Umbhali wesiphequluli se-Pale Moon ulwazi olumayelana nokonakala kweseva ye-archive.palemoon.org, egcine ingobo yomlando yokukhishwa kwesiphequluli esidlule kuze kufike futhi kufaka phakathi inguqulo 27.6.2. Ngesikhathi sokugebenga, abahlaseli bathelele wonke amafayela asebenzisekayo ngezifaki zePale Moon zeWindows ezitholakala kuseva nge-malware. Ngokusho kwedatha yokuqala, ukushintshwa kwe-malware kwenziwa ngoDisemba 27, 2017, futhi kwatholwa kuphela ngoJulayi 9, 2019, i.e. wahlala unyaka nesigamu engaziwa.
Iseva eyinkinga okwamanje ayixhunyiwe ku-inthanethi ukuze iphenywe. Iseva okwasatshalaliswa kuyo ukukhishwa kwamanje
I-Pale Moon ayithinteki, inkinga ithinta kuphela izinguqulo ze-Windows ezindala ezifakwe kungobo yomlando (ukukhishwa kuhanjiswa kungobo yomlando njengoba kukhishwa izinguqulo ezintsha). Ngesikhathi sokugetshengwa, iseva ibisebenzisa iWindows futhi ibisebenza emshinini oqashwe ku-opharetha uFrantech/BuyVM. Akukacaci okwamanje ukuthi yiluphi uhlobo lokuba sengozini oluxhashaziwe nokuthi lwaluqondile yini ku-Windows noma luthinte ezinye izinhlelo zokusebenza zeseva yenkampani yangaphandle.
Ngemva kokuthola ukufinyelela, abahlaseli bathelele ngokukhetha wonke amafayela e-exe ahlobene ne-Pale Moon (izifaki nezinqolobane ezizikhiphela ngokwazo) ngesofthiwe yeTrojan. , okuhloswe ngayo ukweba i-cryptocurrency ngokushintsha amakheli e-bitcoin ebhodini lokunamathisela. Amafayela asebenzisekayo ngaphakathi kwezingobo zomlando ze-zip awathinteki. Izinguquko kusifaki kungenzeka zitholwe umsebenzisi ngokubheka amasiginesha edijithali noma ama-hash angu-SHA256 anamathiselwe kumafayela. Uhlelo olungayilungele ikhompuyutha olusetshenzisiwe nalo luphumelele ama-antivirus amaningi amanje.
Ngomhla zingama-26 kuNhlaba, 2019, phakathi nomsebenzi kuseva yabahlaseli (akukacaci ukuthi laba kwakungabahlaseli abafanayo yini ngesikhathi sokugebenga kokuqala noma abanye), ukusebenza okuvamile kwe-archive.palemoon.org kwaphazanyiswa - umsingathi akakwazanga ukuze uqalise kabusha, futhi idatha yonakalisiwe. Lokhu kufaka phakathi ukulahleka kwamalogi esistimu, obekungafaka imikhondo enemininingwane eyengeziwe ekhombisa uhlobo lokuhlasela. Ngesikhathi salokhu kwehluleka, abalawuli bebengazi ngokonakala futhi babuyisele ingobo yomlando ukuthi isebenze kusetshenziswa indawo entsha esekwe ku-CentOS futhi bashintsha ukulandwa kwe-FTP nge-HTTP. Njengoba lesi sigameko singazange siqashelwe, amafayela asuka kukhophi yasenqolobaneni asevele atheleleke adluliselwe kuseva entsha.
Ukuhlaziya izizathu ezingenzeka zokuhlehla, kucatshangwa ukuthi abahlaseli bathole ukufinyelela ngokuqagela iphasiwedi ku-akhawunti yabasebenzi abaphethe, ukuthola ukufinyelela okuqondile ngokomzimba kuseva, ukuhlasela i-hypervisor ukuze bathole ukulawula eminye imishini ebonakalayo, ngokugebenga iphaneli yokulawula iwebhu. , ukuphazamisa iseshini yedeskithophu ekude (isetshenzisiwe iphrothokholi ye-RDP) noma ngokusebenzisa ubungozi ku-Windows Server. Izenzo ezinonya zenziwa endaweni kuseva kusetshenziswa iskripthi ukwenza izinguquko kumafayela asebenzisekayo akhona, kunokuwadawuniloda kabusha ngaphandle.
Umbhali wephrojekthi uthi uyena kuphela onokufinyelela komlawuli ohlelweni, ukufinyelela kwakukhawulelwe ekhelini le-IP elilodwa, futhi i-Windows OS engaphansi yabuyekezwa futhi yavikelwa ekuhlaselweni kwangaphandle. Ngesikhathi esifanayo, izivumelwano ze-RDP ne-FTP zasetshenziselwa ukufinyelela kude, futhi isofthiwe okungenzeka ayiphephile yethulwa emshinini we-virtual, ongabangela ukugetshengwa. Kodwa-ke, umbhali we-Pale Moon uthambekele ekukholweni ukuthi ukugebenga kwenziwa ngenxa yokuvikelwa okunganele kwengqalasizinda yomshini obonakalayo womhlinzeki (isibonelo, ngesikhathi esisodwa, ngokukhethwa kwephasiwedi yomhlinzeki engavikelekile kusetshenziswa isikhombikubona esijwayelekile sokuphathwa kwe-virtualization. Iwebhusayithi ye-OpenSSL).
Source: opennet.ru