Dhawaan waxaan ka faalloonnay fashilka Log4J iyo daabacaadan waxaan jeclaan lahaa in aan wadaagno macluumaadka in baarayaasha, tan iyo ku andacoonaya in tuugada, oo ay ku jiraan kooxaha ay taageerto dawladda Shiinaha, laakiin sidoo kale Ruushka, ay qaadeen in ka badan 840.000 oo weerar. ka dhanka ah shirkadaha adduunka oo dhan ilaa jimcihii hore iyada oo loo marayo nuglaanshahan.
Kooxda ilaalinta internetka Check Point ayaa sheegay in weerarada la xiriira iyada oo u nuglaanshaha ay kordhisay 72 saacadood laga soo bilaabo Jimcihii, mararka qaarkoodna baadhayaashu waxay arkayeen in ka badan 100 weerar daqiiqaddii.
Tifaftiruhu wuxuu sidoo kale xusay hal-abuurnimo weyn oo la qabsiga weerarka. Mararka qaarkood in ka badan 60 nooc oo cusub ayaa ku soo baxa in ka yar 24 saacadood, iyaga oo soo bandhigaya farsamooyin qarsoodi ah oo cusub.
"Weerarayaasha dawladda Shiinaha" ayaa lagu sheegay in lagu soo daray, sida uu sheegay Charles Carmakal, madaxa tignoolajiyada ee shirkadda internetka ee Mandiant.
Cilad-darrada Log4J waxay u oggolaanaysaa weeraryahannada inay la wareegaan kombuyuutarrada ku shaqeeya codsiyada Java.
Jen bari, Agaasimaha Hay'adda Ammaanka Internetka iyo Kaabayaasha ee Maraykanka (CISA), dijo madaxda warshadaha in Nuglaanta waxay ahayd "mid ka mid ah kuwii iigu darnaa ee aan arkay xirfadeyda oo dhan, haddaysan ahayn midda ugu daran", sida ay sheegtay warbaahinta Mareykanka. Boqolaal milyan oo qalab ah ayay u badan tahay in ay saameyn doonto, ayuu yidhi.
Check Point ayaa sheegay in marar badan, haakarisku ay la wareegaan kombuyuutarrada oo ay u isticmaalaan si ay u soo saaraan cryptocurrencies ama ay noqdaan qayb ka mid ah botnets, oo leh shabakado kombiyuutar oo ballaaran oo loo isticmaali karo in lagu xakameeyo taraafikada bogga, u diraan spam, ama kuwa kale ujeeddooyin sharci darro ah.
Kaspersky, inta badan weeraradu waxay ka yimaadaan Ruushka.
CISA iyo Xarunta Ammaanka Internetka ee Qaranka ee Boqortooyada Midowday (UK) waxay soo saareen digniino ku boorinaya hay'adaha inay sameeyaan cusboonaysiinta la xidhiidha dayacanka Log4J, iyadoo khubaradu ay isku dayayaan inay qiimeeyaan cawaaqibta.
Amazon, Apple, IBM, Microsoft, iyo Cisco ayaa ka mid ah kuwa ku degdegaya inay xalliyaan, laakiin xad-gudubyo halis ah oo si cad looma soo sheegin ilaa iyo hadda.
Nuglaanta ayaa ah tan ugu dambaysay ee saamaysa shabakadaha shirkadaha, ka dib markii baylahdu soo shaacbaxday sannadkii la soo dhaafay ee isticmaalka software-ka ee Microsoft iyo shirkadda kombuyuutarka ee SolarWinds. Labada dayacan ayaa la sheegay in markii hore ay ka faa’iideysteen kooxo basaasiin ah oo ay dowladdu taageerto ee Shiinaha iyo Ruushka, siday u kala horreeyaan.
Mandiant's Carmakal wuxuu sheegay in jilayaasha dawladda Shiinaha ay sidoo kale isku dayayaan inay ka faa'iidaystaan bug-ka Log4J, laakiin wuxuu diiday inuu la wadaago faahfaahin dheeraad ah. Cilmi-baarayaasha SentinelOne ayaa sidoo kale warbaahinta u sheegay inay arkeen tuugo Shiinees ah oo ka faa’ideysanaya dayacanka.
CERT-FR waxay ku talinaysaa in si qotodheer loo falanqeeyo diiwaanka shabakada. Sababaha soo socda ayaa loo isticmaali karaa si loo aqoonsado isku dayga lagu doonayo in looga faa'iidaysto nuglaantan marka lagu isticmaalo URL-yada ama madax- HTTPyada qaarkood oo ah wakiilka isticmaalaha
Waxaa aad loogu talinayaa in la isticmaalo nooca log2.15.0j 4 sida ugu dhakhsaha badan. Si kastaba ha ahaatee, haddii ay jiraan dhibaatooyin u haajiridda noocaan, xalalka soo socda ayaa si ku meel gaar ah loogu dabaqi karaa:
Codsiyada isticmaalaya noocyada 2.7.0 iyo wixii ka dambeeya ee maktabadda log4j, waxa suurtagal ah in laga ilaaliyo weerar kasta iyada oo wax laga beddelayo qaabka dhacdooyinka ee lagu geli doono syntax% m {nolookups} xogta uu isticmaaluhu bixin doono.
Ku dhawaad kala bar dhammaan weerarrada waxaa fuliyay weeraryahanno caan ah oo dhanka internetka ah, sida uu qabo Check Point. Kuwaas waxaa ka mid ah kooxaha isticmaala Tsunami iyo Mirai, malware kuwaas oo u rogaya aaladaha botnets, ama shabakadaha loo isticmaalo in lagu qaado weerarrada meelaha fog laga hago, sida diidmada weerarrada adeegga. Waxa kale oo ka mid ahaa kooxaha isticmaala XMRig, software ka faa'iidaysta lacagta dhijitaalka ah ee Monero.
"Nuglaanshahan, weerarradu waxay helayaan awood aan xadidnayn: waxay soo saari karaan xogta sirta ah, waxay geli karaan faylasha server-ka, tirtiri karaan xogta, rakibi karaan ransomware ama u beddelaan server kale," Nicholas Sciberras, madaxa injineerinka Acunetix, sawir-qaade nuglaanta. Waxay ahayd "wax la yaab leh" in la fuliyo weerar, ayuu yidhi, isaga oo intaa ku daray in cilladdu "laga faa'iidaysan doono bilaha soo socda."