Ofufuza ochokera ku RACK911 Labs kuti pafupifupi mapaketi onse a antivayirasi a Windows, Linux ndi macOS anali pachiwopsezo chosokonekera ndikuwongolera mikhalidwe pakuchotsa mafayilo omwe pulogalamu yaumbanda idapezeka.
Kuti muwononge, muyenera kukweza fayilo yomwe antivayirasi amazindikira kuti ndi yoyipa (mwachitsanzo, mutha kugwiritsa ntchito siginecha yoyeserera), ndipo pakapita nthawi, antivayirasi atazindikira fayilo yoyipa, koma isanayitane ntchitoyo. kuti muchotse, sinthani chikwatucho ndi fayilo ndi ulalo wophiphiritsa. Pa Windows, kuti mukwaniritse zomwezo, kusintha kwa chikwatu kumachitika pogwiritsa ntchito njira yolumikizirana. Vuto ndiloti pafupifupi ma antivayirasi onse sanayang'ane bwino maulalo ophiphiritsa ndipo, pokhulupirira kuti akuchotsa fayilo yoyipa, adachotsa fayiloyo m'ndandanda yomwe ulalo wophiphiritsa umalozera.
Mu Linux ndi macOS zikuwonetsedwa momwe motere wogwiritsa ntchito wopanda mwayi angachotsere / etc/passwd kapena fayilo ina iliyonse, ndipo mu Windows laibulale ya DDL ya antivayirasi yokhayo kuti itseke ntchito yake (mu Windows kuwukira kumangochotsa. mafayilo omwe sagwiritsidwe ntchito ndi mapulogalamu ena). Mwachitsanzo, wowukira atha kupanga chikwatu cha "exploit" ndikuyika fayilo ya EpSecApiLib.dll yokhala ndi siginecha ya virus yoyesa, kenaka m'malo mwa bukhu la "exploit" ndi ulalo "C:\Program Files (x86)\McAfee\ Endpoint Security\Endpoint Securityβ musanayichotse Platform", zomwe zipangitsa kuti laibulale ya EpSecApiLib.dll ichotsedwe m'gulu la antivayirasi. Mu Linux ndi macos, chinyengo chofananira chitha kuchitidwa mwakusintha chikwatu ndi ulalo wa "/ etc".
#! / bin / sh
rm -rf /home/user/exploit; mkdir /home/user/exploit/
wget -q https://www.eicar.org/download/eicar.com.txt -O /home/user/exploit/passwd
pamene inotifywait -m β/home/user/exploit/passwdβ | grep -m 5 "OPEN"
do
rm -rf /home/user/exploit; ln -s /etc/home/user/exploit
tamaliza
Kuphatikiza apo, mapulogalamu ambiri a antivayirasi a Linux ndi macOS adapezeka kuti amagwiritsa ntchito mayina amafayilo odziwikiratu akamagwira ntchito ndi mafayilo osakhalitsa muzolemba za /tmp ndi /private/tmp, zomwe zitha kugwiritsidwa ntchito kukulitsa mwayi kwa ogwiritsa ntchito.
Pakalipano, mavutowa adakonzedwa kale ndi ogulitsa ambiri, koma n'zochititsa chidwi kuti zidziwitso zoyamba za vutoli zidatumizidwa kwa opanga kumapeto kwa 2018. Ngakhale si onse ogulitsa omwe atulutsa zosintha, apatsidwa miyezi ingapo ya 6 kuti asinthe, ndipo RACK911 Labs ikukhulupirira kuti tsopano ndi yaulere kuwulula zowopsa. Zadziwika kuti RACK911 Labs yakhala ikugwira ntchito yozindikira zofooka kwa nthawi yayitali, koma sizimayembekezera kuti zingakhale zovuta kwambiri kugwira ntchito ndi anzawo ochokera kumakampani a antivayirasi chifukwa chakuchedwa kutulutsa zosintha ndikunyalanyaza kufunikira kokonzekera mwachangu chitetezo. mavuto.
Zinthu zomwe zakhudzidwa (paketi yaulere ya antivayirasi ClamAV sinalembedwe):
- Linux
- BitDefender GravityZone
- Chitetezo cha Comodo Endpoint
- Chitetezo cha Seet File Server
- F-Chitetezo cha Linux
- Chitetezo cha Kaspersy Endpoint
- Chitetezo cha McAfee Endpoint
- Sophos Anti-Virus ya Linux
- Windows
- Avast Free Anti-Virus
- Avira Free Anti-Virus
- BitDefender GravityZone
- Chitetezo cha Comodo Endpoint
- F-Wabwino Computer Protection
- Chitetezo cha FireEye Endpoint
- Chotsani X (Sophos)
- Chitetezo cha Kaspersky Endpoint
- Malwarebytes a Windows
- Chitetezo cha McAfee Endpoint
- Panda dome
- Chitetezo cha Webroot Kulikonse
- macOS
- AVG
- BitDefender Kutetezeka Konse
- Chitetezo cha Eset Cyber
- Kaspersky Internet Security
- McAfee Total Chitetezo
- Microsoft Woteteza (BETA)
- Chitetezo cha Norton
- Nyumba ya Sophos
- Chitetezo cha Webroot Kulikonse
Source: opennet.ru