Munyori wePale Moon browser ruzivo nezve kukanganiswa kweiyo archive.palemoon.org server, iyo yakachengeta dura renhoroondo yezvinoburitswa mubrowser kusvika uye kusanganisira shanduro 27.6.2. Munguva yekubira, vapambi vakatapurira mafaera ese anogona kuitiswa nePale Moon installers yeWindows iri pane sevha ine malware. Zvinoenderana nedata rekutanga, kutsiva malware kwakaitwa muna Zvita 27, 2017, uye yakaonekwa chete muna Chikunguru 9, 2019, i.e. akaramba asingaonekwi kwegore nechidimbu.
Sevha ine dambudziko parizvino haina Indaneti kuti iongororwe. Server kubva kwazvino kuburitswa kwakagoverwa
Pale Moon haina kukanganiswa, dambudziko rinongobata ekare maWindows mavhezheni akaiswa kubva mudura (kuburitswa kunoendeswa kudura sezvo shanduro itsva dzinoburitswa). Panguva yekubira, sevha yaimhanyisa Windows uye yaiita muchina wakarendwa kubva kumushandisi Frantech/BuyVM. Izvo hazvisati zvanyatsojeka kuti rudzii rwekusagadzikana rwakashandiswa uye kuti yaive yakanangana neWindows here kana kukanganisa mamwe mashandisirwo echitatu-bato server.
Mushure mekuwana mukana, varwisi vanosarudza kutapurira mafaera ese ee anoenderana nePale Moon (vaisimi uye vanozvibvisa zvinyorwa) neTrojan software. , yakanangana nekubira cryptocurrency nekutsiva bitcoin kero pa clipboard. Mafaira anogona kutevedzerwa mukati mezip archives haana kukanganiswa. Shanduko kumugadziri anogona kunge akaonekwa nemushandisi nekutarisa masiginecha edhijitari kana SHA256 hashes akasungirirwa kumafaira. Iyo malware inoshandiswa inobudirira zvakare maantivirus mazhinji aripo.
Musi waChivabvu 26, 2019, panguva yechiitiko paseva yevanorwisa (hazvina kujeka kana ava vaive vapanduki vakafanana sepakutanga hack kana vamwe), kushanda kwakajairika kwe archive.palemoon.org kwakavhiringidzwa - muenzi haana kukwanisa. kuti utangezve, uye data yakakuvadzwa. Izvi zvaisanganisira kurasikirwa kwehurongwa matanda, ayo angadai akabatanidza mamwe akadzama anoratidza maitiro ekurwisa. Panguva yekutadza uku, vatariri vanga vasingazive nezvekukanganisika uye vakadzoreredza dura rekushandisa vachishandisa CentOS-yakavakirwa nharaunda uye kutsiva FTP kurodha neHTTP. Sezvo chiitiko chacho chisina kucherechedzwa, mafaera kubva kubhegi akange atotapukirwa akaendeswa kune server nyowani.
Kuongorora zvikonzero zvinogoneka zvekukanganisika, zvinofungidzirwa kuti varwisi vakawana mukana nekufungidzira password kuaccount yevashandi, kuwana yakananga yekuwana sevha, kurwisa iyo hypervisor kuti iwane kutonga pamusoro pemamwe machina chaiwo, kubira webhu control panel. , kutora chikamu chiri kure chedesktop (RDP protocol yakashandiswa) kana nekushandisa njodzi muWindows Server. Zviito zvakashata zvakaitwa munharaunda pane sevha uchishandisa script kuita shanduko kune aripo eecutable mafaira, pane kuadhawunirodha kubva kunze.
Munyori wepurojekiti anoti iye chete ndiye aive nemutongi wekupinda kuhurongwa, kuwana kwaigumira kune imwe kero yeIP, uye iyo yepasi Windows OS yakagadziridzwa uye yakadzivirirwa kubva kurwiswa kwekunze. Panguva imwecheteyo, maprotocol eRDP neFTP akashandiswa kuti asvike kure, uye software inogona kunge isina kuchengetedzeka yakatangwa pamushini chaiwo, izvo zvinogona kukonzera kubira. Nekudaro, munyori wePale Moon anoda kutenda kuti kubira kwacho kwakaitwa nekuda kwekusakwana kuchengetedzwa kweiyo chaiyo muchina zvivakwa zveanopa (semuenzaniso, pane imwe nguva, kuburikidza nekusarudzwa kweasina kuchengeteka mupi password uchishandisa yakajairwa virtualization management interface. OpenSSL webhusaiti).
Source: opennet.ru