{"id":2865,"date":"2017-01-17T08:43:47","date_gmt":"2017-01-17T13:43:47","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=2865"},"modified":"2019-11-15T14:53:51","modified_gmt":"2019-11-15T11:53:51","slug":"eyepyramid-spyware","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/eyepyramid-spyware\/2865\/","title":{"rendered":"EyePyramid: Amat\u00f6r \u015fans\u0131"},"content":{"rendered":"

Kaspersky Daily\u2019de zararl\u0131 yaz\u0131l\u0131mlardan bahsederken \u2013 ki bunu \u00e7ok s\u0131k yap\u0131yoruz \u2013 genellikle elimizdeki verilere g\u00f6re insanlara en \u00e7ok zarar veren t\u00fcrlerden bahsediyoruz. CryptXXX<\/a>, TeslaCrypt<\/a> ve benzeri birka\u00e7 yaz\u0131l\u0131m milyonlarca insan\u0131 ma\u011fdur etti. Birka\u00e7 ki\u015fiye bula\u015fm\u0131\u015f zararl\u0131 yaz\u0131l\u0131mlar insanlar\u0131n o kadar ilgisini \u00e7ekmez. Tahmin edebilece\u011finiz gibi bu \u015fekilde bir\u00e7ok zararl\u0131 yaz\u0131l\u0131m var ve hepsi i\u00e7in ayr\u0131 ayr\u0131 blog yaz\u0131lar\u0131 yazamay\u0131z.<\/p>\n

Ama her kural\u0131n bir istisnas\u0131 vard\u0131r. Bug\u00fcn EyePyramid (G\u00f6zPiramidi) ismindeki zararl\u0131 yaz\u0131l\u0131mdan bahsedece\u011fiz. Hay\u0131r, ismini biz vermedik; yaz\u0131l\u0131mc\u0131lar\u0131 verdi. EyePyramid\u2019den bahsedecek olma sebebimiz, bu yaz\u0131l\u0131m\u0131n di\u011ferlerinden biraz daha farkl\u0131 olmas\u0131, garip bir hikayeye sahip olmas\u0131.<\/p>\n

\u0130talyan ailesinin casusluk i\u015fi<\/h2>\n

EyePyramid\u2019in temelde bir aile i\u015fi. Bu zararl\u0131 yaz\u0131l\u0131m 45 ya\u015f\u0131ndaki n\u00fckleer m\u00fchendis \u0130talyan Giulio Occhionero taraf\u0131ndan yaz\u0131ld\u0131. O ve 48 ya\u015f\u0131ndaki k\u0131z karde\u015fi Francesca Maria Occhionero bu zararl\u0131 yaz\u0131l\u0131m\u0131 internete da\u011f\u0131tt\u0131lar. Beraber Westland Investments ad\u0131ndaki k\u00fc\u00e7\u00fck bir yat\u0131r\u0131m firmas\u0131nda \u00e7al\u0131\u015f\u0131yorlard\u0131.<\/p>\n

\u0130talyan polisinin ge\u00e7ti\u011fimiz g\u00fcnlerde yay\u0131nlad\u0131\u011f\u0131 rapor g\u00f6re<\/a>, EyePyramid oltalama y\u00f6ntemi ile da\u011f\u0131t\u0131ld\u0131 ve \u00e7o\u011funlukla \u0130talyan h\u00fck\u00fcmet mensuplar\u0131n\u0131n yan\u0131 s\u0131ra masonlar, hukuk firmalar\u0131, dan\u0131\u015fmanl\u0131k servisleri, \u00fcniversiteler ve hatta Vatikan kardinallerini hedef ald\u0131.<\/p>\n

Niye? Bir defa y\u00fcklendikten sonra zararl\u0131 yaz\u0131l\u0131m, yarat\u0131c\u0131lar\u0131na ma\u011fdurun bilgisayar\u0131ndaki kaynaklara eri\u015fim izni veriyor. SC Magazine\u2019e g\u00f6re<\/a>, bu i\u015f daha karl\u0131 yat\u0131r\u0131m yapmak i\u00e7in bilgi toplamak amac\u0131yla yap\u0131ld\u0131. Zararl\u0131 yaz\u0131l\u0131mlar uzmanlar\u0131n arac\u0131d\u0131r. Ve ben \u015fahsen yat\u0131r\u0131mlar ile kardinaller aras\u0131ndaki ba\u011flant\u0131y\u0131 kuramad\u0131m. Ama g\u00f6r\u00fcnen o ki, su\u00e7lulara g\u00f6re bir ba\u011flant\u0131 var.<\/p>\n

Polis raporu, y\u00fcksek profilli kurbanlar\u0131 hedef alan EyePyramid hakk\u0131nda detayl\u0131 bilgiler i\u00e7ermiyordu. Ancak y\u00f6netim ve kontrol sunucular\u0131nda bulunan e-mail adresleri GReAT ekibimizin ilgisini \u00e7ekti ver ara\u015ft\u0131rmaya ba\u015flad\u0131lar<\/a>.<\/p>\n

\u00c7aylak siber su\u00e7lu<\/h2>\n

Polisin verilerini kullanarak uzmanlar\u0131m\u0131z EyePyramid\u2019in 44 farkl\u0131 versiyonunu buldular. Bu da hikayeyi anlamam\u0131za epey yard\u0131mc\u0131 oldu. Baz\u0131 medya kurulu\u015flar\u0131 EyePyramid\u2019in son derece karma\u015f\u0131k oldu\u011funu iddia ediyor. Hay\u0131r de\u011fil. Hatta gayet basit. Su\u00e7lu ikili zararl\u0131 yaz\u0131l\u0131m\u0131n \u00e7al\u0131\u015ft\u0131r\u0131labilir uzant\u0131s\u0131n\u0131 gizlemek i\u00e7in birden fazla bo\u015fluk kullanmak gibi k\u00f6r y\u00f6ntemler kullanm\u0131\u015f. Basit bir y\u00f6ntem ancak i\u015fe yaram\u0131\u015f.<\/p>\n

