Umbhali wesiphequluli se-Pale Moon
Iseva eyinkinga okwamanje ayixhunyiwe ku-inthanethi ukuze iphenywe. Iseva okwasatshalaliswa kuyo ukukhishwa kwamanje
I-Pale Moon ayithinteki, inkinga ithinta kuphela izinguqulo ze-Windows ezindala ezifakwe kungobo yomlando (ukukhishwa kuhanjiswa kungobo yomlando njengoba kukhishwa izinguqulo ezintsha). Ngesikhathi sokugetshengwa, iseva ibisebenzisa iWindows futhi ibisebenza emshinini oqashwe ku-opharetha uFrantech/BuyVM. Akukacaci okwamanje ukuthi yiluphi uhlobo lokuba sengozini oluxhashaziwe nokuthi lwaluqondile yini ku-Windows noma luthinte ezinye izinhlelo zokusebenza zeseva yenkampani yangaphandle.
Ngemva kokuthola ukufinyelela, abahlaseli bathelele ngokukhetha wonke amafayela e-exe ahlobene ne-Pale Moon (izifaki nezinqolobane ezizikhiphela ngokwazo) ngesofthiwe yeTrojan.
Ngomhla zingama-26 kuNhlaba, 2019, phakathi nomsebenzi kuseva yabahlaseli (akukacaci ukuthi laba kwakungabahlaseli abafanayo yini ngesikhathi sokugebenga kokuqala noma abanye), ukusebenza okuvamile kwe-archive.palemoon.org kwaphazanyiswa - umsingathi akakwazanga ukuze uqalise kabusha, futhi idatha yonakalisiwe. Lokhu kufaka phakathi ukulahleka kwamalogi esistimu, obekungafaka imikhondo enemininingwane eyengeziwe ekhombisa uhlobo lokuhlasela. Ngesikhathi salokhu kwehluleka, abalawuli bebengazi ngokonakala futhi babuyisele ingobo yomlando ukuthi isebenze kusetshenziswa indawo entsha esekwe ku-CentOS futhi bashintsha ukulandwa kwe-FTP nge-HTTP. Njengoba lesi sigameko singazange siqashelwe, amafayela asuka kukhophi yasenqolobaneni asevele atheleleke adluliselwe kuseva entsha.
Ukuhlaziya izizathu ezingenzeka zokuhlehla, kucatshangwa ukuthi abahlaseli bathole ukufinyelela ngokuqagela iphasiwedi ku-akhawunti yabasebenzi abaphethe, ukuthola ukufinyelela okuqondile ngokomzimba kuseva, ukuhlasela i-hypervisor ukuze bathole ukulawula eminye imishini ebonakalayo, ngokugebenga iphaneli yokulawula iwebhu. , ukuphazamisa iseshini yedeskithophu ekude (isetshenzisiwe iphrothokholi ye-RDP) noma ngokusebenzisa ubungozi ku-Windows Server. Izenzo ezinonya zenziwa endaweni kuseva kusetshenziswa iskripthi ukwenza izinguquko kumafayela asebenzisekayo akhona, kunokuwadawuniloda kabusha ngaphandle.
Umbhali wephrojekthi uthi uyena kuphela onokufinyelela komlawuli ohlelweni, ukufinyelela kwakukhawulelwe ekhelini le-IP elilodwa, futhi i-Windows OS engaphansi yabuyekezwa futhi yavikelwa ekuhlaselweni kwangaphandle. Ngesikhathi esifanayo, izivumelwano ze-RDP ne-FTP zasetshenziselwa ukufinyelela kude, futhi isofthiwe okungenzeka ayiphephile yethulwa emshinini we-virtual, ongabangela ukugetshengwa. Kodwa-ke, umbhali we-Pale Moon uthambekele ekukholweni ukuthi ukugebenga kwenziwa ngenxa yokuvikelwa okunganele kwengqalasizinda yomshini obonakalayo womhlinzeki (isibonelo, ngesikhathi esisodwa, ngokukhethwa kwephasiwedi yomhlinzeki engavikelekile kusetshenziswa isikhombikubona esijwayelekile sokuphathwa kwe-virtualization.
Source: opennet.ru