{"id":3741,"date":"2017-09-14T12:12:05","date_gmt":"2017-09-14T09:12:05","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=3741"},"modified":"2019-11-15T14:48:33","modified_gmt":"2019-11-15T11:48:33","slug":"hidden-miners-botnet-threat","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/hidden-miners-botnet-threat\/3741\/","title":{"rendered":"Bilgisayar\u0131n\u0131zda gizli madencilik yaz\u0131l\u0131m\u0131 var m\u0131? O kadar emin olmay\u0131n…"},"content":{"rendered":"

Kripto para madencili\u011fi<\/a> BT end\u00fcstrisinde s\u0131k\u00e7a kullan\u0131lan bir kelime ve h\u0131zla b\u00fcy\u00fcyen bir fenomendir. Bu geni\u015f kapsaml\u0131 ak\u0131m\u0131n bir par\u00e7as\u0131 olarak gitgide daha \u00e7ok insan \u201cmadencili\u011fe\u201d veya blok zincirine blok ekleyip bunun kar\u015f\u0131l\u0131\u011f\u0131nda kripto para kazanmaya ba\u015flad\u0131. Bu madenciler \u00f6zel coin\u2019leri kazanmak i\u00e7in her ge\u00e7en g\u00fcn daha yarat\u0131c\u0131 y\u00f6ntemler geli\u015ftiriyor. Tabii ki bunlar\u0131n hepsi yasal de\u011fil. Hatta bu \u201cmadencilerden\u201d daha giri\u015fken olanlar\u0131 hi\u00e7 \u00e7ekinmeden i\u015fin masraflar\u0131n\u0131 sizin \u00fczerinize y\u00fckler.<\/p>\n

Madenciler sizin bilgisayar\u0131n\u0131za neden ihtiya\u00e7 duyar?<\/h2>\n

Daha \u00f6nce botnet\u2019ler<\/a> hakk\u0131nda ve hacker\u2019lar\u0131n bilgisayar\u0131n\u0131z\u0131 nas\u0131l zombie\u2019ye d\u00f6n\u00fc\u015ft\u00fcr\u00fcp botnet\u2019in par\u00e7as\u0131 haline getirdi\u011fiyle ilgili makaleler yazm\u0131\u015ft\u0131k. Bu t\u00fcr zombie bilgisayarlardan olu\u015fan bir a\u011f yaln\u0131zca kripto para madencili\u011fi<\/a> i\u00e7in de\u011fil ayn\u0131 zamanda bir\u00e7ok farkl\u0131 ama\u00e7 i\u00e7in kullan\u0131labilir.<\/p>\n

Basit\u00e7e anlatmak gerekirse, bilgisayar\u0131n\u0131z da\u011f\u0131t\u0131lm\u0131\u015f a\u011f\u0131n bir par\u00e7as\u0131 haline gelir ve i\u015flem g\u00fcc\u00fc kripto para madencili\u011fi i\u00e7in kullan\u0131l\u0131r. Bu kripto para da botnet sahibinin cebine gider. Botnet\u2019deki binlerce bilgisayar, tek bir bilgisayara k\u0131yasla \u00e7ok daha etkili bir \u015fekilde kripto para \u00e7\u0131karabilir. Botnet madencili\u011finde sald\u0131r\u0131ya maruz kalanlar elektrik faturalar\u0131n\u0131 da \u00fcstlenmi\u015f olur. Bu nedenle hi\u00e7bir \u015feyden haberi olmayan kullan\u0131c\u0131lar\u0131n bilgisayarlar\u0131na madencilik uygulamalar\u0131 y\u00fcklemek hacker\u2019lar i\u00e7in son derece karl\u0131d\u0131r.<\/p>\n

