Kobalos, malware inobira humbowo hweSSH paLinux, BSD neSolaris

Darkcrizt

4 maminitsi

Mune mushumo uchangobva kuburitswa, "ESET" vekutsvaga vaongorori vakaongorora malware Yakanga yakanangwa zvakanyanya kumakomputa ekushanda (HPC), yunivhesiti uye ekutsvagisa network sevha.

Uchishandisa reverse engineering, vakaona kuti yekumashure nyowani inonanga makomputa epasi rese, kazhinji ichiba zvitupa zvekuchengetedzwa kwenetiweki uchishandisa vhezheni yehutachiwana yeiyo OpenSSH software.

"Isu takadzora mainjiniya aya, asi akaomarara malware, ayo anotakurika kune akawanda masisitimu anoshanda, kusanganisira Linux, BSD, uye Solaris.

Zvimwe zvigadzirwa zvakawanikwa panguva yekutarisisa zvinoratidza kuti panogona kuve nekusiyana kwemaitiro eAIX neWindows anoshanda.

Tinodaidza iyi malware kuti Kobalos nekuda kweiyo diki saizi yekodhi yayo uye nemano ayo mazhinji ”, 

“Takashanda pamwe neboka rinoona nezvekuchengetedzwa kwemakomputa neCERN nemamwe masangano ane chekuita nekurwisa kurwiswa kuri kuitwa ma network ekutsvagisa sainzi. Zvinoenderana navo, kushandiswa kweKobalos malware inyowani "

OpenSSH (OpenBSD Yakachengeteka Shell) seti yemahara makomputa maturusi ayo anotendera akachengeteka kutaurirana pane komputa network uchishandisa SSH protocol. Inonyora traffic dzese kubvisa hukama hwekubiwa uye kumwe kurwiswa. Uye zvakare, OpenSSH inopa dzakasiyana nzira dzechokwadi uye dzakasarudzika sarudzo dzekugadzirisa.

Nezve Kobalos

Zvinoenderana nevanyori vemushumo iwoyo, Kobalos haisi kungotarisa HPC chete. Kunyangwe akawanda masisitimu akanganisa aive supercomputers uye maseva mune zvedzidzo nekutsvaga, mupi weInternet muAsia, muchengeti webasa rekuchengetedza muNorth America, pamwe nemamwe maseva emunhu akaoneswa nenjodzi iyi.

Kobalos ndeye generic backdoor, sezvo iine mirairo isingaburitse chinangwa chevabati, kuwedzera kune inobvumira kupinda kure kune iyo faira system, inopa kugona kuvhura terminal zvikamu, uye inobvumira proxy kubatana kune mamwe maseva akatapukirwa neKobalos.

Kunyangwe dhizaini yeKobalos iri yakaoma, mashandiro ayo ane mashoma uye inenge iine hukama neyakavanzika kupinda nemusuwo wekumashure.

Kamwe payakatumirwa zvizere, iyo malware inopa mukana kune yakasarudzika system's faira system uye inobvumidza kuwana kune chinzvimbo chiri kure chinopa varwisi kugona kuita zvisirizvo mirairo.

Mode yekushandisa

Nenzira, iyo malware inoshanda seyakagadzika inovhura TCP port pamushini une hutachiona uye kumirira chinouya chinongedzo kubva kune wekubira. Imwe nzira inobvumidza malware kushandura maratidziro ekuvavarira kuita kuraira uye kudzora (CoC) maseva ayo mamwe maKobalos ane hutachiona anobatana. Michina yakatapukirwa inogona zvakare kushandiswa sema proxies anobatana nemamwe maseva anokanganiswa nemarware.

Chinhu chinonakidza Chinosiyanisa iyi malware ndechekuti kodhi yako yakarongedzwa mune imwechete basa uye iwe unongowana imwechete kufona kubva kune chaiyo OpenSSH kodhi. Nekudaro, ine isina-mitsara kuyerera kwekutonga, ichidzokorora ichidana iri basa kuita subtasks.

Vatsvakurudzi vakaona kuti vatengi vari kure vane nzira nhatu dzekubatana neKobalos:

  1. Kuvhura TCP chiteshi uye kumirira inouya kubatana (dzimwe nguva inonzi "passive backdoor").
  2. Unganidza kune imwe muenzaniso yeKobalos yakagadzirirwa kuita sevha.
  3. Tarisira kubatanidza kune chepamutemo sevhisi iyo yatove kushanda, asi inouya kubva kune chaiyo sosi TCP chiteshi (hutachiona kubva kune inomhanya OpenSSH server).

Kunyange zvakadaro pane nzira dzinoverengeka dzevabati dzinogona kusvika pamushini une hutachiona naKobalos, iyo nzira chinonyanya kushandiswa ndipo apo malware yakaiswa mune sevha inogoneka OpenSSH uye inogonesa iyo yekunze kodhi kodhi kana iko kubatana kuri kubva kune chaiyo TCP sosi chiteshi.

Malware inonyorawo traffic kuenda nekubva kune vanobiridzira, kuti vaite izvi, vabiridzi vanofanirwa kuratidza neRSA-512 kiyi uye password. Iyo kiyi inogadzira uye inonyora makiyi maviri e16-byte ayo anonyora kutaurirana achishandisa RC4 encryption.

Zvakare, iyo yekunze kweshure inogona kuchinjisa kutaurirana kune chimwe chiteshi uye kuita sewe proxy kusvika kune mamwe maiseva akakanganiswa.

Tichifunga nezve diki yekodhi base (24 KB chete) uye mashandiro ayo, ESET inoti iko kusanganisa kweKobalos "hakuwanzo kuonekwa muLinux malware."

mabviro: https://www.welivesecurity.com


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako