Eli nqaku yinxalenye yothotho lweFayileless Malware. Zonke ezinye iindawo zolu thotho:
- (silapha)
Kolu ngcelele lwamanqaku, siphonononga iindlela zokuhlasela ezifuna umgudu omncinci kwicala labahlaseli. Mandulo Sigubungele ukuba kuyenzeka ukuncamathisela ikhowudi ngokwayo kwi-DDE ye-autofield payload kwi-Microsoft Word. Ngokuvula uxwebhu olunjalo oluqhotyoshelwe kwi-imeyile ye-phishing, umsebenzisi ongaqapheliyo uya kuvumela umhlaseli ukuba afumane indawo kwikhompyutheni yakhe. Nangona kunjalo, ekupheleni kwe2017, iMicrosoft le kroba kuhlaselo kwi DDE.
Ulungiso longeza ungeniso lobhaliso oluvalayo Imisebenzi ye-DDE kwiLizwi. Ukuba usafuna olu sebenziso, ngoko ungabuyisela olu khetho ngokwenza i DDE ubunakho obudala.
Nangona kunjalo, isiqwenga sokuqala sigubungela kuphela iMicrosoft Word. Ngaba obu buthathaka be-DDE bukhona kwezinye iimveliso zeOfisi ka-Microsoft ezinokuthi zisetyenziswe kuhlaselo lwe-no-code? Ewe okuqinisekile. Umzekelo, unokuzifumana nakwi-Excel.
Ubusuku be-DDE ephilayo
Ndiyakhumbula ukuba ixesha lokugqibela ndayeka kwinkcazo ye-COM scriptlets. Ndiyathembisa ukuba ndiza kufika kubo kamva kweli nqaku.
Okwangoku, makhe sijonge kwelinye icala elibi le-DDE kuguqulelo lwe-Excel. Kanye njengeLizwi, abanye iimpawu ezifihlakeleyo zeDDE kwi-Excel ikuvumela ukuba wenze ikhowudi ngaphandle komzamo omkhulu. Njengomsebenzisi weLizwi oye wakhula, ndandiqhelene namasimi, kodwa kungekhona konke malunga nemisebenzi kwi-DDE.
Ndiye ndamangaliswa kukufunda ukuba kwi-Excel ndinokubiza iqokobhe kwiseli njengoko kubonisiwe ngezantsi:
Ubusazi na ukuba oku kunokwenzeka? Ngokomntu, andikwenzi
Oku kukwazi ukuphehlelela iqokobhe le-Windows kungenxa ye-DDE. Unokucinga ngezinye izinto ezininzi
Ii-aplikeshini onokuqhagamshela kuzo usebenzisa i-Excel eyakhelwe-ngaphakathi imisebenzi ye-DDE.
Ngaba nawe ucinga ngale nto ndiyicingayo?
Vumela umyalelo wethu ongaphakathi kwiseli uqale iseshoni yePowerShell ethi emva koko ikhuphele kwaye iphumeze ikhonkco - oku , esele siyisebenzisa ngaphambili. Bona ngezantsi:
Cofa nje i-PowerShell encinci ukuze ulayishe kwaye usebenzise ikhowudi ekude kwi-Excel
Kodwa kukho ukubamba: kufuneka ufake ngokucacileyo le datha kwiseli ukuze le fomula isebenze kwi-Excel. Ingaba ihacker ingawuphumeza njani lo myalelo weDDE ukude? Inyani kukuba xa itheyibhile ye-Excel ivuliwe, i-Excel iya kuzama ukuhlaziya zonke iikhonkco kwi-DDE. Iisetingi zeZiko leTrasti kudala zikwazi ukuvala oku okanye ukulumkisa xa uhlaziywa amakhonkco kwimithombo yedatha yangaphandle.
Nokuba ngaphandle kweziqendu zamva nje, unokukhubaza uhlaziyo lwekhonkco oluzenzekelayo kwi-DDE
IMicrosoft ngokwayo Iinkampani kwi-2017 kufuneka zikhubaze uhlaziyo lwekhonkco oluzenzekelayo ukukhusela ubuthathaka be-DDE kwiLizwi kunye ne-Excel. NgoJanuwari 2018, iMicrosoft yakhupha iipetshi ze-Excel 2007, 2010 kunye no-2013 ezikhubaza iDDE ngokungagqibekanga. Oku IComputerworld ichaza zonke iinkcukacha zepatch.
Kulungile, kuthekani ngezigodo zesiganeko?