Bu arada s\u0131radan insanlar da kendi ba\u015flar\u0131na kripto para kazanmak i\u00e7in kas\u0131tl\u0131 olarak madencilik uygulamas\u0131 y\u00fckleyebilir. Yasal madencili\u011fi yasa d\u0131\u015f\u0131 faaliyetten ay\u0131rmak olduk\u00e7a zordur. Bu iki madencilik uygulamas\u0131 t\u00fcr\u00fc de birbirinin ayn\u0131s\u0131d\u0131r. Tek fark birinin gizlice y\u00fcklenmi\u015f olmas\u0131 ve yasa d\u0131\u015f\u0131 faaliyetler ger\u00e7ekle\u015ftiren uygulamalar\u0131 \u00e7al\u0131\u015ft\u0131rmas\u0131d\u0131r.<\/p>\n

Gizli madencilik yaz\u0131l\u0131m\u0131 bilgisayar\u0131n\u0131za nas\u0131l kurulur?<\/h2>\n

Genellikle madencilik yaz\u0131l\u0131mlar\u0131, as\u0131l amac\u0131 gizlice ba\u015fka bir uygulamay\u0131 y\u00fcklemek olan dropper<\/a> (dosya y\u00fckleyici) ad\u0131nda \u00f6zel olarak \u00fcretilmi\u015f, k\u00f6t\u00fc ama\u00e7l\u0131 uygulama arac\u0131l\u0131\u011f\u0131yla bilgisayar\u0131n\u0131za y\u00fcklenir. Dropper\u2019lar (dosya y\u00fckleyiciler) lisansl\u0131 \u00fcr\u00fcnlerin korsan s\u00fcr\u00fcmleri veya bu s\u00fcr\u00fcmler i\u00e7in aktivasyon anahtar\u0131 \u00fcreticisi gibi dosyalar\u0131n i\u00e7inde saklan\u0131r. Kullan\u0131c\u0131lar bu t\u00fcr yaz\u0131l\u0131mlar\u0131 e\u015fler aras\u0131 a\u011flardan kas\u0131tl\u0131 olarak indirir.<\/p>\n

\u0130ndirilen dosya ba\u015flat\u0131ld\u0131\u011f\u0131nda ma\u011fdurun bilgisayar\u0131nda bir y\u00fckleyici etkinle\u015ftirilir. Daha sonra bu y\u00fckleyici madencilik uygulamas\u0131n\u0131 ve bu uygulamay\u0131 gizleyen \u00f6zel bir arac\u0131 indirir. Ayr\u0131ca uygulama otomatik \u00e7al\u0131\u015ft\u0131rmay\u0131 ve ayarlar\u0131 yap\u0131land\u0131rmay\u0131 sa\u011flayan hizmetlerle birlikte tam olarak indirilebilir.<\/p>\n

\u00d6rne\u011fin kullan\u0131c\u0131 baz\u0131 pop\u00fcler bilgisayar oyunlar\u0131n\u0131 oynamaya ba\u015flad\u0131\u011f\u0131nda bu t\u00fcr hizmetler madencilik uygulamas\u0131n\u0131 ask\u0131ya al\u0131r. (Madencilik uygulamas\u0131 grafik kart\u0131n\u0131n i\u015flem g\u00fcc\u00fcn\u00fc kullan\u0131r. Dolay\u0131s\u0131yla oyunu yava\u015flatarak kullan\u0131c\u0131da \u015f\u00fcphe uyand\u0131rabilir.)<\/p>\n

Ayn\u0131 zamanda bu t\u00fcr hizmetler antivir\u00fcs \u00fcr\u00fcnlerini devre d\u0131\u015f\u0131 b\u0131rakmaya, sistem izleme arac\u0131 \u00e7al\u0131\u015f\u0131rken madencilik uygulamas\u0131n\u0131 bekletmeye ve kullan\u0131c\u0131n\u0131n silmesi durumunda uygulamay\u0131 geri y\u00fcklemeye \u00e7al\u0131\u015fabilir.<\/p>\n

