Kumaqoqo amakhulu amakhompiyutha amaningi atholakala ezikhungweni ze-supercomputing e-UK, eJalimane, eSwitzerland naseSpain, iminonjana yokugetshengwa kwengqalasizinda kanye nokufakwa kwe-malware yezimayini ezifihliwe ze-cryptocurrency ye-Monero (XMR). Ukuhlaziywa okuningiliziwe kwezehlakalo akukakatholakali, kodwa ngokusho kwedatha yokuqala, amasistimu athinteka ngenxa yokwebiwa kwemininingwane evela ezinhlelweni zabacwaningi ababenokufinyelela kokuqhuba imisebenzi ngamaqoqo (muva nje, amaqoqo amaningi ahlinzeka ngokufinyelela abacwaningi bezinkampani zangaphandle abafunda nge-coronavirus ye-SARS-CoV-2 futhi benza inqubo yokumodela ehambisana nokutheleleka nge-COVID-19). Ngemuva kokufinyelela kuqoqo kwelinye lamacala, abahlaseli basebenzise ubungozi ku-Linux kernel ukuze uthole ukufinyelela kwezimpande futhi ufake i-rootkit.
izehlakalo ezimbili lapho abahlaseli basebenzise khona imininingwane ethathwe kubasebenzisi base-University of Krakow (Poland), Shanghai Transport University (China) kanye ne-Chinese Scientific Network. Ukuqinisekisa kuthathwe kubahlanganyeli ezinhlelweni zocwaningo lwamazwe ngamazwe futhi kwasetshenziswa ukuxhuma kumaqoqo nge-SSH. Ukuthi izifakazelo zithwetshulwe kanjani ngempela akukacaci, kodwa kwezinye izinhlelo (hhayi zonke) zezisulu zokuvuza kwephasiwedi, kutholwe amafayela asebenzisekayo e-SSH angcolile.
Ngenxa yalokho, abahlaseli ukufinyelela e-UK-based (University of Edinburgh) cluster , ikleliswe endaweni yama-334 kumakhompyutha amakhulu amakhulu angu-Top500. Ukulandela ukungena okufanayo kwaba kumaqoqo bwUniCluster 2.0 (Karlsruhe Institute of Technology, Germany), ForHLR II (Karlsruhe Institute of Technology, Germany), bwForCluster JUSTUS (Ulm University, Germany), bwForCluster BinAC (University of TΓΌbingen, Germany) kanye noHawk (University of Stuttgart, Germany).
Ulwazi mayelana nezigameko zokuphepha zeqoqo ku (CSCS), ( phezulu 500), (eJalimane) kanye (, ΠΈ Izindawo eziphezulu ze-Top500). Ngaphezu kwalokho, kusukela kubasebenzi ulwazi mayelana nokuyekethisa kwengqalasizinda ye-High Performance Computing Centre e-Barcelona (eSpain) ayikaqinisekiswa ngokusemthethweni.
izinguquko
, ukuthi amafayela amabili asebenzisekayo anonya alandwa kumaseva onakalisiwe, okwasethwa kuwo ifulegi lempande ye-suid: β/etc/fonts/.fontsβ kanye β/etc/fonts/.lowβ. Eyokuqala iyi-bootloader yokusebenzisa imiyalo yegobolondo enamalungelo ezimpande, kanti eyesibili isicoci selogi sokususa iminonjana yomsebenzi womhlaseli. Kusetshenziswe amasu ahlukahlukene ukufihla izingxenye ezinonya, okuhlanganisa ukufaka i-rootkit. , ilayishwe njengemojuli ye-Linux kernel. Kwesinye isimo, inqubo yezimayini yaqalwa ebusuku kuphela, ukuze ingadonseli ukunaka.
Uma isigqekeziwe, umsingathi angase asetshenziselwe ukwenza imisebenzi eyahlukene, efana neyezimayini i-Monero (XMR), ukusebenzisa ummeleli (ukuxhumana nabanye ababungazi bezimayini kanye neseva exhumanisa ukumba), ukusebenzisa ummeleli osuselwa ku-SOCKS osuselwa ku-microSOCKS (ukwamukela wangaphandle. ukuxhumana nge-SSH) kanye nokudlulisela phambili kwe-SSH (iphuzu eliyinhloko lokungena kusetshenziswa i-akhawunti eyonakalisiwe lapho umhumushi wekheli alungiselelwa ukudlulisela kunethiwekhi yangaphakathi). Lapho uxhumeka kubasingathi abasengozini, abahlaseli basebenzisa abasingathi abanamaphrokzi e-SOCKS futhi ngokuvamile baxhunywe nge-Tor noma amanye amasistimu onakalisiwe.
Source: opennet.ru