- I-malware eyi-Stealth isebenzisa ubuchule obufihlakeleyo (i-rootkits, i-virtualization, i-zero-cofa) ukuphepha ukubhaqwa.
- I-Crocodilus kunye no-Godfather kwi-Android beba iziqinisekiso zebhanki nge-spoofing ephezulu kunye neemvume.
- Ukuzingisa kwe-UEFI (iCosmicStrand) iyasinda ekufakweni kwakhona kwenkqubo; ukudibanisa ukukhusela kungundoqo.
I-Cybersecurity iye yaba ngumcimbi wemihla ngemihla, kwaye okwangoku, izisongelo ezininzi ziyaqhubeka zingaphawulwa ngokuchasene nabasebenzisi kunye nezixhobo zokukhusela. Phakathi kwezi zoyikiso kubizwa ngokuba "yi-malware engabonakaliyo," iseti yeendlela ezinenjongo elula: zifihle emehlweni kwaye ugqume imikhondo yabo ukuhlala usebenza ixesha elide kangangoko.
Kude nokuba yintsomi yesayensi, sithetha ngeendlela esele zisasazwa: ukusuka rootkits ezidibanisa kwinkqubo phezulu iiTrojans ezihambayo ekwaziyo ukuzenza izikrini zebhanki okanye ukuhlola ngaphandle kokuba sichukumise nantoni na. Ewe, zikho kwakhona uhlaselo lwe-zero-cofa kunye neemeko ezigqithisileyo kwi-firmware esindayo ekufakelweni kwakhona kwe-OS.
Sithetha ukuthini xa sisithi "i-malware engabonakaliyo"?
Xa sithetha "ngokungabonakaliyo," akukhona ukuba ikhowudi ayinakubonwa ngokoqobo, kodwa oko iindlela zokuzifihla ziyasetyenziswa yenzelwe ukufihla utshintsho kunye nemisebenzi ye-malware kwinkqubo eyosulelekileyo. Le nkcazo ibandakanya, umzekelo, Iingcambu, elawula isixokelelwano ukufihla iifayile, iinkqubo, izitshixo zobhaliso okanye imidibaniso.
Enyanisweni, ezi ntlobo ziyakwazi thatha imisebenzi yenkqubo kunye nokuthoba umgangatho wokwenziwa komsebenzi ngaphandle kokukrokra. Nangona i-antivirus ibona ukuziphatha okungaqhelekanga, iindlela zokungabonakali zivumela ukubaleka okanye ukuhlehlisa ukubhaqwa, umzekelo, ngokuhamba okwethutyana kude kwifayile engcolisekileyo, ukuyidibanisa kwenye idrayivu, okanye ukufihla ubungakanani beefayile itshintshiwe. Konke oku kwenza nzima umsebenzi we iinjini zokubona kunye nohlalutyo lwasenkundleni.
Ingena njani kwaye izifihla njani
"Intsholongwane engabonakaliyo," okanye, ngokubanzi, i-malware esebenzisa ubuchule obufihlakeleyo, inokufika ngeendlela ezininzi: izihlomelo ezinonya kwii-imeyile, ukhuphelo olusuka kwiwebhusayithi ethandabuzekayo, isoftware ayiqinisekiswanga, ii-apps zobuqhophololo ezibonakala njengezinto ezithandwayo okanye ufakelo nge amakhonkco kwiintanethi zentlalo kunye nokuthumela imiyalezo.
Xa sele engaphakathi, iqhinga lakhe licacile: zingisa ungabonwaEzinye iinguqulelo "zihamba" ngaphandle kwefayile eyosulelekileyo xa bekrokrela ukuskena, bezikhuphela kwenye indawo kwaye bashiye a indawo ecocekileyo ukuphepha ukuphakamisa izilumkiso. Abanye bafihla i-metadata, ubungakanani beefayile, kunye nokufakwa kwenkqubo, ukwenza ubomi bube nzima iinjini zokubona kunye ukubuyiselwa kwefayile emva kosulelo.
I-Rootkits: inkcazo, umngcipheko, kunye nokusetyenziswa okunokuthi kube semthethweni
Kwimvelaphi yayo kwiimeko UNIX, i-rootkit yayiyisethi yezixhobo ezivela kwinkqubo ngokwayo (njenge ps, netstat okanye passwd) itshintshwe ngumntu ongenelelayo ukuya gcina ufikelelo lweengcambu ngaphandle kokufunyanwaIgama elithi "ingcambu," i-superuser, livela kuyo. Namhlanje, kwiiWindows nakwezinye iinkqubo, ingcamango ihlala ifana: iinkqubo eziyilelwe ukufihla izinto (iifayile, iinkqubo, izitshixo zobhaliso, inkumbulo kunye noqhagamshelo) kwinkqubo yokusebenza okanye usetyenziso lokhuseleko.