Sorunun b\u00fcy\u00fckl\u00fc\u011f\u00fc<\/h2>\n

Hacker\u2019lar bu t\u00fcr uygulamalar\u0131 hizmet olarak da\u011f\u0131t\u0131r. \u00c7evrimi\u00e7i i\u015f olanaklar\u0131 i\u00e7in a\u00e7\u0131lan Telegram kanallar\u0131n\u0131 kullan\u0131rlar. Mesela gizli bir madencilik uygulamas\u0131n\u0131 da\u011f\u0131tmak i\u00e7in bu t\u00fcr dropper\u2019lar\u0131n (dosya y\u00fckleyici) deneme s\u00fcr\u00fcmlerini sunan reklamlarla kar\u015f\u0131la\u015fabilirsiniz.<\/p>\n

Bu olay\u0131n b\u00fcy\u00fckl\u00fc\u011f\u00fcn\u00fc anlamak i\u00e7in \u015fu \u00f6rne\u011fe bakabiliriz: Uzmanlar\u0131m\u0131z yak\u0131n zamanda Minergate madencilik yaz\u0131l\u0131m\u0131n\u0131n gizlice kuruldu\u011fu binlerce bilgisayardan olu\u015fan bir botnet tespit etti<\/a>. Bu botnet \u00e7ok pop\u00fcler bitcoinleri<\/a> de\u011fil daha \u00e7ok para transferlerini ve c\u00fczdan sahipli\u011fini gizleyen Monero (XMR) ve Zcash (ZEC) gibi kripto para birimlerini \u00e7\u0131kar\u0131r. En ihtiyatl\u0131 tahminlerde bile tek bir madencilik botnet\u2019inin ayl\u0131k 30.000 USD\u2019den daha fazla kazand\u0131rd\u0131\u011f\u0131 varsay\u0131l\u0131r. Uzmanlar\u0131m\u0131z botnet taraf\u0131ndan kullan\u0131lan c\u00fczdandan 200.000 USD\u2019den daha fazla bir miktar\u0131n aktar\u0131ld\u0131\u011f\u0131n\u0131 tespit etti.<\/p>\n

\"\"

Bu c\u00fczdan su\u00e7lular taraf\u0131ndan kullan\u0131lan ve yukar\u0131da bahsedilen Monero c\u00fczdan\u0131d\u0131r. Monero\u2019nun cari d\u00f6viz kuru 120 USD civar\u0131ndad\u0131r.<\/p><\/div>\n

\u00a0<\/p>\n

Bu tehdide kar\u015f\u0131 nas\u0131l korunabilirsiniz?<\/h2>\n

Kaspersky Internet Security<\/a> varsay\u0131lan ayar olarak sizi k\u00f6t\u00fc ama\u00e7l\u0131 dropper\u2019lara (dosya y\u00fckleyici) kar\u015f\u0131 korur. Yaln\u0131zca antivir\u00fcs uygulaman\u0131z\u0131n her zaman a\u00e7\u0131k olmas\u0131n\u0131 sa\u011flaman\u0131z yeterlidir. Bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n bilgisayar\u0131n\u0131za s\u0131zma \u015fans\u0131 ortadan kalkar. Herhangi bir nedenle Antivir\u00fcs yaz\u0131l\u0131m\u0131n\u0131z\u0131 devre d\u0131\u015f\u0131 b\u0131rak\u0131rsan\u0131z \u015f\u00fcphelendi\u011finizde manuel tarama ba\u015flat\u0131n. Kaspersky Internet Security hemen bu tam donan\u0131ml\u0131 Truva At\u0131<\/a>\u2018n\u0131 tespit eder ve bundan kurtulman\u0131z\u0131 sa\u011flar.<\/p>\n

