Ezinsukwini ezithile ezedlule IMicrosoft ikhiphe izindaba nge-malware ye-DDoS ebizwa ngokuthi “XorDdos” eqondise iziphetho ze-Linux namaseva. IMicrosoft ithe ithole ubungozi obuvumela abantu abalawula izinhlelo eziningi zedeskithophu yeLinux ukuthi bathole amalungelo esistimu ngokushesha.
I-Microsoft isebenzisa abanye abacwaningi bezokuphepha abangcono kakhulu emhlabeni, njalo ukuthola nokulungisa ubungozi obubalulekile, ngokuvamile ngaphambi kokuba busetshenziswe kuma-ecosystem.
“Okufakazelwa yilokhu okutholakele yilokho noma ngubani onengxenye yomkhondo osevele ekwazi: akukho lutho ngeLinux okwenza ithembeke ngokwedlulele kuneWindows. XorDdos
"Ezinyangeni eziyisithupha ezedlule, sibone ukwanda okungama-254% komsebenzi we-Linux Trojan ebizwa ngokuthi i-XorDdos," kusho iMicrosoft. Elinye iphutha elifakazela ukuthi akukho lutho kuLinux elenza ithembeke ngokwedlulele kuneWindows?
Ukuhlasela kwe-DDoS kukodwa kungaba yinkinga kakhulu ngezizathu eziningi, kodwa nalokhu kuhlasela zingasetshenziswa njengesembozo ukufihla ezinye izenzo ezinonya, njengokuthunyelwa kohlelo olungayilungele ikhompuyutha kanye nokungeniswa kwezinhlelo eziqondiwe. Ukusebenzisa i-botnet ukwenza ukuhlasela kwe-DDoS kungase kudale ukuphazamiseka okukhulu, njengokuhlasela okungu-2,4 Tbps DDoS iMicrosoft eyakunciphisa ngo-August 2021.
Ama-botnets angasetshenziswa futhi ukulimaza amanye amadivaysi, futhi kuyaziwa ukuthi I-XorDdos isebenzisa ukuhlasela kwe-Secure Shell brute force (SSH) ukuze ulawule amadivayisi aqondiwe ukude. I-SSH ingenye yezivumelwano ezivame kakhulu kwingqalasizinda ye-IT futhi ivumela ukuxhumana okubethelwe ngamanethiwekhi angavikelekile ukuze kulawuleke amasistimu akude, iyenze ibe ivekhtha ekhangayo kubahlaseli.
Ngemuva kokuthi i-XorDdos ihlonze izifakazelo ze-SSH ezivumelekile, isebenzisa amalungelo ezimpande ukuze iqalise iskripthi esilanda futhi sifake i-XorDdos kudivayisi eqondiwe.
I-XorDdos isebenzisa izindlela zokubalekela nokuphikelela ezigcina ukusebenza kwazo kuqinile futhi kucashile. Amandla ayo okubalekela ahlanganisa ukufihlwa kwemisebenzi yohlelo olungayilungele ikhompuyutha, ukubalekela izindlela zokutholwa ezisekelwe emithethweni, nokusesha okusekelwe ku-hash kwamafayela anonya, kanye nokusetshenziswa kwamasu okulwa nomthetho ukuze kuqedwe ukuhlaziya okusekelwe esihlahleni.
IMicrosoft ithi ikubonile emikhankasweni yakamuva lokho I-XorDdos ifihla umsebenzi wokuskena okunonya ngokubhala phezu kwamafayela abucayi nge-null byte. Kuhlanganisa futhi izindlela zokuphikelela ezimbalwa ukusekela ukusatshalaliswa kweLinux okuhlukile. I-XorDdos ingase ibonise enye inkambiso ebonwa kuzo zonke izinkundla ezihlukahlukene, lapho uhlelo olungayilungele ikhompuyutha lusetshenziselwa ukukhiqiza ezinye izinsongo eziyingozi.
IMicrosoft nayo isho lokho ithole ukuthi amadivayisi angenwe yi-XorDdos kuqala angenwa ngolunye uhlelo olungayilungele ikhompyutha, njengomnyango ongemuva obese usetshenziswa umvukuzi wezinhlamvu ze-XMRig.
"Nakuba singabonanga ukuthi i-XorDdos ifaka ngokuqondile futhi isabalalisa imithwalo ekhokhelwayo yesibili njenge-Tsunami, kungenzeka ukuthi iTrojan isetshenziswa njengevekhtha ukulandelela imisebenzi," kusho iMicrosoft.
XorDdos isakazeka ikakhulukazi nge-SSH brute force. Isebenzisa umbhalo wegobolondo eliyingozi ukuze izame inhlanganisela yokuqinisekisa okuyimpande ezinkulungwaneni zamaseva ize ithole okufanayo kudivayisi ye-Linux eqondiwe. Njengomphumela, imizamo eminingi yokungena ehlulekile ingabonwa kumadivayisi atheleleke ngohlelo olungayilungele ikhompuyutha:
I-Microsoft inqume izindlela ezimbili zokufinyelela isiqalo se-XorDdos. Indlela yokuqala ukukopisha ifayela le-ELF elinonya endaweni yokugcina ifayela yesikhashana/dev/shm bese uliqhuba. Amafayela abhalelwe ku-/dev/shm ayasuswa ekuqaliseni kabusha kwesistimu, okuvumela umthombo wokutheleleka ukuthi ufihlwe phakathi nokuhlaziywa kwe-forensic.
Indlela yesibili ukusebenzisa iskripthi se-bash esenza okulandelayo ngomugqa womyalo, phinda ngokusebenzisa amafolda alandelayo ukuze uthole umkhombandlela obhalekayo.
Imvelo yemojuli ye-XorDdos ihlinzeka abahlaseli ngeTrojan eguquguqukayo ekwazi ukuthelela izinhlobonhlobo zezakhiwo zesistimu ye-Linux. Ukuhlasela kwabo okunamandla kwe-SSH kuyindlela elula kodwa esebenzayo yokuthola ukufinyelela kwezimpande enanini lezinto ezingase zibe khona.
Ikwazi ukweba idatha ebucayi, ukufaka idivayisi ye-rootkit, isebenzisa izindlela ezihlukahlukene zokubalekela nokuphikelela, nokwenza ukuhlasela kwe-DDoS, i-XorDdos ivumela abaduni ukuba benze ukuphazamiseka okungaba okukhulu kumasistimu okuqondiwe. Ukwengeza, i-XorDdos ingasetshenziswa ukwethula ezinye izinsongo eziyingozi noma ukunikeza ivektha yemisebenzi yokulandelela.
Ngokusho kweMicrosoft, ngokuthuthukisa imininingwane evela kudatha esongelayo eyakhelwe ngaphakathi, okuhlanganisa iklayenti ne-heuristics yamafu, amamodeli okufunda ngomshini, ukuhlaziya inkumbulo, nokuqapha ukuziphatha, i-Microsoft Defender for Endpoint ingathola futhi ilungise i-XorDdos kanye nokuhlasela kwayo okujwayelekile kwezigaba eziningi.
Ekugcineni, uma unentshisekelo yokwazi kabanzi ngakho, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.