Ukusetyenziswa kwetekhnoloji yobuchwephesha, ngokwayo, ayilonyanzelo ngokwendalo. Ingasetyenziselwa iinjongo ezisemthethweni ezifana ukubeka iliso kwinkampani, ukhuseleko lwepropathi enomgangatho ophezulu wokuqonda, okanye ukukhuselwa kwimpazamo yabasebenzisi. Ingxaki ivela xa ezi zakhono zisetyenziswa ukufihla i-malware, i-backdoors, kunye nemisebenzi yobugebenga, ukulungelelanisa kunye ne-dynamics yangoku ye-cybercrime, efuna ukwandisa ixesha eliphezulu ngaphandle kokutsala ingqalelo.
Indlela yokufumanisa kunye nokunciphisa i-rootkits
Akukho buchule bunye obungenakusilela, ke elona qhinga lilungileyo ukudibanisa iindlela kunye nezixhobo. Iindlela zakudala kunye neziphambili ziquka:
- Ukufunyanwa komsayino: Ukuskena kunye nokuthelekisa ngokuchasene nekhathalogu eyaziwayo ye-malware. Iyasebenza kwi ezahlukeneyo esele zifakwe kwiikhathalogu, ngaphandle kwezo zingapapashwanga.
- Heuristic okanye ukuziphatha-based: ichonga ukutenxa kumsebenzi wesiqhelo yenkqubo, iluncedo ekufumaneni usapho olutsha okanye olutshintshiweyo.
- Ukufunyanwa ngokuthelekisa: uthelekisa ukuba yintoni ingxelo yenkqubo ngokufunda kuyo inqanaba eliphantsi; ukuba kukho ukungahambelani, ukufihlwa kuyakrokrelwa.
- Ingqibelelo: Ijonga iifayile kunye nememori ngokuchasene ne imeko yesalathiso ethembekileyo (isiseko) ukubonisa iinguqulelo.
Kwinqanaba lokuthintela, kuyacetyiswa ukuba kusetyenziswe a i-animalware elungileyo esebenzayo kwaye ihlaziywe, sebenzisa umlilo, gcina iinkqubo kunye nezicelo zihlaziyiwe ngamaphetshi, kunye nokunciphisa amalungelo. Ngamanye amaxesha, ukufumanisa usulelo oluthile, kuyacetyiswa qala kwimidiya yangaphandle kunye nokuskena "ngaphandle" inkqubo elalanisayo, nangona ezinye iintsapho zikwazi ukwenza oko hlanganisana kwakhona kwezinye iifayile zesixokelelwano.
Iimeko ezimbini ze-malware engabonakaliyo: XWorm kunye ne-NotDoor
Ezi inokuba zezona zoyikiso ziyingozi ezingabonakaliyo ze-malware ezikhoyo ngoku. Ukwazi indlela yokuzikhusela kubo, kungcono ukubaqonda kakuhle:
XWorm
XWorm Yi-malware eyaziwayo esandul' ukuvela ngendlela eyothusayo ngokusebenzisa amagama eefayile asebenza ngokusemthethweni. Oku kuvumela ukuba sizifihle njengesicelo esingenabungozi, ukufumana intembeko kubo bobabini abasebenzisi kunye neenkqubo.
Uhlaselo luqala nge efihliweyo .lnk ifayile Ngokuqhelekileyo isasazwa ngamaphulo okukhwabanisa, yenza imiyalelo ekhohlakeleyo ye-PowerShell, ikhuphela ifayile yokubhaliweyo kulawulo lwexeshana lwenkqubo, kwaye emva koko iqalise ukuphunyezwa okungeyonyani okubizwa ngokuba yi-discord.exe kwiseva ekude.
Nje ukuba ingene kwiPC yethu, iXWorm inakho yenza zonke iintlobo zemiyalelo ekude, ukusuka kukhuphelo lweefayile kunye ne-URL iphinda iqondise kuhlaselo lweDDoS.
NotDoor
Olunye lwezoyikiso ezingabonakaliyo ze-malware okwangoku NotDoorIthagethi yale ntsholongwane iphucukileyo ephuhliswe ngabaduni baseRussia yile Abasebenzisi be-Outlook, abathi baye kuye idatha yabo eyimfihlo. Inokuphinda ithathe ulawulo olupheleleyo lweenkqubo ezithotyiweyo. Ukuphuhliswa kwayo kubangelwa yi-APT28, iqela elaziwayo laseRashiya le-cyberespionage.
