{"id":11612,"date":"2023-08-15T10:00:29","date_gmt":"2023-08-15T07:00:29","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=11612"},"modified":"2023-08-13T00:28:56","modified_gmt":"2023-08-12T21:28:56","slug":"illicit-code-on-legitimate-sites","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/illicit-code-on-legitimate-sites\/11612\/","title":{"rendered":"Web skimmer: neden \u00f6zellikle sinsi ve tehlikeli?"},"content":{"rendered":"<p>\u00c7evrimi\u00e7i al\u0131\u015fveri\u015f yaparken hem kendinizi hem de paran\u0131z\u0131 tipik doland\u0131r\u0131c\u0131l\u0131klardan koruman\u0131za yard\u0131mc\u0131 olabilecek olduk\u00e7a basit birka\u00e7 kural vard\u0131r. \u0130\u015fte bunlar\u0131n \u00f6zeti:<\/p>\n<ul>\n<li>\u0130nternette tan\u0131mad\u0131\u011f\u0131n\u0131z ki\u015filerin ki\u015fisel hesaplar\u0131na para g\u00f6ndermeyin;<\/li>\n<li>Banka kart\u0131 bilgilerinizi \u015f\u00fcpheli sitelere girmeyin;<\/li>\n<li>Bir web sitesine \u00f6deme bilgilerinizi girmeden \u00f6nce web adresini her zaman dikkatlice kontrol edin.<\/li>\n<\/ul>\n<p>Ancak, pek \u00e7ok ki\u015fi kart bilgilerinin yasal web sitelerinde bile ele ge\u00e7irilebilece\u011fini bilmiyor. Bu durum, sayfaya web skimmer (do\u011frudan web sitesi koduna g\u00f6m\u00fcl\u00fc k\u00f6t\u00fc ama\u00e7l\u0131 komut dosyalar\u0131) bula\u015fm\u0131\u015fsa meydana gelebilir. Bug\u00fcn bu konudan bahsedece\u011fiz.<\/p>\n<h2>Web skimmer nedir?<\/h2>\n<p>Web skimmer\u2019lar, kart bilgilerini \u00e7almak i\u00e7in ATM\u2019lere veya \u00f6deme terminallerine yerle\u015ftirilen gizli cihazlar olan donan\u0131m <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/skimmers-part-one\/7223\/\" rel=\"noopener nofollow\">skimmer\u2019lar\u0131<\/a> ile olan ili\u015fkilerinden dolay\u0131 adland\u0131r\u0131lm\u0131\u015ft\u0131r. Skimmer\u2019lar\u0131 fark etmek zordur, \u00e7\u00fcnk\u00fc normal ATM donan\u0131m\u0131 gibi g\u00f6r\u00fcn\u00fcrler, bu nedenle \u015f\u00fcphelenmeyen kullan\u0131c\u0131lar, yaln\u0131zca \u00f6deme ayr\u0131nt\u0131lar\u0131n\u0131 su\u00e7lularla payla\u015fmak i\u00e7in kartlar\u0131n\u0131 yerle\u015ftirir veya kayd\u0131r\u0131rlar.<\/p>\n<p>Doland\u0131r\u0131c\u0131lar uzun zaman \u00f6nce donan\u0131mla u\u011fra\u015fmak ve su\u00e7 mahallinde yakalanma riskini almak zorunda olmad\u0131klar\u0131n\u0131 fark ettiler. Ayn\u0131 sonu\u00e7 \u00e7ok daha kolay bir \u015fekilde, tamamen uzaktan ve daha az riskle, bir kod par\u00e7ac\u0131\u011f\u0131 yaz\u0131p bunu bir web sitesine yerle\u015ftirerek elde edilebilir; bu kod par\u00e7ac\u0131\u011f\u0131 m\u00fc\u015fterilerin banka kart\u0131 bilgilerini ele ge\u00e7irecek ve bunlar\u0131 doland\u0131r\u0131c\u0131lara g\u00f6nderecektir. Bu kod par\u00e7ac\u0131\u011f\u0131na web skimmer denir.<\/p>\n<p>Siber su\u00e7lular, savunmas\u0131z \u00e7evrimi\u00e7i ma\u011fazalar\u0131 ve kart \u00f6demelerini kabul eden di\u011fer web sitelerini aray\u0131p hackler ve sahipleri fark etmeden k\u00f6t\u00fc ama\u00e7l\u0131 kodlar\u0131n\u0131 y\u00fckler. Bu noktada i\u015fleri bitmi\u015ftir \u2014 art\u0131k tek yapmalar\u0131 gereken kart bilgilerini bir veri taban\u0131nda birle\u015ftirmek ve veri taban\u0131n\u0131 dark web\u2019de banka kartlar\u0131ndan para \u00e7alma konusunda uzmanla\u015fm\u0131\u015f di\u011fer siber su\u00e7lulara satmakt\u0131r.<\/p>\n<h2>Web skimmer neden tehlikelidir?<\/h2>\n<p>\u00dc\u00e7 \u015fey web skimmer\u2019lar\u0131 \u00f6zellikle tehlikeli k\u0131lar.<\/p>\n<p>\u0130lk olarak, kullan\u0131c\u0131lar taraf\u0131ndan g\u00f6r\u00fcnmezler. \u00c7evrimi\u00e7i al\u0131\u015fveri\u015f yapan s\u0131radan bir m\u00fc\u015fteri a\u00e7\u0131s\u0131ndan \u015f\u00fcpheli hi\u00e7bir \u015fey yoktur. Do\u011fru adrese sahip ve hi\u00e7bir tehlike i\u015fareti bulunmayan bir web sitesinde al\u0131\u015fveri\u015f yaparlar: her \u015fey normal bir web sitesi g\u00f6r\u00fcn\u00fcr ve \u00e7al\u0131\u015f\u0131r. Ayr\u0131ca, para kurban\u0131n hesab\u0131ndan hemen kaybolmaya ba\u015flamaz, bu nedenle kart\u0131n ele ge\u00e7irildi\u011fi web sitesini tespit etmek m\u00fcmk\u00fcn olsa bile zordur.