Dhowr kooxood oo xisaabineed oo waaweyn oo ku yaal xarumaha kombuyuutarada ee UK, Germany, Switzerland iyo Spain, raadadka jabsiga kaabayaasha iyo rakibida malware-ka ee macdanta qarsoon ee Monero (XMR) cryptocurrency. Falanqaynta faahfaahsan ee dhacdooyinka wali lama hayo, laakiin marka loo eego xogta hordhaca ah, nidaamyada ayaa la wiiqay iyadoo ay sabab u tahay xatooyada shahaadooyinka ee nidaamyada cilmi-baarayaasha kuwaas oo fursad u helay inay hawlahooda ku socodsiiyaan kooxahooda (dhawaan, kooxo badan ayaa bixiya marin u helka cilmi-baarayaal dhinac saddexaad ah oo baranaya SARS-CoV-2 coronavirus iyo samaynta qaabaynta habraaca la xidhiidha caabuqa COVID-19). Ka dib markii ay heleen kooxda mid ka mid ah kiisaska, weeraryahanadu waxay ka faa'iideysteen dayacanka gudaha Linux kernel si aad u hesho xididka oo aad u rakibto rootkit.
Laba dhacdo oo ay weeraryahanadu adeegsadeen shahaadooyin laga soo qabtay isticmaalayaasha Jaamacadda Krakow (Poland), Jaamacadda Gaadiidka Shanghai (Shiinaha) iyo Shabakadda Sayniska Shiinaha. Shahaadooyinka waxaa laga soo qaatay ka qaybgalayaasha barnaamijyada cilmi-baarista caalamiga ah waxaana loo adeegsaday in lagu xidho kooxaha SSH. Sida saxda ah ee aqoonsiga loo qabtay wali ma cadda, laakiin nidaamyada qaar (ma wada aha) dhibbanayaasha furaha sirta ah, faylasha SSH ee la fulin karo ayaa la aqoonsaday.
Natiijo ahaan, kuwii weeraray gelida kutlada UK fadhigeedu yahay (Jaamacada Edinburgh). , kaalinta 334th ee Top500 supercomputers ee ugu weyn. Ka dib dhexgalka la midka ah ayaa ahaa kooxaha bwUniCluster 2.0 (Machadka Farsamada Karlsruhe, Germany), ForHLR II (Machadka Farsamada Karlsruhe, Germany), bwForCluster JUSTUS (Ulm University, Germany), bwForCluster BinAC (Jaamacada TΓΌbingen, Germany) iyo Hawk (Jaamacadda Stuttgart, Jarmalka).
Macluumaadka ku saabsan shilalka amniga kooxda (CSCS), ( ugu sarreeya 500), (Jarmalka) iyo (, ΠΈ meelaha Top500). Intaa waxaa dheer, ka shaqaalaha macluumaadka ku saabsan tanaasulka kaabayaasha Xarunta Xisaabinta Waxqabadka Sare ee Barcelona (Spain) weli si rasmi ah looma xaqiijin.
isbedel
, in laba fayl oo xaasidnimo ah oo la fulin karo lagu soo dejiyey server-yada la jabsaday, kuwaas oo calanka suid rootiga loo dejiyay: "/etc/fonts/.fonts" iyo"/etc/fonts/.low". Midka koowaad waa bootloader-ka loogu talagalay socodsiinta amarrada qolofka leh mudnaanta xididka, kan labaadna waa nadiifiyaha log si meesha looga saaro raadadka dhaqdhaqaaqa weerarka. Farsamo kala duwan ayaa loo adeegsaday si loo qariyo qaybaha xaasidnimada leh, oo ay ku jiraan rakibidda rootkit. , oo loo raray sidii moduleka kernel-ka Linux. Hal kiis, habka macdanta ayaa la bilaabay oo kaliya habeenkii, si aan loo soo jiidan dareenka.
Marka la jabsado, martigeliyaha waxaa loo isticmaali karaa in lagu qabto hawlo kala duwan, sida macdanta Monero (XMR), socodsiinta wakiil (si ay ula xiriiraan martigeliyaha kale ee macdanta iyo server-ka isku-duwaya macdanta), socodsiiya wakiil SOCKS-ku salaysan microSOCKS (si loo aqbalo dibadda isku xirka SSH) iyo gudbinta SSH (barta ugu muhiimsan ee galitaanka iyada oo la adeegsanayo akoon la jabiyay kaas oo turjumaan ciwaanka loo habeeyey si loogu gudbiyo shabakada gudaha). Marka lagu xidho martigaliyayaasha la dhibay, weerarayaashu waxay adeegsadeen martigaliyayaasha SOCKS proxies oo caadi ahaan ku xidhan Tor ama habab kale oo la dhibay.
Source: opennet.ru