Kwingxelo epapashwe kutshanje, Abaphandi bezokhuseleko "ESET" bahlalutye i-malware Ngokuyintloko yayijolise ekusebenzeni kweekhompyuter eziphezulu (i-HPC), iyunivesithi kunye neseva zenethiwekhi zophando.
Sebenzisa ubunjineli obunokubuyela umva, ifumanise ukuba ujoliso olutsha lwangaphandle lujolise kwiikhompyuter kwihlabathi liphela, ihlala ibiba iziqinisekiso zonxibelelwano olukhuselekileyo kusetyenziswa inguqulelo esulelekileyo yesoftware ye-OpenSSH.
Siye sayihlengahlengisa kwakhona le malware incinci, kodwa entsonkothileyo, ephathekayo kwiinkqubo ezininzi zokusebenza, kubandakanya iLinux, BSD, kunye neSolaris.
Ezinye izinto ezifunyenwe ngexesha lokuskena zibonisa ukuba kunokubakho ukwahluka kweenkqubo zokusebenza ze-AIX kunye neeWindows.
Le malware siyibiza ngokuba yiKobalos ngenxa yesayizi encinci yekhowudi yayo kunye namaqhinga ayo amaninzi ",
“Sisebenze neqela lokhuseleko lweekhompyuter le-CERN kunye neminye imibutho ebandakanyekayo kumlo wokulwa nokuhlaselwa kothungelwano lophando lwezenzululwazi. Ngokwabo, ukusetyenziswa kwe-Kobalos malware yinto entsha "
I-OpenSSH (i-OpenBSD ekhuselekileyo yeShell) siseti yezixhobo zasimahla zekhompyuter ezivumela unxibelelwano olukhuselekileyo kwinethiwekhi yekhompyuter isebenzisa umthetho olandelwayo weSSH. Ishicilela yonke itrafikhi yokuphelisa ukuqhekeza uqhagamshelo kunye nolunye uhlaselo. Ukongeza, i-OpenSSH ibonelela ngeendlela ezahlukeneyo zokungqinisisa kunye neenketho zobunkunkqele.
Malunga neKobalos
Ngokwababhali baloo ngxelo, IKobalos ayijolise ngokukodwa kwii-HPC. Nangona uninzi lweenkqubo ezazisengozini zazikho ii-supercomputer kunye neeseva kwizifundo nakuphando, umboneleli we-Intanethi eAsia, umboneleli ngenkonzo yezokhuseleko eMntla Melika, kunye nezinye iiseva zobuqu nazo ziye zachenciswa sesi sisongelo.
IKobalos yindawo yangaphandle engaphandle, njengoko iqulethe imiyalelo engazivezi iinjongo zabaphangi, ukongeza kwi ivumela ukufikelela kude kwinkqubo yefayile, inika amandla okuvula iiseshoni zesiphelo kwaye ivumela uqhagamshelo lwommeleli kwezinye iiseva ezinesifo seKobalos.
Nangona uyilo lweKobalos luyinkimbinkimbi, ukusebenza kwalo kulinganiselwe kwaye iphantse yahambelana ngokupheleleyo nokungena okufihliweyo ngomnyango wangasemva.
Nje ukuba isetyenziswe ngokupheleleyo, i-malware inika ukufikelela kwinkqubo yenkqubo yefayile ethintelweyo kwaye ivumela ukufikelela kwisiphelo esikude esinika abahlaseli amandla okwenza imiyalelo engalawulekiyo.
Indlela yokusebenza
Ngendlela, i-malware isebenza njengokufaka nje okuvula izibuko le-TCP Kumatshini osulelekileyo kwaye ulinde unxibelelwano olungenayo kwi-hacker. Enye indlela ivumela i-malware ukuba iguqule iiseva ekujoliswe kuzo zibe ngumyalelo kunye nolawulo (i-CoC) apho ezinye izixhobo ezosulelekileyo zeKobalos zidibanisa. Oomatshini abosulelekileyo banokusetyenziswa njengabameli ababadibanisa nezinye iiseva ezisengozini ye-malware.
Inqaku elinomdla Yintoni eyahlula le malware yile ikhowudi yakho ipakishwe ibe yinto enye kwaye ufumana umnxeba omnye kuphela kwikhowudi esemthethweni ye-OpenSSH. Nangona kunjalo, ine-flow-non-linear flow of control, ephindaphindayo ukubiza lo msebenzi ukwenza ii-subtasks.
Abaphandi bafumanise ukuba abathengi abakude baneendlela ezintathu zokudibanisa neKobalos:
- Vula izibuko leTCP kwaye ulinde unxibelelwano olungenayo (ngamanye amaxesha lubizwa ngokuba "yipassive yangasemva").
- Qhagamshela komnye umzekelo weKobalos omiselweyo ukuze usebenze njengeseva.
- Lindela uqhagamshelo kwinkonzo esemthethweni esele isebenza, kodwa ivela kumthombo othile we-TCP port (usulelo losasazo lwe-OpenSSH).
Nangona kunjalo Kukho iindlela ezininzi ezigculela ukufikelela kumatshini osulelekileyo kunye neKobalos, indlela Eyona nto isetyenziswayo kuxa i-malware ingenisiwe kwiserver ephumezayo I-OpenSSH kwaye isebenze ikhowudi yangaphakathi ukuba unxibelelwano luvela kwizibuko elithile lomthombo weTCP.
I-Malware ikwafihla ukugcwala kwezithuthi ukuya nokubuya kubagculeli, ukwenza oku, imigewu kufuneka iqinisekise ngesitshixo kunye ne-password ye-RSA-512. Isitshixo sivelisa kwaye sibethela izitshixo ezibini ze-16-byte ezibhala ngonxibelelwano kusetyenziswa i-RC4 encryption.
Kwakhona, umnyango ongasemva unokutshintsha unxibelelwano uye kwelinye izibuko kwaye usebenze njengommeleli ukufikelela kwezinye iiseva ezinobungozi.
Ngokunikwa isiseko sayo esincinci seekhowudi (yi-24 KB kuphela) kunye nokusebenza kwayo, i-ESET ibanga ukuba ubucukubhede beKobalos "bunqabile ukubonwa kwi-Linux malware".
Umthombo: https://www.welivesecurity.com