Kobalos, malware ce wacce ke satar takardun shaidan SSH akan Linux, BSD da Solaris

A cikin wani rahoton da aka buga kwanan nan, Masu binciken tsaro "ESET" sun binciki wata cuta ta cuta Da farko an yi niyya ne akan kwamfyutocin aiki (HPC), jami'a da sabobin cibiyar sadarwar bincike.

Amfani da injiniyan baya, gano cewa wani sabon bayan fage yana nufin manyan kwamfyutoci a duniya, sau da yawa satar takardun shaidarka don amintaccen haɗin yanar gizo ta amfani da sigar kamuwa da software ta OpenSSH.

“Mun sauya injiniyar wannan karamin, amma hadadden malware, wanda za'a iya amfani dashi ga tsarin aiki da yawa, gami da Linux, BSD, da Solaris.

Wasu kayan tarihin da aka gano yayin binciken suna nuna cewa akwai iya zama bambance-bambancen don tsarin AIX da Windows.

Muna kiran wannan malware Kobalos saboda ƙananan girman lambar sa da kuma dabaru da yawa ”, 

“Mun yi aiki tare da kungiyar tsaro ta kwamfuta ta CERN da sauran kungiyoyi da ke cikin yaki da hare-hare kan hanyoyin bincike na kimiyya. A cewarsu, amfani da Kobalos malware na kirkire kirkire ne "

OpenSSH (OpenBSD Secure Shell) saiti ne na kayan aikin komputa kyauta waɗanda ke ba da damar amintaccen sadarwa a kan hanyar sadarwar komputa ta amfani da yarjejeniyar SSH. Boye dukkan zirga-zirga don kawar da satar hanyar sadarwa da sauran hare-hare. Bugu da kari, OpenSSH yana samar da hanyoyi daban-daban na tantancewa da kuma zabin tsari na zamani.

Game da Kobalos

A cewar marubutan wannan rahoton, Kobalos baya keɓance HPC kawai ba. Kodayake yawancin tsarin daidaitawa sun kasance manyan kwamfyutoci da sabobin ilimi da bincike, mai ba da intanet a cikin Asiya, mai ba da sabis na tsaro a Arewacin Amurka, da kuma wasu sabobin sirri suma wannan barazanar ta gurgunta su.

Kobalos ƙofar gida ce ta asali, kamar yadda ya kunshi umarni wadanda ba sa bayyana niyyar masu kutse, bugu da kari yana ba da damar isa ga tsarin fayil, yana ba da ikon buɗe zaman m, kuma yana ba da damar haɗin wakili zuwa wasu sabobin da suka kamu da Kobalos.

Kodayake ƙirar Kobalos tana da rikitarwa, aikinta yana da iyaka kuma kusan kusan suna da alaƙa da ɓoyayyen hanyar shiga ta ƙofar baya.

Da zarar an gama aiki, malware yana ba da damar isa ga tsarin fayil ɗin tsarin wanda aka lalata kuma yana ba da damar isa ga tashar nesa wacce ke ba maharan ikon aiwatar da umarnin ba tare da izini ba.

Yanayin aiki

A wata hanya, malware tana aiki azaman kayan aikin wucewa wanda ke buɗe tashar TCP akan na'urar da ta kamu da cutar kuma tana jiran haɗin haɗi daga dan gwanin kwamfuta Wani yanayin yana bawa malware damar juya sabobin da aka sa a gaba zuwa umarni da sarrafawa (CoC) wanda sauran na'urorin da cutar ta Kobalos ke haɗuwa da su. Hakanan za'a iya amfani da injunan da suka kamu da cutar azaman wakili da ke haɗawa zuwa wasu sabobin da malware suka cuta.

Wani fasali mai ban sha'awa Abinda ya banbanta wannan malware shine lambar ku tana kunshe cikin aiki guda kuma kuna samun kira daya kawai daga halaliyar lambar OpenSSH. Koyaya, yana da kwararar sarrafawar layi ba layi, yana sake kiran wannan aikin don yin ƙananan ayyuka.

Masu binciken sun gano cewa abokan cinikin nesa suna da zaɓi uku don haɗawa da Kobalos:

  1. Bude tashar TCP da jiran haɗi mai shigowa (wani lokacin ana kiransa "bayan gida mai wucewa").
  2. Haɗa zuwa wani misalin Kobalos wanda aka saita don aiki azaman sabar.
  3. Yi tsammanin haɗi zuwa halattaccen sabis wanda ke gudana, amma ya fito ne daga takamaiman tushe tashar TCP (kamuwa da cuta daga uwar garken OpenSSH mai gudana).

Ko da yake akwai hanyoyi da yawa da masu kutse za su iya kaiwa ga na'urar da ke dauke da cutar tare da Kobalos, hanyar mafi yawan lokuta ana amfani dashi shine lokacin da aka saka malware a cikin sabar zartarwa OpenSSH kuma yana kunna lambar bayan gida idan haɗin ya fito ne daga takamaiman tashar tashar TCP.

Malware kuma tana ɓoye zirga-zirga zuwa ko daga masu satar bayanai, don yin wannan, dole ne masu fashin kwamfuta su tantance ta da maɓallin RSA-512 da kalmar wucewa. Maballin yana haifar da ɓoyayyun mabuɗan 16-byte waɗanda ke ɓoye sadarwa ta amfani da ɓoye RC4.

Hakanan, bangon baya yana iya canza sadarwa zuwa wani tashar jirgin ruwa kuma yayi aiki azaman wakili don isa ga wasu sabobin da aka yiwa lahani.

Ganin ƙaramar lambar tushe (24 KB kawai) da ƙwarewarta, ESET tayi iƙirarin cewa ƙwarewar Kobalos "ba safai ake ganin sa ba a cikin Linux malware."

Source: https://www.welivesecurity.com


Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.