Anla\u015f\u0131lan o ki Occhionerolar su\u00e7 hayatlar\u0131na \u00e7ok \u00f6nceden ba\u015flam\u0131\u015flar \u2013 bulabildi\u011fimiz en eski zararl\u0131 yaz\u0131l\u0131m \u00f6rneklerine g\u00f6re 2010. \u0130talya polisine g\u00f6re bu ikili 2008\u2019den beri aktif olabilir.<\/p>\n

Her ikisi de siber su\u00e7 alan\u0131nda amat\u00f6r olduklar\u0131 i\u00e7in, iyi bir operasyonal g\u00fcvenlik sa\u011flayamad\u0131lar. Dahas\u0131, g\u00fcvenlik konusunu hi\u00e7 \u00f6nemsemediler. Kurbanlar\u0131 hakk\u0131nda cep telefonunda g\u00f6r\u00fc\u015ft\u00fcler (ki kolluk kuvvetleri taraf\u0131ndan kolayca dinlenebiliyor<\/a>), WhatsApp\u2019\u0131 da ayn\u0131 konular\u0131 konu\u015fmak i\u00e7in kulland\u0131lar (ge\u00e7ti\u011fimiz y\u0131la kadar WhatsApp\u2019\u0131n da u\u00e7tan uca \u015fifreleme \u00f6zelli\u011fi yoktu<\/a>), hatta baz\u0131 i\u015flerinde \u015firketlerinin IP adresinin izlerini dahi b\u0131rakt\u0131lar.<\/p>\n

Ama yine de, en az \u00fc\u00e7 y\u0131ld\u0131r hatta belki sekiz y\u0131ldan fazla bir s\u00fcredir, 16,000 kurban\u0131 hedef ald\u0131lar ve kurbanlar\u0131n bilgisayarlar\u0131na 100\u2019den fazla kez girmeyi ba\u015fard\u0131lar. Elde ettikleri onlarca gigabyte very ile yat\u0131r\u0131mlar\u0131n\u0131 g\u00fc\u00e7lendirdiler.<\/p>\n

Masal bitti<\/h2>\n

10 Ocak\u2019ta Giulio ve Francesca Maria Occhionero FBI taraf\u0131ndan tutukland\u0131, bu amat\u00f6r zararl\u0131 yaz\u0131l\u0131m\u0131n\u0131n da devri bitti.<\/p>\n

Uzun vadede \u015fa\u015f\u0131rt\u0131c\u0131 g\u00f6r\u00fcnebilir ancak bu zararl\u0131 yaz\u0131l\u0131m\u0131n s\u0131rr\u0131 sadelikte yat\u0131yor. Tamamen ara\u015ft\u0131rmak i\u00e7in \u00e7ok s\u0131k\u0131c\u0131 g\u00f6z\u00fcn\u00fcyordu ve Kaspersky Security Network sadece 92 bula\u015fma denemesi tespit etmi\u015fti. Ki bu say\u0131 da fidye yaz\u0131l\u0131mlar\u0131n\u0131n deneme say\u0131lar\u0131n\u0131n yan\u0131nda okyanusta bir damla gibi duruyor. Bu arada son olarak, su\u00e7lular hapiste.<\/p>\n","protected":false},"excerpt":{"rendered":"

Kaspersky Daily\u2019de zararl\u0131 yaz\u0131l\u0131mlardan bahsederken \u2013 ki bunu \u00e7ok s\u0131k yap\u0131yoruz \u2013 genellikle elimizdeki verilere g\u00f6re insanlara en \u00e7ok zarar veren t\u00fcrlerden bahsediyoruz. CryptXXX, TeslaCrypt ve benzeri birka\u00e7 yaz\u0131l\u0131m milyonlarca insan\u0131 ma\u011fdur etti. Birka\u00e7 ki\u015fiye bula\u015fm\u0131\u015f zararl\u0131 yaz\u0131l\u0131mlar insanlar\u0131n o kadar ilgisini \u00e7ekmez. Tahmin edebilece\u011finiz gibi bu \u015fekilde bir\u00e7ok zararl\u0131 yaz\u0131l\u0131m var ve hepsi i\u00e7in ayr\u0131 ayr\u0131 blog yaz\u0131lar\u0131 yazamay\u0131z.<\/p>\n","protected":false},"author":696,"featured_media":2866,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[709,1114,1115,1116,553],"class_list":{"0":"post-2865","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-casusluk","9":"tag-eyepyramid","10":"tag-italya","11":"tag-spyware","12":"tag-zararli-yazilim-2"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/eyepyramid-spyware\/2865\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/eyepyramid-spyware\/5808\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/eyepyramid-spyware\/10676\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/eyepyramid-spyware\/8245\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/eyepyramid-spyware\/13958\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/eyepyramid-spyware\/13838\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/eyepyramid-spyware\/6033\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/eyepyramid-spyware\/9501\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/eyepyramid-spyware\/13629\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/eyepyramid-spyware\/13958\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/eyepyramid-spyware\/13838\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/eyepyramid-spyware\/13838\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/spyware\/","name":"spyware"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2865","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/696"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=2865"}],"version-history":[{"count":2,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2865\/revisions"}],"predecessor-version":[{"id":7096,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/2865\/revisions\/7096"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/2866"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=2865"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=2865"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=2865"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}