Yawancin masu amfani na tsarin aiki bisa Linux sau da yawa yana da kuskuren cewa "a cikin Linux babu ƙwayoyin cuta" kuma har ma suna bayar da tsaro mafi girma don tabbatar da soyayyarsu ga zaɓaɓɓun rarraba kuma dalilin tunanin a bayyane yake, tun da sanin game da "virus" a cikin Linux shine don yin magana "taboo" ...
Kuma a cikin shekaru, wannan ya canza., Tun da labarin gano malware a cikin Linux ya fara yin sauti akai-akai kuma game da yadda suke da ƙwarewa don samun damar ɓoyewa kuma sama da duka suna kula da kasancewar su a cikin tsarin kamuwa da cuta.
Kuma gaskiyar magana game da wannan shine saboda Kwanakin baya an gano wani nau'i na malware kuma abu mai ban sha'awa shi ne cewa yana cutar da tsarin Linux kuma yana amfani da nagartattun dabaru don ɓoyewa da satar takaddun shaida.
Ma'aikatan da suka gano wannan malware sune Masu bincike na BlackBerry da suka kira "Symbiote", A baya ba a gano shi ba, yana aiki da parasitic yayin da yake buƙatar cutar da wasu hanyoyin da ke gudana don yin lahani ga injinan da suka kamu da cutar.
Symbiote, wanda aka fara gano shi a watan Nuwamba 2021, da farko an rubuta shi ne don yin niyya ga fannin kuɗi a Latin Amurka. Bayan kamuwa da cuta mai nasara, Symbiote yana ɓoye kansa da duk wani malware da aka tura, yana sa da wuya a gano cututtuka.
Malware niyya tsarin Linux ba sabon abu bane, amma dabarun satar da Symbiote ke amfani da shi ya sa ya fice. Mai haɗin yanar gizon yana loda malware ta hanyar umarnin LD_PRELOAD, yana ba shi damar yin lodi kafin duk wani abu da aka raba. Tun lokacin da aka fara loda shi, yana iya "sata shigo da kaya" na sauran fayilolin ɗakin karatu da aka loda don aikace-aikacen. Symbiote yana amfani da wannan don ɓoye kasancewarsa akan na'urar.
"Tun da malware yana aiki azaman rootkit matakin mai amfani, gano kamuwa da cuta na iya zama da wahala," masu binciken sun kammala. "Za'a iya amfani da na'urar sadarwa ta hanyar sadarwa don gano buƙatun DNS mara kyau da kayan aikin tsaro kamar riga-kafi da gano ƙarshen ƙarshen kuma dole ne a haɗa amsa a tsaye don tabbatar da cewa tushen tushen mai amfani ba su kamu da su ba."
Da zarar Symbiote ta kamu da cutar duk tsarin aiki, yana ba da aikin rootkit hari tare da ikon girbi takaddun shaida da damar shiga nesa.
Wani fanni mai ban sha'awa na fasaha na Symbiote shine aikin zaɓin zaɓi na Berkeley Packet Filter (BPF). Symbiote ba shine farkon Linux malware don amfani da BPF ba. Misali, babban kofa na baya wanda aka danganta ga ƙungiyar Equation yayi amfani da BPF don sadarwar ɓoye. Koyaya, Symbiote yana amfani da BPF don ɓoye zirga-zirgar hanyar sadarwa mara kyau akan na'ura mai kamuwa da cuta.
Lokacin da mai gudanarwa ya fara kayan aikin kama fakiti akan injin da ya kamu da cutar, ana allura BPF bytecode a cikin kwaya wanda ke ayyana fakitin da za a kama. A cikin wannan tsari, Symbiote ta fara ƙara bytecode ta yadda za ta iya tace zirga-zirgar hanyar sadarwar da ba ka son software na kama fakiti ta gani.
Symbiote kuma na iya ɓoye ayyukan cibiyar sadarwar ku ta amfani da dabaru daban-daban. Wannan murfin cikakke ne don ƙyale malware su sami takaddun shaida da ba da damar nesa ga mai yin barazanar.
Masu binciken sun bayyana dalilin da ya sa yana da wuyar ganowa:
Da zarar malware ya kamu da na'ura, sai ya ɓoye kansa, tare da duk wani malware da maharin ke amfani da shi, wanda ke sa kamuwa da cuta da wuyar ganowa. Binciken bincike kai tsaye na injin da ya kamu da cutar bazai bayyana komai ba, saboda malware yana ɓoye duk fayiloli, matakai, da kayan aikin cibiyar sadarwa. Baya ga iyawar rootkit, malware yana ba da kofa na baya wanda ke ba da damar mai yin barazanar shiga kamar kowane mai amfani da na'urar tare da kalmar sirri mai lamba kuma yana aiwatar da umarni tare da gata mafi girma.
Tun da yake yana da wuyar gaske, kamuwa da cuta na Symbiote yana iya "tashi a ƙarƙashin radar." Ta hanyar bincikenmu, ba mu sami isasshiyar shaida don tantance ko ana amfani da Symbiote a cikin manyan hare-hare masu niyya ko manyan hare-hare ba.
Finalmente idan kuna sha'awar ƙarin sani game da shi, zaku iya bincika cikakkun bayanai a cikin bin hanyar haɗi.
Kamar koyaushe, wani "barazana" ga GNU/Linux cewa ba su faɗi yadda ake shigar da shi don cutar da tsarin runduna ba.
Kamar koyaushe, wani "barazana" ga GNU/Linux inda masu binciken ba su bayyana yadda tsarin rundunar ke kamuwa da malware ba.
Assalamu alaikum, dangane da abin da kuke fada, duk wani bugu ko raunin da aka gano yana da tsarin bayyanawa daga lokacin da aka bayyana shi, an sanar da mai haɓakawa ko aikin, an ba da lokacin alheri don a warware shi, a bayyana labarai kuma a ƙarshe, idan an so. , an buga xploit ko hanyar da ke nuna gazawar.