{"id":10852,"date":"2023-05-03T07:00:00","date_gmt":"2023-05-03T04:00:00","guid":{"rendered":"https:\/\/rockvell.com\/?p=10852"},"modified":"2023-05-03T10:04:04","modified_gmt":"2023-05-03T07:04:04","slug":"qurdlar-stilerl%c9%99r-maynerl%c9%99r","status":"publish","type":"post","link":"https:\/\/rockvell.com\/?p=10852","title":{"rendered":"Qurdlar, stilerl\u0259r, maynerl\u0259r"},"content":{"rendered":"\n

Qurdlar, stilerl\u0259r, maynerl\u0259r: bu yax\u0131nlarda hans\u0131 yeni z\u0259r\u0259rli proqram n\u00f6vl\u0259ri peyda olub<\/strong><\/p>\n\n\n\n

H\u0259tta qurdlar, o\u011frular (stilerl\u0259r) v\u0259 m\u0259d\u0259n\u00e7il\u0259r (maynerl\u0259r) kimi tan\u0131nm\u0131\u015f z\u0259r\u0259rli proqram n\u00f6vl\u0259ri d\u0259 m\u00fcasir cihazlar \u00fc\u00e7\u00fcn t\u0259hl\u00fck\u0259 yarada bil\u0259r. Kaspersky bu c\u00fcr t\u0259hl\u00fck\u0259l\u0259rin yeni n\u00fcmun\u0259l\u0259ri haqda dan\u0131\u015f\u0131r.<\/p>\n\n\n

\n
\"\"<\/figure><\/div>\n\n\n

Q<\/strong>urdlar.<\/strong> Dig\u0259r cihazlarda \u00f6z\u00fcn\u00fc t\u0259krarlaya bil\u0259n z\u0259r\u0259rli proqram n\u00f6v\u00fcd\u00fcr. 2022-ci ilin iyun ay\u0131nda bu n\u00f6vd\u0259n olan yeni z\u0259r\u0259rverici – Mirai botnetin\u0259 \u0259saslanan RapperBot qurdu a\u015fkarlan\u0131b. RapperBot HTTP-d\u0259n f\u0259rql\u0259n\u0259n protokollar\u0131ndan istifad\u0259 ed\u0259r\u0259k sonrak\u0131 m\u0259rh\u0259l\u0259l\u0259rd\u0259 h\u0259d\u0259fl\u0259r\u0259 qar\u015f\u0131 DDoS h\u00fccumlar\u0131 h\u0259yata ke\u00e7irm\u0259k \u00fc\u00e7\u00fcn IoT cihazlar\u0131n\u0131 yoluxdurur. O, ilk d\u0259f\u0259 m\u0259lumat \u00f6t\u00fcr\u00fclm\u0259sinin t\u0259hl\u00fck\u0259siz \u00fcsulu hesab edil\u0259n Secure Shell (SSH) protokolundan istifad\u0259 etm\u0259kl\u0259 xidm\u0259tl\u0259r\u0259 h\u00fccum etm\u0259k \u00fc\u00e7\u00fcn istifad\u0259 edilib, \u00e7\u00fcnki o, m\u0259lumatlar\u0131 ayd\u0131n m\u0259tnl\u0259 \u00f6t\u00fcr\u0259n Telnet-d\u0259n f\u0259rqli olaraq onlar\u0131 \u015fifr\u0259l\u0259yir. Telnet xidm\u0259tl\u0259ri h\u0259min vaxt t\u0259cav\u00fczkarlar\u0131n maraq dair\u0259sind\u0259n k\u0259narda qal\u0131b. Bununla bel\u0259, SSH il\u0259 \u0259laq\u0259li funksionall\u0131q \u0259n son versiyadan \u00e7\u0131xar\u0131l\u0131b v\u0259 indi RapperBot yaln\u0131z Telnet xidm\u0259tl\u0259rin\u0259 h\u00fccum edir v\u0259 n\u0259z\u0259r\u0259\u00e7arpacaq m\u00fcv\u0259ff\u0259qiyy\u0259tl\u0259r\u0259 nail olub. 2022-ci ilin d\u00f6rd\u00fcnc\u00fc r\u00fcb\u00fcnd\u0259 2000-d\u0259n \u00e7ox unikal IP \u00fcnvan\u0131ndan 112.000 istifad\u0259\u00e7ini yoluxdurma\u011fa c\u0259hdl\u0259r edilib.<\/p>\n\n\n\n

