Uninzi lwabasebenzisi yeenkqubo zokusebenza ezisekwe kwi I-Linux ihlala inembono ephosakeleyo yokuba "kwiLinux akukho zintsholongwane" kwaye bacaphula ukhuseleko olukhulu ukuthethelela uthando lwabo ngosasazo olukhethiweyo kwaye isizathu sokucinga sicacile, kuba ukwazi "ngentsholongwane" kwiLinux kuthetha "i-taboo"...
Kwaye ekuhambeni kweminyaka, oku kuye kwatshintsha., ekubeni iindaba zokufunyanwa kwe-malware kwi-Linux sele iqalile ukuvakala rhoqo nangaphezulu malunga nendlela ephucukileyo ngayo ukuba ikwazi ukufihla kwaye ngaphezu kwayo yonke into yokugcina ubukho babo kwinkqubo eyosulelekileyo.
Kwaye isibakala sokuthetha ngale nto kungenxa yokuba kwiintsuku ezimbalwa ezidlulileyo kwafunyanwa uhlobo lwe-malware kwaye into enomdla kukuba yosulela iinkqubo zeLinux kwaye isebenzisa ubuchule obuntsonkothileyo ukufihla kunye nokuba iziqinisekiso.
Abasebenzi abafumanise le malware ngaba Abaphandi beBlackBerry kwaye bayibiza ngokuba yi "Symbiote", Ngaphambili ibingabonwa, yenza i-parasitic njengoko ifuna ukosulela ezinye iinkqubo ezisebenzayo ukwenza umonakalo koomatshini abosulelekileyo.
I-Symbiote, yafunyanwa okokuqala ngoNovemba ka-2021, yabhalelwa ekuqaleni ukuba ijolise kwicandelo lezemali eLatin America. Emva kosulelo oluyimpumelelo, iSymbiote izifihla kunye nayo nayiphi na enye i-malware esetyenzisiweyo, isenza kube nzima ukubona usulelo.
I-Malware ukujolisa kwiinkqubo zeLinux akuyonto intsha, kodwa iindlela ezifihlakeleyo ezisetyenziswa yiSymbiote ziyenza icace. Umnxibelelanisi ulayisha i-malware ngomyalelo we-LD_PRELOAD, ukuyivumela ukuba ilayishe phambi kwazo naziphi na ezinye izinto ekwabelwana ngazo. Ekubeni ilayishwe kuqala, inokuthi "ikhuphele ngaphandle" ezinye iifayile zethala leencwadi ezilayishwe kwisicelo. I-Symbiote isebenzisa oku ukufihla ubukho bayo kumatshini.
“Ekubeni i-malware isebenza njenge-rootkit yenqanaba lomsebenzisi, ukufumanisa usulelo kunokuba nzima,” baphetha abaphandi. "I-telemetry yenethiwekhi ingasetyenziselwa ukukhangela izicelo ze-DNS ezingaqhelekanga kunye nezixhobo zokhuseleko ezifana ne-antivirus kunye nokubonwa kwe-endpoint kunye nempendulo kufuneka idityaniswe ngokuthe ngqo ukuqinisekisa ukuba 'ayosulelwa' yi-rootkits yomsebenzisi."
Nje ukuba iSymbiote yosuleleke zonke iinkqubo ezisebenzayo, ibonelela ngokusebenza kwerootkit ehlaselayo ngokukwazi ukuvuna iziqinisekiso kunye nokukwazi ukufikelela kude.
Inkalo yezobugcisa enomdla ye-Symbiote yi-Berkeley Packet Filter (BPF) yokukhetha ukusebenza kwayo. I-Symbiote ayisiyiyo i-malware yokuqala ye-Linux ukusebenzisa i-BPF. Umzekelo, i-backdoor ephucukileyo ebalelwa kwiqela le-Equation isebenzise i-BPF kunxibelelwano olufihlakeleyo. Nangona kunjalo, iSymbiote isebenzisa i-BPF ukufihla itrafikhi yenethiwekhi enobungozi kumatshini owosulelekileyo.
Xa umlawuli eqala isixhobo sokubamba ipakethe kumatshini osulelekileyo, iBPF bytecode itofwa kwikernel echaza iipakethi eziza kubanjwa. Kule nkqubo, iSymbiote iqala yongeza i-bytecode yayo ukuze ikwazi ukuhluza itrafikhi yenethiwekhi ongafuni ukuyibona isoftware yokubamba ipakethe.
I-Symbiote inokufihla umsebenzi wakho wenethiwekhi usebenzisa iindlela ezahlukeneyo. Olu khuselo lufanelekile ukuvumela i-malware ukuba ifumane iziqinisekiso kunye nokubonelela ngokufikelela kude kumdlali wesoyikiso.
Abaphandi bachaza ukuba kutheni kunzima kangaka ukufumanisa:
Nje ukuba i-malware yosulele umatshini, iyazifihla, kunye nayo nayiphi na enye i-malware esetyenziswa ngumhlaseli, yenza usulelo lube nzima kakhulu ukubhaqa. Iskena esiphilayo somatshini owosulelekileyo sinokungavezi kwanto, njengoko i-malware ifihla zonke iifayile, iinkqubo, kunye nezinto zenethiwekhi. Ukongeza kwisakhono se-rootkit, i-malware ibonelela ngasemva evumela ukuba umlingisi wesoyikiso angene njengaye nawuphi na umsebenzisi kumatshini onegama eliyimfihlo eliyimfihlo kwaye enze imiyalelo ngamalungelo aphezulu.
Kuba inqabile kakhulu, usulelo lweSymbiote lunokuthi "lubhabhe phantsi kweradar." Ngophando lwethu, asifumananga ubungqina obaneleyo bokufumanisa ukuba i-Symbiote isetyenziswe ekujoliswe kuyo okanye ekuhlaselweni okukhulu.
Gqibela ukuba unomdla wokwazi okungakumbi ngayo, ungazijonga iinkcukacha kwi ukulandela ikhonkco.
Njengesiqhelo, enye "ingozi" ye-GNU/Linux abangayithethiyo ukuba ifakwa njani ukosulela inkqubo yenginginya.
Njengesiqhelo, enye "isongelo" kwi-GNU/Linux apho abafumanisi bengayichazi indlela inkqubo yomkhosi yosulelwa yi-malware.
Molo, malunga nento oyithethayo, yonke ibug okanye ubuthathaka obufunyenweyo bunenkqubo yokudiza ukusukela oko ibhengezwa, umphuhlisi okanye iprojekthi yaziswa, ixesha lobabalo linikiwe ukuba lisonjululwe, iindaba ziyabhengezwa kwaye ekugqibeleni, ukuba ziyanqweneleka. , i-xploit okanye indlela ebonisa ukusilela ipapashwe.