{"id":11100,"date":"2022-10-11T13:02:49","date_gmt":"2022-10-11T10:02:49","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=11100"},"modified":"2022-10-11T13:02:49","modified_gmt":"2022-10-11T10:02:49","slug":"malware-propagation-methods","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/malware-propagation-methods\/11100\/","title":{"rendered":"K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m yayma y\u00f6ntemleri"},"content":{"rendered":"

Mant\u0131ken bir siber olay\u0131 \u00f6nlemenin en g\u00fcvenilir yolu, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n kurumsal altyap\u0131ya s\u0131zmas\u0131n\u0131n \u00f6n\u00fcne ge\u00e7mektir. Dolay\u0131s\u0131yla uzmanlar bilgi g\u00fcvenli\u011fi stratejisi geli\u015ftirirken genellikle e-posta gibi en a\u00e7\u0131k sald\u0131r\u0131 vekt\u00f6rlerine odaklan\u0131r. Sald\u0131r\u0131lar\u0131n \u00e7o\u011fu ger\u00e7ekten de bir e-posta ile ba\u015flar, ancak siber su\u00e7lular\u0131n ba\u015fka bir\u00e7ok k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m yayma y\u00f6ntemi oldu\u011funu da unutmamak gerekir. Kaspersky Global Ara\u015ft\u0131rma ve Analiz Ekibi\u2019nden uzmanlar, son tehditleri analiz ederken kar\u015f\u0131la\u015ft\u0131klar\u0131, yayg\u0131n g\u00f6r\u00fclmeyen baz\u0131 vir\u00fcs bula\u015ft\u0131rma ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m yayma y\u00f6ntemlerinden bahsettiler<\/a>.<\/p>\n

Ba\u015fka bir arac\u0131 taklit etme ama\u00e7l\u0131 hatal\u0131 yaz\u0131m (typosquatting)<\/h2>\n

AdvancedIPSpyware adl\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n yarat\u0131c\u0131lar\u0131, kodlar\u0131n\u0131 sistem y\u00f6neticilerine y\u00f6nelik Advanced IP Scanner arac\u0131na eklemeye karar verdi. Tamamen orijinaliyle ayn\u0131 tasar\u0131ma sahip ve alan ad\u0131n\u0131n yaln\u0131zca bir harfi farkl\u0131 olan iki web sitesi yaratt\u0131lar. Bir yerel a\u011f izleme arac\u0131 arayan kurban\u0131n sahte siteden arka kap\u0131s\u0131 olan program\u0131 indirmesini umuyorlard\u0131. \u0130\u015fin ilgin\u00e7 yan\u0131, Advanced IP Scanner\u2019\u0131n k\u00f6t\u00fc ama\u00e7l\u0131 s\u00fcr\u00fcm\u00fc yasal bir dijital sertifikayla imzalanm\u0131\u015ft\u0131. Sertifika \u00e7al\u0131nm\u0131\u015f gibi g\u00f6r\u00fcn\u00fcyor.<\/p>\n

YouTube videolar\u0131n\u0131n alt\u0131ndaki ba\u011flant\u0131lar<\/h2>\n

OnionPoison operat\u00f6rleri de benzer bir \u015fey yapmaya \u00e7al\u0131\u015ft\u0131. Tor taray\u0131c\u0131n\u0131n kendilerine ait k\u00f6t\u00fc ama\u00e7l\u0131 bir s\u00fcr\u00fcm\u00fcn\u00fc yaratt\u0131lar (yaln\u0131zca dijital imzas\u0131 yoktu). Ancak sahte taray\u0131c\u0131lar\u0131n\u0131 yaymak i\u00e7in \u00e7evrimi\u00e7i anonimlik hakk\u0131nda pop\u00fcler bir YouTube kanal\u0131nda yer alan ve Tor y\u00fckleme talimatlar\u0131n\u0131 i\u00e7eren bir videonun alt\u0131na bir ba\u011flant\u0131 koydular. Vir\u00fcsl\u00fc s\u00fcr\u00fcm g\u00fcncellenemiyordu ve k\u00f6t\u00fc ama\u00e7l\u0131 ilave bir kitapl\u0131k y\u00fcklemeye yarayan bir arka kap\u0131 i\u00e7eriyordu. Bu da sald\u0131rganlar\u0131n hem sistemde istedikleri komutu y\u00fcr\u00fctebilmelerini hem de taray\u0131c\u0131 ge\u00e7mi\u015fi ile WeChat ve QQ hesap giri\u015f bilgilerini ele ge\u00e7irmelerini sa\u011fl\u0131yordu.<\/p>\n

Torrentlerle yay\u0131lan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar<\/h2>\n