U-Microsoft nangona kunjalo uyishiyile i-DDE ye-MS Word kunye ne-Excel, ngoko ke ekugqibeleni iqonde ukuba i-DDE ifana ne-bug kunokusebenza. Ukuba ngesizathu esithile awukafaki ezi ziqwenga, usenako ukunciphisa umngcipheko wokuhlaselwa kwe-DDE ngokukhubaza uhlaziyo lwekhonkco oluzenzekelayo kunye nokuvumela izicwangciso ezenza abasebenzisi bahlaziye amakhonkco xa bevula amaxwebhu kunye ne-spreadsheets.
Ngoku umbuzo wesigidi seedola: Ukuba ulixhoba lolu hlaselo, ngaba iiseshini ze-PowerShell eziqaliswe ukusuka kumhlaba weLizwi okanye iiseli ze-Excel ziya kuvela kwilog?
Umbuzo: Ngaba iiseshoni ze-PowerShell ziqaliswe nge-DDE efakiweyo? Impendulo: ewe
Xa uqhuba iiseshoni zePowerShell ngokuthe ngqo kwiseli ye-Excel kunokuba njenge-macro, iWindows iya kungena ezi ziganeko (jonga ngasentla). Kwangaxeshanye, andinakubanga ukuba kuya kuba lula kwiqela lokhuseleko emva koko lidibanise onke amachaphaza phakathi kweseshoni yePowerShell, uxwebhu lwe-Excel kunye nomyalezo we-imeyile kwaye uqonde apho uhlaselo luqale khona. Ndiza kubuyela kule nto kwinqaku lokugqibela kuthotho lwam olungapheliyo kwi-malware enzima.
Injani iCOM yethu?
Ngaphambili Ndachukumisa isihloko se-scriptlets ze-COM. Bakulungele ngokwabo. , ekuvumela ukuba ugqithise ikhowudi, yithi JScript, ngokulula njengento yeCOM. Kodwa ke i-scriptlets yafunyanwa ngabaduni, kwaye oku kwabavumela ukuba bafumane indawo kwikhompyutheni yexhoba ngaphandle kokusetyenziswa kwezixhobo ezingadingekile. Oku evela eDerbycon ibonisa izixhobo ezakhelwe ngaphakathi ze-Windows ezinje nge-regsrv32 kunye ne-rundll32 ezithatha ii-scriptlets ezikude njengeengxabano, kwaye abahlaseli baqhuba uhlaselo lwabo ngaphandle koncedo lwe-malware. Njengoko bendibonisile okokugqibela, unokusebenzisa ngokulula iPowerShell imiyalelo usebenzisa iJScript scriptlet.
Kwavela ukuba umntu ulumke kakhulu ifumene indlela yokuqhuba i-scriptlet ye-COM Π² Uxwebhu lweExcel. Wafumanisa ukuba xa ezama ukufaka ikhonkco kuxwebhu okanye umfanekiso kwiseli, kufakwa ipasile ethile kuyo. Kwaye le phakheji ngokuzolileyo yamkela i-scriptlet ekude njengegalelo (jonga ngezantsi).
Boom! Enye indlela efihlakeleyo, ethuleyo yokumisela iqokobhe usebenzisa imibhalo ye-COM
Emva kokuhlolwa kwekhowudi ephantsi, umphandi wafumanisa ukuba yintoni ngokwenene impazamo kwisoftware yephakheji. Yayingenzelwanga ukuqhuba imibhalo yescript ye-COM, kodwa ukudibanisa kuphela iifayile. Andiqinisekanga ukuba sele kukho isiqwengana sobu sesichengeni. Kwisifundo sam ndisebenzisa indawo yokusebenzela yeAmazon eneOfisi ka-2010 efakwe ngaphambili, ndiye ndakwazi ukuphinda iziphumo. Noko ke, xa ndaphinda ndazama kamva, ayizange isebenze.
Ndiyathemba ukuba ndikuxelele izinto ezininzi ezinomdla kwaye kwangaxeshanye ndibonise ukuba abahlaseli banokungena kwinkampani yakho ngenye indlela. Nokuba ufaka zonke iipetshi zeMicrosoft zakutsha nje, abahlaseli basenezixhobo ezininzi zokufumana unyawo kwinkqubo yakho, ukusuka kwi-VBA macros ndiqale olu ngcelele ukuya kumthwalo okhohlakeleyo kwiLizwi okanye kwi-Excel.
Kwinqaku lokugqibela (ndiyathembisa) kule saga, ndiza kuthetha malunga nendlela yokubonelela ngokhuseleko oluhlakaniphile.
umthombo: www.habr.com