Weerarada Malware-ka aan fileyn, Ilaalinta iyo Ogaanshaha
Fayl la'aanta Malware(Fileless Malware) waxay noqon kartaa erey cusub inta badan laakiin warshadaha amniga ayaa yaqaanay sanado. Sannadkii hore in ka badan 140 shirkadood oo adduunka oo dhan ah ayaa lagu dhuftay Malware -kan Fileless -(Fileless Malware –) oo ay ku jiraan bangiyada, isgaadhsiinta, iyo ururrada dawladda. Fileless Malware , sida magacu sharaxayo waa nooc ka mid ah malware-ka oo aan taaban saxanka ama isticmaalin wax faylal ah habka. Waxa lagu shubaa habraac sharci ah. Si kastaba ha noqotee, qaar ka mid ah shirkadaha amniga ayaa sheeganaya in weerarka bilaa-fayl-la'aanta ah uu ka tago binary yar oo ku jira martigeliyaha wax u dhimaya si uu u bilaabo weerarka malware. Weerarada noocaan oo kale ah ayaa la arkay kor u kac weyn dhowrkii sano ee la soo dhaafay waxayna ka halis badan yihiin weeraradii soo jireenka ahaa ee malware.
Weerarrada Malware-ka aan fileyn
Weerarrada Malware(Fileless Malware) -ka aan fileyn sidoo kale loo yaqaan weerarrada aan-malware-ka ahayn(Non-Malware attacks) . Waxay adeegsadaan farsamooyin caadi ah si ay u galaan nidaamyadaaga adoon isticmaalin wax fayl malware ah oo la ogaan karo. Dhawrkii sano ee la soo dhaafay, nimankii wax weeraray waxay noqdeen kuwo caqli badan, waxayna sameeyeen habab badan oo kala duwan oo ay ku qaadaan weerarka.
Malwareer la'aantu(Fileless) waxay wax yeelaa kombuyuutarrada oo aan ka tegin wax fayl ah darawalka adag ee maxalliga ah, isaga oo ka leexanaya amniga dhaqameed iyo aaladaha baarista.
What’s unique about this attack, is the usage of a piece sophisticated malicious software, that managed to reside purely in the memory of a compromised machine, without leaving a trace on the machine’s file system. Fileless malware allows attackers to evade detection from most end-point security solutions which are based on static files analysis (Anti-Viruses). The latest advancement in Fileless malware shows the developers focus shifted from disguising the network operations to avoiding detection during the execution of lateral movement inside the victim’s infrastructure, says Microsoft.
Malware-ka aan fileyn wuxuu ku dhex jiraa Random Access Memory ee nidaamka kombiyuutarkaaga, mana jiro barnaamij ka hortag ah oo si toos ah u baaraya xusuusta - marka waa habka ugu ammaansan ee weeraryahannada ay soo galaan kombuyutarkaaga oo ay xadaan dhammaan xogtaada. Xitaa barnaamijyada antivirus ugu fiican ayaa mararka qaarkood seega malware-ka ku dhex socda xusuusta.
Qaar ka mid ah infekshannada Malware(Fileless Malware) -ka ee dhawaanahan Fayl-la'aanta ah ee ku dhacay nidaamyada kombiyuutarka adduunka oo dhan waa - Kovter , tuug USB(USB Thief) , PowerSniff , Poweliks , PhaseBot , Duqu2 , iwm.
Sidee u shaqeeyaa Fileless Malware
Malware-ka aan fileyn marka uu soo galo xusuusta(Memory) waxay geyn kartaa asalkaaga iyo nidaamka maamul ee Windows qalabka ku dhex dhisan sida PowerShell , SC.exe , iyo netsh.exe si uu u socodsiiyo koodka xaasidnimada ah oo uu maamulku galo nidaamkaaga, si aad u qaadato bixi amarrada oo xado xogtaada. Malware-ka aan File-ka lahayn(Fileless Malware) mararka qaarkood waxa kale oo laga yaabaa inuu ku qariyo Rootkits ama Diiwaanka(Registry) nidaamka hawlgalka Windows.
Marka la soo galo, weerarradu waxay adeegsadaan kaydka Thumbnail Windows(Windows Thumbnail) si ay u qariyaan habka malware-ka. Si kastaba ha ahaatee, malware-ku wuxuu weli u baahan yahay binary-ga taagan si uu u galo PC-ga martida loo yahay, iyo iimaylka ayaa ah dhexdhexaadinta ugu badan ee loo isticmaalo isku mid. Marka isticmaaluhu gujiyo lifaaqa xaasidnimada leh, wuxuu ku qorayaa faylka lacag bixinta sir ah gudaha Diiwaanka Windows(Windows Registry) .
Fileless Malware waxa kale oo loo yaqaanaa inay isticmaasho aaladaha ay ka midka yihiin Mimikatz iyo Metaspoilt si ay koodka ugu duraan xusuusta PC-gaaga una akhriyaan xogta halkaas ku kaydsan. Aaladahani waxay ka caawiyaan kuwa weerarka soo qaaday inay si qoto dheer u galaan PC-gaaga oo ay xadaan dhammaan xogtaada.