RapperBot-u dig\u0259r qurdlardan f\u0259rql\u0259ndir\u0259n onun avtorizasiya \u00fc\u00e7\u00fcn m\u0259lumat y\u0131\u011f\u0131m\u0131n\u0131n “a\u011f\u0131ll\u0131” \u00fcsulunu t\u0259tbiq etm\u0259sidir. O, sad\u0259c\u0259 m\u00fcxt\u0259lif m\u0259lumatlar\u0131 d\u0259yi\u015fdirmir, qo\u015fulma c\u0259hdi \u0259snas\u0131nda hans\u0131 cihaz oldu\u011funu anlamaq \u00fc\u00e7\u00fcn cihaz\u0131n hans\u0131 m\u0259lumat\u0131 t\u0259l\u0259b etdiyini t\u0259hlil edir v\u0259 bunun \u0259sas\u0131nda m\u00fcvafiq hesab m\u0259lumatlar\u0131n\u0131 se\u00e7ir.<\/p>\n\n\n\n

Maynerl\u0259r<\/strong>. Bu yax\u0131nlarda, y\u0259ni 2021-ci ild\u0259 CUEMiner ail\u0259si ortaya \u00e7\u0131xd\u0131. Bu a\u00e7\u0131q m\u0259nb\u0259 kodlu z\u0259r\u0259rli proqramd\u0131r. Z\u0259r\u0259rli proqram\u0131n \u0259n yeni versiyas\u0131 2022-ci ilin oktyabr\u0131nda a\u015fkar edilib. Ona m\u00fcvafiq mayner v\u0259 sistem monitorinq al\u0259ti daxildir. Bu al\u0259t \u00e7oxlu sistem resurslar\u0131 (m\u0259s\u0259l\u0259n, oyunlar) istehlak ed\u0259n prosesl\u0259ri a\u015fkar etm\u0259zs\u0259, mayner i\u015f\u0259 ba\u015flay\u0131r. Oyun v\u0259 ya dig\u0259r resurs t\u0259l\u0259b ed\u0259n proses i\u015f\u0259 d\u00fc\u015f\u0259rs\u0259, mayner i\u015fini dayand\u0131r\u0131r v\u0259 yaln\u0131z proses dayand\u0131r\u0131ld\u0131qdan sonra f\u0259aliyy\u0259tini b\u0259rpa edir. Bu, ona daha uzun m\u00fcdd\u0259t diqq\u0259td\u0259n k\u0259narda qalma\u011fa imkan verir. CUEMiner qanuni, lakin \u0259slind\u0259 troyan daxil edilmi\u015f proqram t\u0259minat\u0131 ad\u0131 alt\u0131nda yay\u0131l\u0131r. Bu, ya BitTorrent vasit\u0259sil\u0259, ya da OneDrive yadda\u015f\u0131ndan y\u00fckl\u0259m\u0259 zaman\u0131 ba\u015f verir.<\/p>\n\n\n\n

Z\u0259r\u0259rli proqramlar\u0131n a\u00e7\u0131q m\u0259nb\u0259 kodlu proqram t\u0259minat\u0131na yeridilm\u0259si h\u0259v\u0259skar h\u00fccum\u00e7ular aras\u0131nda geni\u015f yay\u0131lm\u0131\u015f bir \u00fcsuldur. Bununla ba\u011fl\u0131 k\u00fctl\u0259vi kampaniyalar apar\u0131rlar. Haz\u0131rda d\u00fcnya \u00fczr\u0259 bir \u00e7ox istifad\u0259\u00e7i CUEMiner-in qurban\u0131d\u0131r.<\/p>\n\n\n\n

