...
Sikovuta kuganiza kuti atatha kuwonekera pa adiresi yokayikitsa, munthu amathera pa malo achinyengo kumene amafunsidwa kuti alowetse zambiri zake zachuma. Nthawi zambiri, nthawi yomweyo ndikutsegula tsamba la webusayiti, owukira amayesa kuwononga kompyuta ndi pulogalamu ya Trojan yomwe cholinga chake ndi kuba zidziwitso zaumwini komanso, makamaka, zidziwitso zachuma. Nthawi zina cholumikizira cha imelo chimaphatikizapo fayilo yotetezedwa ndi mawu achinsinsi yomwe ili ndi "chidziwitso chofunikira chokhudza momwe mungapezere chithandizo cha boma" mu mawonekedwe aukazitape kapena ransomware.
Kuphatikiza apo, posachedwa mapulogalamu ochokera kugulu la Infostealer ayambanso kufalikira pamasamba ochezera. Mwachitsanzo, ngati mukufuna kutsitsa zida zovomerezeka za Windows, nenani wisecleaner[.]zabwino kwambiri, Infostealer ikhoza kubwera yodzaza nayo. Mwa kuwonekera pa ulalo, wosuta amalandira downloader amene dawunilodi pulogalamu yaumbanda pamodzi ndi zofunikira, ndi download gwero amasankhidwa malinga kasinthidwe kompyuta wozunzidwayo.
Coronavirus 2022
Nβchifukwa chiyani tinadutsa ulendo wonsewu? Chowonadi ndi chakuti pulogalamu yaumbanda yatsopano, omwe adayipanga sanaganizire motalika za dzinalo, yangotenga zabwino zonse ndikusangalatsa wozunzidwayo ndi mitundu iwiri ya ziwopsezo nthawi imodzi. Kumbali imodzi, pulogalamu ya encryption (CoronaVirus) yadzaza, ndipo ina, KPOT infostealer.
CoronaVirus ransomware
The ransomware palokha ndi fayilo yaying'ono yoyezera 44KB. Kuopseza ndi kosavuta koma kothandiza. Fayilo yokhazikika imadzikopera yokha pansi pa dzina lachisawawa kuti %AppData%LocalTempvprdh.exe, ndikuyikanso kiyi mu registry WindowsCurrentVersionRun. Kope litayikidwa, choyambiriracho chimachotsedwa.
Monga ma ransomware ambiri, CoronaVirus amayesa kuchotsa zosunga zobwezeretsera zakomweko ndikuyimitsa mthunzi wamafayilo pogwiritsa ntchito malamulo awa:
C:Windowssystem32VSSADMIN.EXE Delete Shadows /All /Quiet
C:Windowssystem32wbadmin.exe delete systemstatebackup -keepVersions:0 -quiet
C:Windowssystem32wbadmin.exe delete backup -keepVersions:0 -quiet
Kenako, pulogalamuyo imayamba kubisa mafayilo. Dzina la fayilo iliyonse yobisidwa lidzakhala ndi [email protected]__ pa chiyambi, ndipo china chirichonse chimakhala chimodzimodzi.
Kuphatikiza apo, chiwombolo chimasintha dzina la C drive kukhala CoronaVirus.
Mu bukhu lililonse lomwe kachilombo kameneka kanatha kupatsira, fayilo ya CoronaVirus.txt imawonekera, yomwe ili ndi malangizo olipira. Dipo ndi ma bitcoins a 0,008 okha kapena pafupifupi $60. Ndiyenera kunena, ichi ndi chithunzi chodzichepetsa kwambiri. Ndipo apa mfundo ndi yakuti wolemba sanadzipangire yekha cholinga chokhala wolemera kwambiri ... kapena, m'malo mwake, adaganiza kuti izi zinali ndalama zabwino kwambiri zomwe wogwiritsa ntchito aliyense atakhala pakhomo payekha akhoza kulipira. Gwirizanani, ngati simungathe kutuluka kunja, ndiye $60 kuti kompyuta yanu igwirenso ntchito sizochuluka.
