{"id":10642,"date":"2022-04-21T12:47:02","date_gmt":"2022-04-21T09:47:02","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10642"},"modified":"2022-04-21T12:47:02","modified_gmt":"2022-04-21T09:47:02","slug":"qbot-emotet-spam-mailing","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/qbot-emotet-spam-mailing\/10642\/","title":{"rendered":"E-postalar\u0131 hedef alan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m y\u00fckseli\u015fte"},"content":{"rendered":"

Uzmanlar\u0131m\u0131z, \u00e7e\u015fitli \u00fclkelerdeki i\u015fletmeleri hedef alan karma\u015f\u0131k k\u00f6t\u00fc ama\u00e7l\u0131 spam e-postalarda \u00f6nemli bir art\u0131\u015f tespit etti. Bu k\u00f6t\u00fc ama\u00e7l\u0131 e-postalar\u0131n say\u0131s\u0131 \u015eubat 2022\u2019de 3000 civar\u0131ndayken, bu say\u0131 Mart\u2019ta yakla\u015f\u0131k 30.000\u2019e y\u00fckseldi. \u015eimdiye kadar teknolojilerimiz \u0130ngilizce, Frans\u0131zca, Macarca, \u0130talyanca, Norve\u00e7\u00e7e, Leh\u00e7e, Rus\u00e7a, Slovence ve \u0130spanyolca dillerinde yaz\u0131lm\u0131\u015f k\u00f6t\u00fc ama\u00e7l\u0131 e-postalar tespit etti.<\/p>\n

Siber su\u00e7lular kurban\u0131n cihazlar\u0131na nas\u0131l bula\u015f\u0131r?<\/h2>\n

Siber su\u00e7lular\u0131n, ticari konulardaki aktif e-posta konu\u015fmalar\u0131n\u0131 engelledi\u011fi ve al\u0131c\u0131 cihazlar\u0131na bankac\u0131l\u0131k truva at\u0131 bula\u015ft\u0131rmak i\u00e7in k\u00f6t\u00fc ama\u00e7l\u0131 bir dosya veya ba\u011flant\u0131 i\u00e7eren bir e-posta g\u00f6nderdi\u011fi iddia ediliyor. Bu t\u00fcr bir sald\u0131r\u0131, bu mesajlar\u0131n tespitini zorla\u015ft\u0131r\u0131r ve al\u0131c\u0131n\u0131n oyuna gelmesini kolayla\u015ft\u0131r\u0131r.<\/p>\n

Siber su\u00e7lular\u0131n al\u0131c\u0131lara g\u00f6nderdi\u011fi baz\u0131 e-postalar, k\u00f6t\u00fc ama\u00e7l\u0131 bir ek i\u00e7eriyor. Di\u011fer durumlarda, bilinen bir bulut bar\u0131nd\u0131rma hizmetinde bulunan bir dosyaya y\u00f6nlendiren bir ba\u011flant\u0131ya sahip. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, genellikle e-posta metninde belirtilen parola ile \u015fifrelenmi\u015f bir ar\u015fivde yer al\u0131r. Sald\u0131rganlar, kullan\u0131c\u0131lar\u0131 eki a\u00e7maya veya ba\u011flant\u0131 arac\u0131l\u0131\u011f\u0131yla dosyay\u0131 indirmeye ikna etmek i\u00e7in genellikle bunun ticari bir teklif gibi baz\u0131 \u00f6nemli bilgiler i\u00e7erdi\u011fini belirtir.<\/p>\n

Uzmanlar\u0131m\u0131z, bu e-postalar\u0131n, bankac\u0131l\u0131k Truva atlar\u0131n\u0131 yaymay\u0131 ama\u00e7layan koordineli bir kampanyan\u0131n par\u00e7as\u0131 olarak g\u00f6nderildi\u011fi sonucuna vard\u0131.<\/p>\n

Sald\u0131rganlar hangi k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131 kullan\u0131yor ve bunlar ne kadar tehlikeli?<\/h2>\n

\u00c7o\u011fu durumda, kurbanlar k\u00f6t\u00fc ama\u00e7l\u0131 bir belge a\u00e7t\u0131\u011f\u0131nda, Qbot<\/a> k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n\u0131 indirir ve ba\u015flat\u0131r, ancak uzmanlar\u0131m\u0131z bu belgelerden baz\u0131lar\u0131n\u0131n Emotet\u2019i<\/a> indirdi\u011fini de g\u00f6zlemledi. Her iki k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m t\u00fcr\u00fc de, kullan\u0131c\u0131lar\u0131n verilerini \u00e7alma, vir\u00fcsl\u00fc bir \u015firket a\u011f\u0131ndaki verileri toplama, a\u011fda daha fazla yay\u0131lma ve di\u011fer a\u011f cihazlar\u0131na fidye yaz\u0131l\u0131mlar\u0131 veya di\u011fer Truva atlar\u0131 y\u00fckleme yetene\u011fine sahip. Ayr\u0131ca, Qbot e-postalara eri\u015febilir ve bunlar\u0131 \u00e7alabilir.<\/p>\n

Kendinizi koruman\u0131n yollar\u0131<\/h2>\n

Qbot ve Emotet sald\u0131r\u0131lar\u0131ndan (veya e-posta yoluyla yay\u0131lan di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlardan) korunmak i\u00e7in a\u015fa\u011f\u0131dakileri \u00f6neriyoruz:<\/p>\n