I-ProHoster > Π‘Π»ΠΎΠ³ > Ukuphatha > I-Adventures ye-Elusive Malware, Ingxenye V: I-DDE Eningi nakakhulu ne-COM Scriptlets

I-Adventures ye-Elusive Malware, Ingxenye V: I-DDE Eningi nakakhulu ne-COM Scriptlets

I-Adventures ye-Elusive Malware, Ingxenye V: I-DDE Eningi nakakhulu ne-COM Scriptlets

Lesi sihloko siyingxenye yochungechunge lwe-Fileless Malware. Zonke ezinye izingxenye zochungechunge:

Kulolu chungechunge lwezihloko, sihlola izindlela zokuhlasela ezidinga umzamo omncane ohlangothini lwabaduni. Esikhathini esedlule isihloko Sikubekele ukuthi kungenzeka ukufaka ikhodi ngokwayo ekulayisheni kwenkundla okuzenzakalelayo ye-DDE ku-Microsoft Word. Ngokuvula idokhumenti enjalo enamathiselwe ku-imeyili yobugebengu bokweba imininingwane ebucayi, umsebenzisi ongaqaphile uzovumela umhlaseli ukuthi abambe iqhaza kukhompuyutha yakhe. Nokho, ekupheleni kuka-2017, iMicrosoft ivaliwe lesi sikhala sokuhlaselwa kwe-DDE.
Ukulungiswa kwengeza okufakiwe kokubhalisa okukhubaza Imisebenzi ye-DDE eZwini. Uma usakudinga lokhu kusebenza, ungabuyisela le nketho ngokunika amandla amakhono amadala e-DDE.

Kodwa-ke, isiqeshana sokuqala simboze iMicrosoft Word kuphela. Ingabe lobu buthakathaka be-DDE bukhona kweminye imikhiqizo ye-Microsoft Office engase isetshenziswe ekuhlaselweni okungekho ikhodi? Yebo, impela. Isibonelo, ungawathola ku-Excel.

Ubusuku be-DDE ephilayo

Ngikhumbula ukuthi okokugcina ngima encazelweni ye-COM scriptlets. Ngiyathembisa ukuthi ngizofika kubo kamuva kulesi sihloko.

Okwamanje, ake sibheke olunye uhlangothi olubi lwe-DDE enguqulweni ye-Excel. NjengaseZwini nje, abanye izici ezifihliwe ze-DDE ku-Excel ikuvumela ukuthi wenze ikhodi ngaphandle komzamo omkhulu. Njengomsebenzisi we-Word owakhula, ngangijwayele izinkambu, kodwa hhayi nhlobo mayelana nemisebenzi ku-DDE.

Kwangimangaza ukufunda ukuthi ku-Excel ngingabiza igobolondo kuseli njengoba kuboniswe ngezansi:

I-Adventures ye-Elusive Malware, Ingxenye V: I-DDE Eningi nakakhulu ne-COM Scriptlets

Ubuwazi ukuthi lokhu kungenzeka? Ngokwami, angikwenzi

Leli khono lokuqalisa igobolondo le-Windows lihlonishwe yi-DDE. Ungacabanga ngezinye izinto eziningi
Izinhlelo zokusebenza ongaxhuma kuzo usebenzisa imisebenzi ye-DDE eyakhelwe ngaphakathi ye-Excel.
Ingabe nawe ucabanga into efanayo engiyicabangayo?

Vumela umyalo wethu ongaphakathi kweseli uqale iseshini ye-PowerShell ebese ilanda futhi isebenzise isixhumanisi - lokhu ukwamukela, esesivele sayisebenzisa ngaphambili. Bona ngezansi:

I-Adventures ye-Elusive Malware, Ingxenye V: I-DDE Eningi nakakhulu ne-COM Scriptlets

Vele unamathisele i-PowerShell encane ukuze ulayishe futhi usebenzise ikhodi yesilawuli kude ku-Excel

Kodwa kukhona okubambekayo: kufanele ufake ngokucacile le datha kuseli ukuze le fomula isebenze ku-Excel. I-hacker ingawusebenzisa kanjani lo myalo we-DDE ukude? Iqiniso liwukuthi uma ithebula le-Excel livuliwe, i-Excel izozama ukuvuselela zonke izixhumanisi ku-DDE. Izilungiselelo ze-Trust Center zinesikhathi eside zinekhono lokukhubaza lokhu noma ukuxwayisa lapho kubuyekezwa izixhumanisi emithonjeni yedatha yangaphandle.

I-Adventures ye-Elusive Malware, Ingxenye V: I-DDE Eningi nakakhulu ne-COM Scriptlets

Ngisho nangaphandle kwamapeshi akamuva, ungakhubaza ukubuyekezwa kwesixhumanisi okuzenzakalelayo ku-DDE

IMicrosoft uqobo ngokwayo weluleka Izinkampani ngo-2017 kufanele zikhubaze izibuyekezo zesixhumanisi ezizenzakalelayo ukuze zivikele ubungozi be-DDE ku-Word ne-Excel. NgoJanuwari 2018, iMicrosoft yakhipha ama-patches e-Excel 2007, 2010 kanye no-2013 akhubaza i-DDE ngokuzenzakalelayo. Lokhu indatshana I-Computerworld ichaza yonke imininingwane yesichibi.