CLoader\u2019\u0131n yarat\u0131c\u0131lar\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n\u0131 korsan oyunlar ve kullan\u0131\u015fl\u0131 yaz\u0131l\u0131mlar gibi g\u00f6stererek yaymaya \u00e7al\u0131\u015ft\u0131. Bu y\u00f6ntem genellikle daha \u00e7ok ev kullan\u0131c\u0131lar\u0131n\u0131 hedeflese de uzaktan \u00e7al\u0131\u015fman\u0131n norm haline geldi\u011fi ve kurumsal s\u0131n\u0131rlar\u0131n bulan\u0131kla\u015ft\u0131\u011f\u0131 bug\u00fcnlerde k\u00f6t\u00fc ama\u00e7l\u0131 torrentler i\u015f bilgisaylar\u0131 i\u00e7in de tehdit olu\u015fturabiliyor. Torrent ile korsan yaz\u0131l\u0131m indirmeye \u00e7al\u0131\u015fan kurbanlar, bunun yerine vir\u00fcsl\u00fc cihazda proxy sunucu olarak \u00e7al\u0131\u015fabilen, ba\u015fka k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar y\u00fckleyebilen ve sisteme yetkisiz uzaktan eri\u015fim veren k\u00f6t\u00fc ama\u00e7l\u0131 bir yaz\u0131l\u0131m y\u00fcklemi\u015f oldu.<\/p>\n

Yasal ara\u00e7lar yoluyla yanal hareket<\/h2>\n

BlackBasta fidye yaz\u0131l\u0131m\u0131n\u0131n son s\u00fcr\u00fcm\u00fc, belirli Microsoft teknolojilerini kullanarak yerel bir a\u011fda yay\u0131labiliyor. Tek bir bilgisayara bula\u015ft\u0131ktan sonra LDAP kitapl\u0131\u011f\u0131 \u00fcst\u00fcnden Active Directory\u2019e ba\u011flan\u0131yor, yerel a\u011fdaki bilgisayarlar\u0131n listesini al\u0131yor, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 bu bilgisayarlara kopyal\u0131yor ve Bile\u015fen Nesne Modeli (COM) kullanarak yaz\u0131l\u0131m\u0131 uzaktan y\u00fcr\u00fct\u00fcyor. Bu y\u00f6ntemin sistemde daha az iz b\u0131rakmas\u0131 tespiti zorla\u015ft\u0131r\u0131yor.<\/p>\n

Kendinizi koruman\u0131n yollar\u0131<\/h2>\n

Bu \u00f6rnekler, kurumsal altyap\u0131lar\u0131n kapsaml\u0131 korumaya ihtiya\u00e7 duydu\u011funu g\u00f6steriyor. Elbette kimlik av\u0131na, k\u00f6t\u00fc ama\u00e7l\u0131 ba\u011flant\u0131lara ve eklere kar\u015f\u0131 gelen t\u00fcm e-postalar\u0131 tarayan bir \u00e7\u00f6z\u00fcm<\/a> sizi sald\u0131r\u0131lar\u0131n \u00e7o\u011fundan koruyacakt\u0131r. Ancak internet eri\u015fimine sahip her bilgisayar\u0131n kendi k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m korumas\u0131na<\/a> sahip olmas\u0131 gerekti\u011fini de unutmay\u0131n. Ayr\u0131ca kurumsal a\u011f\u0131n\u0131zda neler olup bitti\u011fini daha iyi anlamak i\u00e7in EDR s\u0131n\u0131f\u0131 \u00e7\u00f6z\u00fcmler<\/a> kullanmak da iyi bir fikir olabilir.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar kurumsal altyap\u0131lara en s\u0131k olarak e-posta yoluyla s\u0131zsa da tek vir\u00fcs bula\u015ft\u0131rma y\u00f6ntemi bu de\u011fil.<\/p>\n","protected":false},"author":2581,"featured_media":11101,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2190,2595,658,2594,145],"class_list":{"0":"post-11100","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-arka-kapilar","10":"tag-hatali-yazim","11":"tag-kotu-amacli-yazilimlar","12":"tag-typosquatting","13":"tag-virus"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/malware-propagation-methods\/11100\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/malware-propagation-methods\/24746\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/malware-propagation-methods\/20224\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/malware-propagation-methods\/10159\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/malware-propagation-methods\/27220\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/malware-propagation-methods\/25074\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/malware-propagation-methods\/25380\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/malware-propagation-methods\/27929\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/malware-propagation-methods\/27258\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/malware-propagation-methods\/34067\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/malware-propagation-methods\/45747\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/malware-propagation-methods\/19575\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/malware-propagation-methods\/20144\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/malware-propagation-methods\/29374\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/malware-propagation-methods\/32679\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/malware-propagation-methods\/28518\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/malware-propagation-methods\/25506\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/malware-propagation-methods\/31121\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/malware-propagation-methods\/30811\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/kotu-amacli-yazilimlar\/","name":"k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11100","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=11100"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11100\/revisions"}],"predecessor-version":[{"id":11102,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11100\/revisions\/11102"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/11101"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=11100"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=11100"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=11100"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}