<\/p>\n<p>\u0130kincisi, web skimmer\u2019lar\u0131n tespit edilmesi pek kolay de\u011fildir \u2014 web sitesi sahipleri taraf\u0131ndan bile. Bu durum siber g\u00fcvenlik uzman\u0131 bir yana, tam zamanl\u0131 bir BT uzman\u0131na sahip olmayabilecek daha k\u00fc\u00e7\u00fck \u00e7evrimi\u00e7i ma\u011fazalar i\u00e7in daha b\u00fcy\u00fck bir sorun te\u015fkil eder. Ancak, daha b\u00fcy\u00fck \u00e7evrimi\u00e7i sat\u0131c\u0131lar bile kendi sitelerinde web skimmer olup olmad\u0131\u011f\u0131n\u0131 kontrol etmenin olduk\u00e7a egzotik beceriler ve ara\u00e7lar gerektiren bir zorluk oldu\u011funu g\u00f6rebilir.<\/p>\n<p>\u00dc\u00e7\u00fcnc\u00fcs\u00fc, ma\u011fdurlar h\u0131rs\u0131zl\u0131\u011f\u0131 belirli bir ma\u011fazayla ili\u015fkilendirmekte zorlan\u0131rlar, bu nedenle herhangi birinin \u015fikayette bulunmas\u0131 pek olas\u0131 de\u011fildir. \u00c7ok az i\u015fletme sahibi, sadece tedbirli olmak i\u00e7in web sitelerini skimmer\u2019lara kar\u015f\u0131 taramak gibi karma\u015f\u0131k ve masrafl\u0131 bir i\u015fe giri\u015fir (ki bu da bir profesyonel tutmay\u0131 gerektirir).<\/p>\n<h2>Web skimmer tehdidi ne kadar yayg\u0131n?<\/h2>\n<p>Yak\u0131n tarihli bir \u00e7al\u0131\u015fmada, siber g\u00fcvenlik uzmanlar\u0131 <a target=\"_blank\" rel=\"nofollow noopener\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-hijack-legitimate-sites-to-host-credit-card-stealer-scripts\/\">web skimmer durumunu bug\u00fcnk\u00fc haliyle inceledi<\/a>. \u00c7al\u0131\u015fma, web skimmer konusunda uzmanla\u015fm\u0131\u015f Magecart siber su\u00e7 \u00f6rg\u00fct\u00fcyle ba\u011flant\u0131l\u0131 oldu\u011fu d\u00fc\u015f\u00fcn\u00fclen k\u00f6t\u00fc ama\u00e7l\u0131 bir kampanyay\u0131 analiz etti. \u00c7al\u0131\u015fmadaki \u00f6nemli ke\u015fifler \u015funlard\u0131:<\/p>\n<ul>\n<li>Ba\u015flang\u0131\u00e7ta web skimmer\u2019lar yaln\u0131zca Magento taraf\u0131ndan desteklenen \u00e7evrimi\u00e7i ma\u011fazalara yerle\u015ftirilirken, g\u00fcvenli\u011fi ihlal edilmi\u015f platformlar\u0131n yelpazesi daha da geni\u015fledi. Siber su\u00e7lular art\u0131k Shopify ve WordPress \u00fczerinde \u00f6deme kabul etmeye y\u00f6nelik eklentilerle (\u00f6zellikle WooCommerce ile) \u00e7al\u0131\u015fan ma\u011fazalara vir\u00fcs bula\u015ft\u0131rabiliyor.<\/li>\n<li>Vir\u00fcsl\u00fc bir sitede bir web skimmer\u2019\u0131n tespit edilmesini zorla\u015ft\u0131rmak i\u00e7in, implantlar\u0131n yarat\u0131c\u0131lar\u0131 kas\u0131tl\u0131 olarak onlar\u0131 Facebook Pixel, Google Analytics veya Google Tag Manager gibi hizmetlerin yasal kodlar\u0131 gibi g\u00f6steriyor.<\/li>\n<li>Kampanyan\u0131n arkas\u0131ndaki bilgisayar korsanlar\u0131n\u0131n kulland\u0131\u011f\u0131 en son hilelerden biri, g\u00fcvenli\u011fi ihlal edilmi\u015f web sitelerini, di\u011fer sitelere yerle\u015ftirilen web skimmer\u2019lar\u0131 y\u00f6netmek ve \u00e7al\u0131nan \u00f6deme bilgilerini s\u0131zd\u0131rmak i\u00e7in komuta ve kontrol (C&amp;C) sunucular\u0131 olarak kullanmakt\u0131r. Bu \u015fekilde tespit edilmeden kal\u0131rlar: yasal web siteleriyle konu\u015fan implante edilmi\u015f web skimmer\u2019lar\u0131 \u015f\u00fcpheli g\u00f6r\u00fcnmez.<\/li>\n<li>Web skimmer\u2019lar\u0131n bula\u015ft\u0131\u011f\u0131 tespit edilen web sitelerinde, her ay y\u00fcz binlerce m\u00fc\u015fteriye hizmet veren olduk\u00e7a b\u00fcy\u00fck \u00e7evrimi\u00e7i ma\u011fazalar yer al\u0131yordu.<\/li>\n<li>\u0130statistiksel olarak, ara\u015ft\u0131rmac\u0131lar 2022\u2019de web skimmer i\u00e7eren 10.000\u2019e yak\u0131n web sitesi ke\u015ffetti. Y\u0131l sonu itibar\u0131yla bunlar\u0131n d\u00f6rtte birine hala vir\u00fcs bula\u015fm\u0131\u015f durumdayd\u0131, bu da bir web skimmer implant\u0131n\u0131n g\u00fcvenli\u011fi ihlal edilmi\u015f bir web sitesinde y\u0131llarca olmasa da aylarca kalabilece\u011fini g\u00f6steriyor.