Nokho, kuthiwani ngezingodo zomcimbi?

I-Microsoft nokho ishiye i-DDE ye-MS Word ne-Excel, ekugcineni yabona ukuthi i-DDE ifana nesiphazamisi kunokusebenza. Uma ngesizathu esithile ungakazifaki lezi ziqephu, usengakwazi ukunciphisa ingozi yokuhlaselwa kwe-DDE ngokukhubaza izibuyekezo zezixhumanisi ezizenzakalelayo futhi unike amandla izilungiselelo ezisiza abasebenzisi ukuthi babuyekeze izixhumanisi lapho bevula amadokhumenti namaspredishithi.

Manje umbuzo wesigidi sedola: Uma uyisisulu salokhu kuhlasela, ingabe izikhathi ze-PowerShell eziqaliswe ezinkundleni ze-Word noma amaseli e-Excel azovela kulogi?

I-Adventures ye-Elusive Malware, Ingxenye V: I-DDE Eningi nakakhulu ne-COM Scriptlets

Umbuzo: Ingabe amaseshini e-PowerShell aqaliswe nge-DDE afakiwe? Impendulo: yebo

Uma usebenzisa amaseshini e-PowerShell ngokuqondile usuka kuseli ye-Excel kune-macro, iWindows izongena le micimbi (bona ngenhla). Ngesikhathi esifanayo, angikwazi ukusho ukuthi kuzoba lula ngethimba lezokuphepha ukuthi bese lixhuma wonke amachashazi phakathi kweseshini ye-PowerShell, idokhumenti ye-Excel kanye nomlayezo we-imeyili futhi liqonde ukuthi ukuhlasela kuqale kuphi. Ngizobuyela kulokhu esihlokweni sokugcina ochungechungeni lwami olungapheli ngohlelo olungayilungele ikhompuyutha.

Injani iCOM yethu?

Kwedlule isihloko Ngithinte esihlokweni se-COM scriptlets. Zilungele ngokwazo. ubuchwepheshe, ekuvumela ukuthi udlulise ikhodi, yisho i-JScript, nje njengento ye-COM. Kodwa-ke ama-scriptlets atholwe ngabaduni, futhi lokhu kwabavumela ukuba bathole i-computer yesisulu ngaphandle kokusebenzisa amathuluzi angadingekile. Lokhu Π²ΠΈΠ΄Π΅ΠΎ evela eDerbycon ibonisa amathuluzi e-Windows akhelwe ngaphakathi afana ne-regsrv32 kanye ne-rundll32 eyamukela imibhalo ebhalwe kude njengezimpikiswano, nabaduni empeleni bahlasela ngaphandle kosizo lwe-malware. Njengoba ngibonise okokugcina, ungasebenzisa kalula imiyalo ye-PowerShell usebenzisa i-JScript scriptlet.

Kuvele ukuthi umuntu uhlakaniphe kakhulu umcwaningi uthole indlela yokusebenzisa i-COM scriptlet Π² Idokhumenti ye-Excel. Wathola ukuthi lapho ezama ukufaka isixhumanisi sombhalo noma isithombe esitokisini, kwafakwa iphasela elithile kuso. Futhi le phakheji yamukela buthule i-scriptlet ekude njengokufakwayo (bona ngezansi).

I-Adventures ye-Elusive Malware, Ingxenye V: I-DDE Eningi nakakhulu ne-COM Scriptlets

Boom! Enye indlela ecashile, ethule yokuvula igobolondo usebenzisa imibhalo ye-COM

Ngemuva kokuhlolwa kwekhodi yezinga eliphansi, umcwaningi uthole ukuthi kuyini ngempela iphutha ku-software yephakheji. Kwakungahloselwe ukusebenzisa imibhalo ye-COM, kodwa kuphela ukuxhuma kumafayela. Anginaso isiqiniseko sokuthi ngabe sesikhona yini isiqeshana salokhu kuba sengcupheni. Esifundweni sami siqu ngisebenzisa i-Amazon WorkSpaces ene-Office 2010 efakwe ngaphambili, ngikwazile ukuphindaphinda imiphumela. Nokho, lapho ngizama futhi ngemva kwesikhashana, ayizange isebenze.

Ngethemba ngempela ukuthi ngikutshele izinto eziningi ezithakazelisayo futhi ngasikhathi sinye ngibonise ukuthi abaduni bangangena enkampanini yakho ngendlela eyodwa noma enye efanayo. Ngisho noma ufaka zonke iziqephu zakamuva ze-Microsoft, abaduni basenawo amathuluzi amaningi okuthola isisekelo ohlelweni lwakho, kusukela kuma-VBA macros ngiqale lolu chungechunge kuya ekukhokheni okunonya ku-Word noma i-Excel.

Esihlokweni sokugcina (Ngiyathembisa) kule saga, ngizokhuluma ngendlela yokuhlinzeka ngokuvikela okuhlakaniphile.

Source: www.habr.com

Engeza amazwana