Daha \u00f6nce bahsetti\u011fimiz gibi madencilik uygulamalar\u0131 dropper\u2019lar\u0131n (dosya y\u00fckleyici) aksine k\u00f6t\u00fc ama\u00e7l\u0131 uygulamalar de\u011fildir. Bu nedenle riskli yaz\u0131l\u0131m kategorimizde s\u0131n\u0131fland\u0131r\u0131l\u0131rlar. Riskli yaz\u0131l\u0131m normalde yasal olan ancak k\u00f6t\u00fc ama\u00e7lar i\u00e7in kullan\u0131labilen yaz\u0131l\u0131mlard\u0131r (buraya t\u0131klayarak<\/a> riskli yaz\u0131l\u0131m kategorisine dahil olan yaz\u0131l\u0131mlar hakk\u0131nda daha \u00e7ok bilgi edinebilirsiniz). Kaspersky Internet Security varsay\u0131lan ayar olarak bu t\u00fcr uygulamalar\u0131 engellemez veya silmez. \u00c7\u00fcnk\u00fc kullan\u0131c\u0131 bunlar\u0131 kendi iste\u011fiyle kurmu\u015f olabilir.<\/p>\n\n

Tedbiri elden b\u0131rakmak istemiyorsan\u0131z ve madencilik ya da ba\u015fka riskli yaz\u0131l\u0131mlar\u0131 kullanmayaca\u011f\u0131n\u0131zdan eminseniz her zaman Kaspersky Internet Security\u2019nin ayarlar\u0131n\u0131 a\u00e7arak Threats and Exclusions (Tehditler ve \u0130stisnalar) b\u00f6l\u00fcm\u00fcne gidebilir ve Detect other software (Ba\u015fka yaz\u0131l\u0131mlar\u0131 tespit et) se\u00e7ene\u011fini i\u015faretleyebilirsiniz. Son olarak sisteminizi d\u00fczenli aral\u0131klara taray\u0131n. G\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fcn\u00fcz her t\u00fcrl\u00fc istenmeyen uygulamay\u0131 y\u00fcklemekten ve \u00e7al\u0131\u015ft\u0131rmaktan ka\u00e7\u0131nman\u0131za yard\u0131mc\u0131 olur.<\/p>\n","protected":false},"excerpt":{"rendered":"

Bilgisayar\u0131n\u0131zda gizli madencilik yaz\u0131l\u0131m\u0131 var m\u0131? O kadar emin olmay\u0131n…<\/p>\n","protected":false},"author":2455,"featured_media":3742,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[374,392,1337,1338,744,777,1336,1339,1340,1332,537],"class_list":{"0":"post-3741","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-bitcoin","9":"tag-botnet","10":"tag-cryptocurrencies","11":"tag-ekran-karti","12":"tag-guvenlik","13":"tag-internet","14":"tag-kripto-para-birimi","15":"tag-madencilik","16":"tag-not-a-virus","17":"tag-riskli-yazilim","18":"tag-tehditler"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/hidden-miners-botnet-threat\/3741\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/hidden-miners-botnet-threat\/11212\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/hidden-miners-botnet-threat\/12652\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/hidden-miners-botnet-threat\/11714\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/hidden-miners-botnet-threat\/11282\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/hidden-miners-botnet-threat\/14321\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/hidden-miners-botnet-threat\/14225\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/hidden-miners-botnet-threat\/18707\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/hidden-miners-botnet-threat\/18488\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/hidden-miners-botnet-threat\/9469\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/hidden-miners-botnet-threat\/9706\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/hidden-miners-botnet-threat\/7337\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/hidden-miners-botnet-threat\/14570\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/hidden-miners-botnet-threat\/8623\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/hidden-miners-botnet-threat\/17846\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/hidden-miners-botnet-threat\/17846\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/hidden-miners-botnet-threat\/17833\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/tehditler\/","name":"tehditler"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/3741","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2455"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=3741"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/3741\/revisions"}],"predecessor-version":[{"id":7031,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/3741\/revisions\/7031"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/3742"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=3741"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=3741"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=3741"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}