Kuonjezera apo, Ransomware yatsopano imalemba fayilo yaing'ono ya DOS yomwe ingathe kuchitika mufoda yanthawi yochepa ndikuyilemba mu registry pansi pa kiyi ya BootExecute kuti malangizo olipira awonetsedwe nthawi ina kompyuta ikayambiranso. Kutengera makonda adongosolo, uthengawu suwoneka. Komabe, akamaliza kubisa mafayilo onse, kompyuta iyambiranso.
KPOT infostealer
Ransomware iyi imabweranso ndi mapulogalamu aukazitape a KPOT. Infostealer iyi imatha kuba ma cookie ndi mapasiwedi osungidwa kuchokera pakusakatula kosiyanasiyana, komanso pamasewera omwe adayikidwa pa PC (kuphatikiza Steam), Jabber ndi Skype ma messenger apompopompo. Malo omwe amamukonda amaphatikizanso zambiri za FTP ndi VPN. Atagwira ntchito yake ndikuba zonse zomwe angathe, kazitapeyo amadzichotsa yekha ndi lamulo ili:
cmd.exe /c ping 127.0.0.1 && del C:tempkpot.exe
Sikuti Ransomware panonso
Kuwukira uku, komwe kumalumikizidwanso ndi mutu wa mliri wa coronavirus, kukutsimikiziranso kuti ransomware yamakono ikufuna kuchita zambiri kuposa kungolemba mafayilo anu. Pankhaniyi, wozunzidwayo amakhala pachiwopsezo chokhala ndi mapasiwedi kumasamba osiyanasiyana ndi ma portal abedwa. Magulu omwe ali ndi zigawenga zapaintaneti monga Maze ndi DoppelPaymer akhala aluso pakugwiritsa ntchito zomwe zabedwa kwa ogwiritsa ntchito mwachinyengo ngati sakufuna kulipira kuti abweze mafayilo. Zowonadi, mwadzidzidzi sizofunika kwambiri, kapena wogwiritsa ntchito ali ndi zosunga zobwezeretsera zomwe sizingatengeke ndi ma Ransomware.
Ngakhale ndizosavuta, CoronaVirus yatsopano ikuwonetsa bwino kuti zigawenga za pa intaneti zikufunanso kuwonjezera ndalama zomwe amapeza ndipo akufunafuna njira zina zopezera ndalama. Njira yokhayo si yatsopano - kwa zaka zingapo tsopano, akatswiri a Acronis akhala akuwona ziwopsezo za ransomware zomwe zimabzalanso ma Trojans azachuma pakompyuta ya wozunzidwayo. Kuphatikiza apo, m'masiku ano, kuwukira kwachiwombolo kumatha kukhala ngati chiwonongeko kuti asokoneze chidwi ndi cholinga chachikulu cha omwe akuukira - kutayikira kwa data.
Njira imodzi kapena imzake, chitetezo ku ziwopsezo zotere chikhoza kutheka pogwiritsa ntchito njira yophatikizira yoteteza cyber. Ndipo machitidwe amakono achitetezo amalepheretsa mosavuta ziwopsezo zotere (ndi zigawo zawo zonse) ngakhale asanayambe kugwiritsa ntchito ma aligorivimu a heuristic pogwiritsa ntchito matekinoloje ophunzirira makina. Ngati kuphatikizidwa ndi zosunga zobwezeretsera / zowononga masoka, mafayilo oyamba owonongeka adzabwezeretsedwa nthawi yomweyo.
Kwa iwo omwe ali ndi chidwi, ma hashi amafayilo a IoC:
CoronaVirus Ransomware: 3299f07bc0711b3587fe8a1c6bf3ee6bcbc14cb775f64b28a61d72ebcb8968d3
Kpot infostealer: a08db3b44c713a96fe07e0bfc440ca9cf2e3d152a5d13a70d6102c15004c4240
Ogwiritsa ntchito olembetsedwa okha ndi omwe angatenge nawo gawo pa kafukufukuyu. chonde.
Kodi mudakumanapo ndi kubisa nthawi imodzi ndikubedwa kwa data?
-
19,0%Yes4
-
42,9%No9
-
28,6%Tiyenera kukhala tcheru kwambiri6
-
9,5%Sindinaganizepo za izo2
Ogwiritsa ntchito 21 adavota. Ogwiritsa 5 adakana.
Source: www.habr.com