I-Kobalos, i-malware eyeba iziqinisekiso ze-SSH ku-Linux, BSD naseSolaris

Embikweni osanda kushicilelwa, Abacwaningi bezokuphepha be- "ESET" bahlaziye i-malware Ngokuyinhloko yayihloselwe ukusebenza kwamakhompyutha aphezulu (i-HPC), amaseva enethiwekhi neyunivesithi.

Usebenzisa ubunjiniyela obuyela emuva, ithole ukuthi umnyango omusha ongemuva uhlose abasebenza kakhulu emhlabeni jikelele, kuvame ukweba ubuqiniso bokuxhumeka kwenethiwekhi okuphephile kusetshenziswa inguqulo enegciwane lesoftware ye-OpenSSH.

“Sihlehlise le malware encane, kepha eyinkimbinkimbi, ephathekayo ezinhlelweni eziningi zokusebenza, kufaka phakathi iLinux, BSD, neSolaris.

Ezinye izinto zobuciko ezitholwe ngesikhathi sokuskena zikhombisa ukuthi kungahle kube nokuhlukahluka kwezinhlelo zokusebenza ze-AIX neWindows.

Le malware siyibiza ngokuthi amaKobalos ngenxa yobuncane bekhodi yayo namasu ayo amaningi ”, 

“Sisebenzisane nethimba lezokuphepha kwamakhompyutha lakwaCERN nezinye izinhlangano ezithintekayo ekulweni nokuhlaselwa kwamanethiwekhi ocwaningo lwesayensi. Ngokusho kwabo, ukusetshenziswa kwe-Kobalos malware kuyintsha "

I-OpenSSH (i-OpenBSD Secure Shell) iqoqo lamathuluzi wekhompyutha wamahhala avumela ukuxhumana okuphephile kunethiwekhi yekhompyutha kusetshenziswa umthetho olandelwayo weSSH. Ibhala ngemfihlo yonke ithrafikhi ukuqeda ukudunwa kokuxhumeka nokunye ukuhlaselwa. Ngokwengeziwe, i-OpenSSH inikeza izindlela ezahlukahlukene zokufakazela ubuqiniso kanye nezinketho zokucushwa eziyinkimbinkimbi.

Mayelana noKobalos

Ngokwababhali balowo mbiko, IKobalos ayibhekisi kuma-HPC kuphela. Yize izinhlelo eziningi eziyekethisiwe zazikhona ama-supercomputer kanye namaseva kwizifundiswa nocwaningo, umhlinzeki we-inthanethi e-Asia, umhlinzeki wesevisi yezokuphepha eNyakatho Melika, kanye namanye amaseva abo nawo afakwa engcupheni yileli songo.

IKobalos ingumnyango ongaphandle ojwayelekile, njengoba iqukethe imiyalo engayivezi inhloso yabaduni, kanye ivumela ukufinyelela okukude ohlelweni lwefayela, inika amandla okuvula amaseshini wokugcina, futhi ivumela ukuxhumana kwama-proxy kwamanye amaseva atheleleke ngeKobalos.

Yize ukwakheka kweKobalos kuyinkimbinkimbi, ukusebenza kwayo kunqunyelwe futhi icishe ihlobene ngokuphelele nokungena okucashile ngomnyango ongemuva.

Uma isetshenziswe ngokugcwele, i-malware inikeza ukufinyelela ohlelweni lwefayela lohlelo olonakele futhi ivumela ukufinyelela ku-terminal ekude enikeza abahlaseli amandla okwenza imiyalo engafanele.

Imodi yokusebenza

Ngandlela thile, i-malware isebenza njengokufakwa okungavuleki okuvula imbobo ye-TCP emshinini onegciwane futhi ulinde uxhumano olungenayo oluvela kubaduni. Enye imodi ivumela i-malware ukuthi iguqule amaseva akhonjiwe abe amaseva wokulawula nokulawula (CoC) amanye amadivayisi anegciwane le-Kobalos axhuma kuwo. Imishini ethelelekile ingasetshenziswa njengama-proxies axhumeka kwamanye amaseva afakwe engozini yi-malware.

Isici esithakazelisayo Okuhlukanisa le malware ukuthi ikhodi yakho igcwele umsebenzi owodwa futhi uthola ucingo olulodwa kuphela kusuka kukhodi esemthethweni ye-OpenSSH. Kodwa-ke, kunokugeleza okungekho komugqa kokulawula, okuphindayo kubiza lo msebenzi ukwenza imisebenzi engaphansi.

Abaphenyi bathola ukuthi amaklayenti akude anezinketho ezintathu zokuxhuma kuKobalos:

  1. Ukuvula imbobo ye-TCP nokulinda uxhumano olungenayo (kwesinye isikhathi olubizwa nge- "passive backdoor").
  2. Xhuma kwesinye isibonelo seKobalos esenzelwe ukusebenza njengeseva.
  3. Lindela ukuxhumeka kusevisi esemthethweni esivele isebenza, kepha ivela kumthombo othile we-TCP port (ukutheleleka ngeseva ye-OpenSSH).

Noma kunjalo kunezindlela eziningi abaduni abangafinyelela emshinini onegciwane noKobalos, indlela okusetshenziswa kakhulu kulapho i-malware ishumekwe kuseva engasebenziseka I-OpenSSH futhi isebenzisa ikhodi yangemuva uma uxhumano luvela ethekwini elithile lomthombo we-TCP.

I-Malware ibuye ibhale ngemfihlo ithrafikhi eya nokubuya kubaduni, ukwenza lokhu, abaduni kumele baqinisekise ngokhiye ne-password ye-RSA-512. Ukhiye udala futhi ubethele okhiye ababili be-16-byte abhala ngemfihlo ukuxhumana besebenzisa ukubethela kwe-RC4.

Futhi, umnyango wangemuva ungashintshela ukuxhumana uye kwelinye ichweba futhi usebenze njengommeleli ukufinyelela amanye amaseva ayekethisiwe.

Njengoba inikezwe isisekelo sayo samakhodi amancane (ama-24 KB kuphela) nokusebenza kahle kwayo, i-ESET ithi ukuthuthuka kweKobalos "akuvamile ukubonwa kwi-Linux malware".

Umthombo: https://www.welivesecurity.com


Yiba ngowokuqala ukuphawula

Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.