Kafukufuku wa labotale 360 Netlab adanenanso za kuzindikirika kwa pulogalamu yaumbanda yatsopano ya Linux, yotchedwa RotaJakiro komanso kukhazikitsidwa kwa khomo lakumbuyo lomwe limakupatsani mwayi wowongolera dongosolo. Pulogalamu yaumbandayo ikadayikidwa ndi omwe akuwukira atagwiritsa ntchito zovuta zomwe sizinachitike mudongosolo kapena kungoganiza mawu achinsinsi ofooka.
Khomo lakumbuyo lidapezeka pakuwunika kuchuluka kwa magalimoto okayikitsa kuchokera ku imodzi mwamadongosolo amakina, omwe adadziwika pakuwunika momwe botnet idagwiritsidwa ntchito pakuwukira kwa DDoS. Izi zisanachitike, RotaJakiro sanadziwike kwa zaka zitatu; makamaka kuyesa koyamba kusanthula mafayilo okhala ndi ma MD5 hashes ofanana ndi pulogalamu yaumbanda yomwe yadziwika mu VirusTotal inali ya Meyi 2018.
Chimodzi mwazinthu za RotaJakiro ndikugwiritsa ntchito njira zosiyanasiyana zobisala mukamagwira ntchito ngati wosuta komanso muzu. Kuti abise kukhalapo kwake, khomo lakumbuyo limagwiritsa ntchito mayina a systemd-daemon, session-dbus ndi gvfsd-helper, zomwe, chifukwa cha kugawanika kwa Linux zamakono ndi mitundu yonse ya ntchito zothandizira, poyang'ana poyamba zinkawoneka ngati zovomerezeka ndipo sizinadzutse kukayikira.
Mukayendetsedwa ndi ufulu wa mizu, zolemba /etc/init/systemd-agent.conf ndi /lib/systemd/system/sys-temd-agent.service adapangidwa kuti atsegule pulogalamu yaumbanda, ndipo fayilo yoyipa yomwe ingathe kuchitidwayo idapezeka ngati / bin/systemd/systemd -daemon ndi /usr/lib/systemd/systemd-daemon (ntchitoyo idabwerezedwa m'mafayilo awiri). Mukamagwira ntchito ngati munthu wokhazikika, fayilo yoyambira yokha $HOME/.config/au-tostart/gnomehelper.desktop idagwiritsidwa ntchito ndipo zosintha zidapangidwa ku .bashrc, ndipo fayilo yoyeserera idasungidwa ngati $HOME/.gvfsd/.profile/gvfsd -helper ndi $HOME/ .dbus/sessions/session-dbus. Mafayilo onse omwe amatha kuchitidwa adayambitsidwa nthawi imodzi, iliyonse yomwe imayang'anira kukhalapo kwa ina ndikuyibwezeretsa ngati itatha.
Kuti abise zotsatira za ntchito zawo kumbuyo, ma aligorivimu angapo a encryption adagwiritsidwa ntchito, mwachitsanzo, AES idagwiritsidwa ntchito kubisa zinthu zawo, ndipo kuphatikiza kwa AES, XOR ndi ROTATE kuphatikiza ndi kukakamiza kugwiritsa ntchito ZLIB kunagwiritsidwa ntchito kubisa njira yolumikizirana. ndi seva yowongolera.
Kuti mulandire malamulo owongolera, pulogalamu yaumbanda idalumikizana ndi madambwe 4 kudzera pa network port 443 (njira yolumikizirana idagwiritsa ntchito protocol yake, osati HTTPS ndi TLS). Madera (cdn.mirror-codes.net, status.sublineover.net, blog.eduelects.com ndi news.thaprior.net) adalembetsedwa mu 2015 ndipo mothandizidwa ndi Kyiv hosting provider Deltahost. Ntchito zoyambira za 12 zidaphatikizidwa kumbuyo, zomwe zimalola kutsitsa ndikuchita mapulagini okhala ndi magwiridwe antchito apamwamba, kutumiza deta yazida, kulowetsa deta yodziwika bwino ndikuwongolera mafayilo am'deralo.
Source: opennet.ru