Falanqaynta dabeecadda iyo malware-ka aan faylka(Fileless) lahayn
Maadaama inta badan barnaamijyada antivirus-ka caadiga ah ay isticmaalaan saxiixyo si ay u aqoonsadaan faylka malware, malware-ka aan fileyn way adagtahay in la ogaado. Sidaa darteed, shirkadaha ammaanku waxay isticmaalaan falanqaynta dabeecadda si ay u ogaadaan malware. Xalkan cusub ee amniga waxaa loogu talagalay in uu wax ka qabto weerarradii hore iyo hab-dhaqanka isticmaalayaasha iyo kombuyuutarrada. Dhaqan kasta oo aan caadi ahayn oo tilmaamaya nuxurka xaasidnimada leh ayaa markaa lagu ogeysiiyaa digniino.
Marka aanay jirin xal dhammaadka-dhammaadka ah oo lagu ogaan karo malware-ka-fayl-la'aanta ah, falanqaynta habdhaqanku waxay ogaataa dhaqan kasta oo aan fiicneyn sida dhaqdhaqaaqa galitaanka ee shakiga leh, saacadaha shaqada ee aan caadiga ahayn ama isticmaalka kheyraad kasta oo aan caadi ahayn. Xalkan ammaanku waxa uu qabtaa xogta dhacdada inta lagu jiro kalfadhiyada halkaas oo isticmaalayaashu isticmaalaan codsi kasta, ka baadhayaan mareegaha, ciyaara ciyaaraha, isdhexgalka warbaahinta bulshada, iwm.
Fileless malware will only become smarter and more common. Regular signature-based techniques and tools will have a harder time to discover this complex, stealth-oriented type of malware says Microsoft.
Sida looga hortago oo lagu ogaado Malware- ka aan File-ka lahayn(Fileless Malware)
Raac taxaddarrada aasaasiga ah si aad u ilaaliso kumbuyuutarkaaga Windows(precautions to secure your Windows computer) :
- Codso(Apply) dhammaan Cusbooneysiinta Windows-ka -(Windows Updates –) gaar ahaan cusboonaysiinta amniga ee nidaamkaaga hawlgalka.
- Hubi(Make) in dhammaan software-kaaga lagu rakibay la dhejiyay oo la cusboonaysiiyay noocyadoodii ugu dambeeyay
- Isticmaal alaab ammaan oo wanaagsan oo si hufan u sawiri karta xusuusta kombiyuutarkaaga sidoo kalena xannibi karta boggaga internetka ee xaasidnimada leh ee laga yaabo inay martigeliyaan Faa'iidooyinka(Exploits) . Waa inay bixiso la socodka dhaqanka(Behavior) , iskaanka xusuusta(Memory) , iyo ilaalinta Qaybta Boot .(Boot Sector)
- Ka digtoonow intaadan soo dejin wax lifaaqa iimaylka ah(downloading any email attachments) . Tani waa si looga fogaado soo dejinta lacag-bixinta.
- Isticmaal Firewall(Firewall) xooggan kaas oo kuu ogolaanaya inaad si wax ku ool ah u maamusho taraafikada Shabakadda .(Network)
Hoos ka akhriso(Read next) : Maxay yihiin Weerarada Dhulka(Living Off The Land attacks) ?
Related posts
Weerarada Nuglaanta Afduubka DLL, Kahortagga & Ogaanshaha
Sidee Looga Fogaadaa Khayaanada Khiyaamada iyo Weerarada?
Waa maxay Gelitaanka Fog ee Trojan? Kahortagga, Ogaanshaha & Ka saarida
Weerarada Cyber - Qeexid, Noocyada, Ka Hortagga
Crystal Security waa aaladda ogaanshaha Malware ee ku saleysan Cloud ee bilaashka ah ee PC
Soo-gudbinta Malware: Halkee loo gudbiyaa faylasha malware-ka Microsoft iyo kuwa kale?
Waa maxay CandyOpen? Sidee looga saaraa CandyOpen Windows 10?
Spyware-ka ugu Fiican iyo Software ka saarida Malware
Sida loo hubiyo Registry for malware gudaha Windows 11/10
Talooyin si aad uga ilaaliso kombiyuutarkaaga weerarka Thunderspy
Sida loo isticmaalo Malwarebytes Anti-Malware si meesha looga saaro Malware
Weerarada Ransomware, Qeexid, Tusaalayaal, Ilaalinta, Bixinta
IObit Malware Fighter Dib u eegis iyo soo dejin bilaash ah
Fayraska ugu Wanaagsan & Sawir-qaadayaasha Malware-ka ayaa BOQOR U DAMAANADNAYA IN UU NOQOTO Virus Kasta
Sida looga hortago Malware - Talooyin si loo sugo Windows 11/10
Waa maxay Win32:BogEnt iyo sida loo saaro?
Sida loo uninstall ama ka saaro Driver Tonic ka Windows 10
Ka saar fayraska USB Flash Drive adoo isticmaalaya Command Prompt ama Faylka Dufcada
Waa maxay Rootkit? Sidee buu u shaqeeyaa Rootkits? Rootkits ayaa sharaxay.
Sida looga saaro fayraska Windows 11/10; Hagaha ka saarida Malware