S<\/strong>tilerl\u0259r<\/strong> <\/strong>v\u0259 ya m\u0259lumat o\u011furlamaq \u00fc\u00e7\u00fcn proqramlar<\/strong>. \u0130lk n\u00fcmun\u0259l\u0259ri bu yax\u0131nlarda, 2023-c\u00fc ilin \u0259vv\u0259lind\u0259 Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri t\u0259r\u0259find\u0259n a\u015fkar edilmi\u015f dig\u0259r z\u0259r\u0259rli proqram Rhadamanthys adland\u0131r\u0131lan o\u011frudur. Onun paylan\u0131lmas\u0131 Google Ads vasit\u0259sil\u0259 h\u0259yata ke\u00e7irilir. Rhadamanthys birba\u015fa kriptovalyuta maynerl\u0259rin\u0259 y\u00f6n\u0259lmi\u015f Hidden bee mayneri il\u0259 bir \u00e7ox ox\u015farl\u0131qlara malikdir. H\u0259r iki n\u00fcmun\u0259 faydal\u0131 y\u00fck\u00fc maskalamaq \u00fc\u00e7\u00fcn \u015f\u0259kill\u0259rd\u0259n v\u0259 z\u0259r\u0259rverm\u0259 prosesini i\u015f\u0259 salmaq \u00fc\u00e7\u00fcn ox\u015far qab\u0131q kodlar\u0131ndan, h\u0259m\u00e7inin plaginl\u0259ri v\u0259 modullar\u0131 y\u00fckl\u0259m\u0259k \u00fc\u00e7\u00fcn yadda\u015fdaxili virtual fayl sisteml\u0259rind\u0259n v\u0259 Lua-dan istifad\u0259 edir.<\/p>\n\n\n\n

\u201cA\u00e7\u0131q m\u0259nb\u0259 kodlu z\u0259r\u0259rli proqram, kodun t\u0259krar istifad\u0259si v\u0259 art\u0131q m\u0259lum olan z\u0259r\u0259rli proqramlar\u0131n yenil\u0259nm\u0259si t\u0259cav\u00fczkarlar t\u0259r\u0259find\u0259n geni\u015f istifad\u0259 olunan \u00fcsullard\u0131r. \u0130ndi d\u00fcnyan\u0131n h\u0259r yerind\u0259 geni\u015fmiqyasl\u0131 kampaniyalar aparmaq v\u0259 qurbanlara h\u00fccum etm\u0259k \u00fc\u00e7\u00fcn onlar\u0131n b\u00f6y\u00fck t\u0259cr\u00fcb\u0259y\u0259 malik olmas\u0131na ehtiyac yoxdur. H\u0259m\u00e7inin, z\u0259r\u0259rli reklam kimi bir \u00fcsul getdikc\u0259 daha da g\u00fccl\u0259nir – t\u0259cav\u00fczkarlar qanuni t\u0259tbiql\u0259r \u00fc\u00e7\u00fcn reklamlar t\u0259qdim edir, lakin linkl\u0259r fi\u015finq saytlar\u0131na y\u00f6n\u0259ldir. Biznesl\u0259ri bu c\u00fcr h\u00fccumlardan qorumaq \u00fc\u00e7\u00fcn kibert\u0259hl\u00fck\u0259sizlik sah\u0259sind\u0259 ba\u015f ver\u0259nl\u0259rd\u0259n x\u0259b\u0259rdar olmaq v\u0259 \u0259n son m\u00fchafiz\u0259 vasit\u0259l\u0259rind\u0259n istifad\u0259 etm\u0259k vacibdir\u201d, – dey\u0259 Kaspersky-nin kibert\u0259hl\u00fck\u0259sizlik \u00fczr\u0259 eksperti Dmitri Qalov bildirir.<\/p>\n\n\n\n

\u015eirk\u0259ti kiberh\u00fccumlardan qorumaq \u00fc\u00e7\u00fcn Kaspersky m\u00fct\u0259x\u0259ssisl\u0259ri t\u00f6vsiy\u0259 edir:<\/p>\n\n\n\n