I-NotDoor yaziwa ngokuba yiyo i-malware efihliweyo ebhalwe kwiVisual Basic for Applications (VBA), ekwazi ukubeka esweni ii-imeyile ezingenayo zamagama angundoqo athile. Inika amandla amandla enkqubo ukuze isebenze ngokwayo. Emva koko yenza ulawulo olufihliweyo ukugcina iifayile zexeshana ezilawulwa ngumhlaseli.
Eyona ndlela ilungileyo yokuzikhusela (kunye nendlela omawuyenze ngayo ukuba sele wosulelekile)
Ukhuseleko olusebenzayo ludibanisa imikhwa kunye neteknoloji. Ngaphandle "kokuqonda," kufuneka iinkqubo kunye nezixhobo okunciphisa umngcipheko wokwenyani kwiPC nakwiselfowuni:
- Faka usetyenziso kuphela kwimithombo esemthethweni kwaye ujonge umphuhlisi, iimvume, kunye nezimvo. Walumkele amakhonkco kwimiyalezo, kwimidiya yoluntu, okanye kwiiwebhusayithi ezingaziwayo.
- Sebenzisa izisombululo zokhuseleko ezithembekileyo kwiselula kunye nePC; ababoni kuphela ii-apps ezingalunganga, bayakulumkisa ukuziphatha okukrokrisayo.
- Gcina yonke into isexesheni: inkqubo, isikhangeli, kunye nezicelo. Iipetshi zisikiwe iindlela zokuxhaphaza idume kakhulu phakathi kwabahlaseli.
- Vuselela uqinisekiso lwamanyathelo amabini kwiibhanki, iposi, kunye neenkonzo ezibalulekileyo. Ayinampazamo, kodwa yongeza a umqobo owongezelelweyo.
- Jonga iimvume zokufikeleleka kunye nezaziso; ukuba into elula icela ulawulo olupheleleyo, kukho undonakele.
- Qala ngokutsha okanye ucime iselfowuni yakho ngamaxesha athile; ukuvalwa ngokupheleleyo ngeveki kunokuphelisa ukufakelwa kwenkumbulo kwaye kwenza ukuzingisa kube nzima.
- Vula kwaye uqwalasele i-firewall, kwaye inciphisa ukusetyenziswa kweeakhawunti ezineemvume zomlawuli ngaphandle kokuba kuyimfuneko.
Ukuba uyakrokrela ubukho bosulelo olungabonakaliyo lwe-malware (iselula ecothayo, ubushushu obungenasizathu, ukuqalisa ngokutsha okungaqhelekanga, ii-apps ongazikhumbuliyo uzifakile okanye ukuziphatha okungaqhelekanga): susa usetyenziso olukrokrisayo, qala iselfowuni kwimowudi ekhuselekileyo kwaye uphumelele iskena esipheleleyo, tshintsha amagama agqithisiweyo ukusuka esinye isixhobo, yazisa ibhanki yakho kunye nexabiso a ukuseta umzi-mveliso Ukuba iimpawu ziyazingisa, qwalasela ukuqala kwimidiya yangaphandle kwiPC ukuze uskene ngaphandle kokulawula i-malware.
Khumbula ukuba i-malware engabonakaliyo idlala ngesigqi sethu: enye indlela ingxolo encinci ngoqhankqalazo lotyando. Ayisiso isongelo esingabonakaliyo, kodwa ikhathalogu ye iindlela zokufihla eyenza yonke enye into: iiTrojans zebhanki, ispyware, ubusela besazisi, okanye ukuzingisa kwefirmware. Ukuba uyomeleza imikhwa yakho kwaye ukhethe izixhobo zakho kakuhle, uya kuba njalo inyathelo elinye phambili yento engabonwayo.
Umhleli okhethekileyo kwitekhnoloji nakwimiba ye-intanethi eneminyaka engaphezu kweshumi yamava kumajelo osasazo edijithali. Ndisebenze njengomhleli kunye nomdali womxholo we-e-commerce, unxibelelwano, ukuthengisa kwi-intanethi kunye neenkampani zentengiso. Ndibhale kwakhona kwiiwebhusayithi zezoqoqosho, ezemali kunye namanye amacandelo. Umsebenzi wam ukwangumnqweno wam. Ngoku, ngamanqaku am kwi Tecnobits, Ndizama ukuhlola zonke iindaba kunye namathuba amatsha ukuba ihlabathi lobuchwepheshe lisinika yonke imihla ukuphucula ubomi bethu.