IBootkitty Ifunyenwe: I-UEFI Bootkit yokuqala eyilelwe iLinux

  • IBootkitty iba yi-UEFI bootkit yokuqala eyenzelwe iinkqubo zeLinux.
  • Ifunyanwe ngabaphandi be-ESET, ijolise kwezinye iinguqulelo ze-Ubuntu kwaye inendlela yovavanyo.
  • I-malware ivala uqinisekiso lwesiginitsha ye-kernel kwaye isebenzisa iindlela eziphambili ukudlula iindlela zokhuseleko.
  • I-ESET ibalaselisa ukubaluleka kokomeleza i-cybersecurity kwi-Linux ebusweni bophuhliso olunokwenzeka kwixesha elizayo.

Bootkitty

Un Ukufunyaniswa kwamva nje kushukumise imeko ye-cybersecurity: Abaphandi bachonge i-bootkit yokuqala ye-UEFI eyenzelwe ngokukodwa iinkqubo zeLinux, ezibizwa Bootkitty ngabadali bayo. Oku kufunyanisiweyo kuphawula inguquko ebalulekileyo kwizoyikiso ze-UEFI, ebezigxile ngokwembali phantse kwiinkqubo zeWindows. Nangona I-malware ibonakala ikubungqina besigaba sombono, ubukho bayo buvulela ithuba lokufumana izisongelo ezintsonkothileyo kwixesha elizayo.

Kwiminyaka yakutshanje, Izisongelo ze-UEFI zibone inkqubela phambili ephawulekayo. Ukususela kubungqina bokuqala bombono kwi-2012 ukuya kumatyala amva nje afana ne-ESPecter kunye ne-BlackLotus, uluntu lokhuseleko lubone ukukhula kobunzima bolu hlaselo. Nangona kunjalo, i-Bootkitty imele utshintsho olubalulekileyo, ukutshintsha ingqalelo kwiinkqubo ze-Linux, ngokukodwa ezinye iinguqulelo ze-Ubuntu.

Iimpawu zobuGcisa beBootkitty

Bootkitty ibalasele kubuchule bayo obuphambili. Le malware isebenzisa iindlela zokugqitha i-UEFI Secure Boot iindlela zokhuseleko ngokuchwetheza imisebenzi ebalulekileyo yokuqinisekisa kwinkumbulo. Ngale ndlela, ilawula ukulayisha i Linux kernel nokuba iKhuselekileyo iSiqalekiso yenziwe okanye hayi.

Injongo ephambili yeBootkitty ibandakanya khubaza uqinisekiso lomsayino we-kernel kunye nokulayisha kwangaphambili iibhinari ezingaziwayo zeELF Ngenkqubo kuyo ye Linux. Nangona kunjalo, ngenxa yokusetyenziswa kweepateni zekhowudi ezingalungiswanga kunye nee-offsets ezisisigxina, ukusebenza kwayo kunqunyelwe kwinani elincinci lokucwangcisa kunye neenguqulelo zekernel kunye GRUB.

Into engaqhelekanga ye-malware yindalo yayo yovavanyo: iqulethe imisebenzi eyaphukileyo ebonakala ijolise kuvavanyo lwangaphakathi okanye idemos. Oku, kunye nayo ukungakwazi ukusebenza kwiinkqubo ezinoKhuseleko lweBoot enikwe amandla ngaphandle kwebhokisi, icebisa ukuba ikwinqanaba lokuqala lophuhliso.

Indlela yemodyuli kunye nonxibelelwano olunokwenzeka kunye namanye amacandelo

Ngexesha lokuhlalutya kwabo, abaphandi abavela ESET Bachonge imodyuli yekernel engatyikitywanga ebizwa BCdropper, enokuthi iphuhliswe ngababhali abafanayo beBootkitty. Le modyuli iquka iimpawu eziphambili ezifana nokukwazi ukufihla iifayile ezivulekileyo, iinkqubo kunye namazibuko, Iimpawu eziqhelekileyo ze-rootkit.

BCdropper Ikwasebenzisa i-ELF yokubini ebizwa ngokuba yi-BCObserver, elayisha enye imodyuli yekernel engekachongwa. Nangona ubudlelwane obuthe ngqo phakathi kwala macandelo kunye ne-Bootkitty aluzange luqinisekiswe, amagama abo kunye nokuziphatha kwabo kubonisa uxhulumaniso.

Impembelelo yeBootkitty kunye neMiqathango yoThintelo

Nangona iBootkitty ayikabi sisisongelo sokwenene Kwiinkqubo ezininzi zeLinux, ubukho bayo bugxininisa imfuneko yokulungiselela izoyikiso ezinokwenzeka kwixesha elizayo. Izalathisi zothethathethwano ezinxulumene neBootkitty ziquka:

  • Imitya elungiswe kwi-kernel: ebonakalayo ngomyalelo uname -v.
  • Ubukho benguqu LD_PRELOAD kwindawo yogcino /proc/1/environ.
  • Ukukwazi ukulayisha iimodyuli zekernel ezingabhalwanga: nakwiindlela eziKhuselekileyo zokuQalisa ukusebenza.
  • I-Kernel ephawulwe “ingcolile,” nto leyo ebonisa ukuba kunokwenzeka ukuba kubhujiswe.

Ukunciphisa umngcipheko owenziwe lolu hlobo lwe-malware, iingcali zincoma ukugcina i-UEFI Secure Boot ivuliwe, kunye nokuqinisekisa ukuba i-firmware, inkqubo yokusebenza, kunye noluhlu lokurhoxiswa kwe-UEFI lukhona. ihlaziyiwe.

Utshintsho lweparadigm kwizisongelo ze-UEFI

I-Bootkitty ayiceli umngeni kuphela imbono yokuba ii-bootkits ze-UEFI zikhethekileyo kwi-Windows, kodwa ikwaqaqambisa i ikhula ingqalelo yabaphuli-mthetho be-cyber kwiinkqubo ezisekwe kwiLinux. Nangona kusekho kwisigaba sophuhliso, ukubonakala kwayo kukukhalaza ukuphucula ukhuseleko kolu hlobo lokusingqongileyo.

Oku kufunyanisiweyo komeleza imfuneko yokubeka iliso kwangaphambili kunye nokuphunyezwa kwe amanyathelo okhuseleko aphezulu ukunciphisa izoyikiso ezinokuthi zisebenzise ubuthathaka kwinqanaba lenkqubo ye-firmware kunye ne-boot.


Shiya uluvo lwakho

Idilesi yakho ye email aziyi kupapashwa. ezidingekayo ziphawulwe *

*

*

  1. Uxanduva lwedatha: UMiguel Ángel Gatón
  2. Injongo yedatha: Ulawulo lwe-SPAM, ulawulo lwezimvo.
  3. Umthetho: Imvume yakho
  4. Unxibelelwano lwedatha: Idatha ayizukuhanjiswa kubantu besithathu ngaphandle koxanduva lomthetho.
  5. Ukugcinwa kweenkcukacha
  6. Amalungelo: Ngalo naliphi na ixesha unganciphisa, uphinde uphinde ucime ulwazi lwakho.