<\/li>\n<\/ul>\n<h2>Web skimmer\u2019lardan kendinizi koruma<\/h2>\n<p><a href=\"https:\/\/www.kaspersky.com.tr\/premium?icid=tr_bb2023-kdplacehd_acq_ona_smm__onl_b2c_kdaily_lnk_sm-team___kprem___\" target=\"_blank\" rel=\"noopener\">G\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcm\u00fcz<\/a> \u00e7evrimi\u00e7i \u00f6deme s\u00fcrecini g\u00fcvence alt\u0131na alman\u0131za yard\u0131mc\u0131 olacakt\u0131r. Sundu\u011fumuz \u00fcr\u00fcn, bir ba\u011flant\u0131ya t\u0131klad\u0131\u011f\u0131n\u0131z anda t\u00fcm web trafi\u011fi nesnelerini hem bilinen hem de bilinmeyen tehditlere kar\u015f\u0131 tarayan G\u00fcvenli Tarama teknolojisini kullan\u0131r. HTML kodunda veya bir komut dosyas\u0131nda bir web skimmer alg\u0131larsa, sizi k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m varl\u0131\u011f\u0131 konusunda uyar\u0131r ve tehlikeli sayfan\u0131n y\u00fcklenmesini engeller.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"premium-generic\">\n","protected":false},"excerpt":{"rendered":"<p>Web skimmer nedir, internette al\u0131\u015fveri\u015f yaparken bunlara neden dikkat etmelisiniz ve kendinizi nas\u0131l koruyabilirsiniz?<\/p>\n","protected":false},"author":2726,"featured_media":11613,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[1697,1100,781,537],"class_list":{"0":"post-11612","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-banka-kartlari","9":"tag-cevrimici-alisveris","10":"tag-finans","11":"tag-tehditler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/illicit-code-on-legitimate-sites\/11612\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/illicit-code-on-legitimate-sites\/25840\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/illicit-code-on-legitimate-sites\/21281\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/illicit-code-on-legitimate-sites\/10819\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/illicit-code-on-legitimate-sites\/28538\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/illicit-code-on-legitimate-sites\/26139\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/illicit-code-on-legitimate-sites\/26493\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/illicit-code-on-legitimate-sites\/28976\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/illicit-code-on-legitimate-sites\/27884\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/illicit-code-on-legitimate-sites\/35636\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/illicit-code-on-legitimate-sites\/48509\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/illicit-code-on-legitimate-sites\/21485\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/illicit-code-on-legitimate-sites\/30305\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/illicit-code-on-legitimate-sites\/34217\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/illicit-code-on-legitimate-sites\/26453\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/illicit-code-on-legitimate-sites\/32149\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/illicit-code-on-legitimate-sites\/31833\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/cevrimici-alisveris\/","name":"\u00e7evrimi\u00e7i al\u0131\u015fveri\u015f"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11612","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2726"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=11612"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11612\/revisions"}],"predecessor-version":[{"id":11615,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/11612\/revisions\/11615"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/11613"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=11612"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=11612"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=11612"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}