{"id":5079,"date":"2018-07-11T09:43:08","date_gmt":"2018-07-11T06:43:08","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=5079"},"modified":"2018-12-14T11:14:09","modified_gmt":"2018-12-14T08:14:09","slug":"rakhni-miner-cryptor","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/rakhni-miner-cryptor\/5079\/","title":{"rendered":"Rakhni Truva At\u0131: \u015eifreleme ve madencilik"},"content":{"rendered":"

Yak\u0131n zamanda fidye yaz\u0131l\u0131mlar\u0131n\u0131n, \u00e7evrimi\u00e7i tehdit s\u0131ralamas\u0131nda birincili\u011fi madencilere kapt\u0131rd\u0131\u011f\u0131 hakk\u0131nda bir yaz\u0131 yay\u0131nlam\u0131\u015ft\u0131k<\/a>. Bu e\u011filimle birlikte, 2013 y\u0131l\u0131ndan beri izlemekte oldu\u011fumuz Truva at\u0131 fidye yaz\u0131l\u0131m\u0131 Rakhni, cephanesine bir de kripto para birimi madencili\u011fi mod\u00fcl\u00fc ekledi. \u0130lgin\u00e7 olan; bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m y\u00fckleyicisinin, cihaza g\u00f6re hangi bile\u015fenin y\u00fcklenece\u011fini se\u00e7ebiliyor olmas\u0131. Ara\u015ft\u0131rmac\u0131lar\u0131m\u0131z bu g\u00fcncellenmi\u015f k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 ve tehlikenin nerede yatt\u0131\u011f\u0131n\u0131 \u00e7\u00f6zd\u00fc.<\/p>\n

\"\"<\/p>\n

\u00dcr\u00fcnlerimiz Rusya\u2019da, Kazakistan\u2019da, Ukrayna\u2019da, Almanya\u2019da ve Hindistan\u2019da Rakhni\u2019ye rastlad\u0131. Bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, genel olarak k\u00f6t\u00fc ama\u00e7l\u0131 eklere sahip olan istenmeyen postalar yoluyla da\u011f\u0131t\u0131l\u0131yor. \u00d6rne\u011fin; uzmanlar\u0131m\u0131z\u0131n \u00fczerinde \u00e7al\u0131\u015ft\u0131\u011f\u0131 \u00f6rneklem, mali bir belge gibi g\u00f6r\u00fcn\u00fcyordu. Bu g\u00f6r\u00fcn\u00fcm, olay\u0131n arkas\u0131ndaki siber su\u00e7lular\u0131n kurumsal \u201cm\u00fc\u015fteriler\u201d ile ilgilendi\u011fini g\u00f6steriyor.<\/p>\n

DOCX ekli bir istenmeyen e-posta, bir PDF belgesi i\u00e7erir. Kullan\u0131c\u0131 d\u00fczenlemeye izin verip PDF\u2019i a\u00e7arsa sistem, bilinmeyen bir yay\u0131mc\u0131dan y\u00fcr\u00fct\u00fclebilir dosya \u00e7al\u0131\u015ft\u0131rmak i\u00e7in izin ister. Kullan\u0131c\u0131n\u0131n izniyle birlikte Rakhni harekete ge\u00e7er.<\/p>\n

\"\"<\/p>\n

Karanl\u0131ktaki bir h\u0131rs\u0131z gibi<\/h2>\n

\u0130lk ba\u015flad\u0131\u011f\u0131nda, bu k\u00f6t\u00fc ama\u00e7l\u0131 PDF dosyas\u0131, belge g\u00f6r\u00fcnt\u00fcleyici olarak g\u00f6r\u00fcn\u00fcr. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, kurbana \u00f6nce neden hi\u00e7bir \u015feyin a\u00e7\u0131lmad\u0131\u011f\u0131n\u0131 a\u00e7\u0131klayan bir hata mesaj\u0131 g\u00f6sterir. Daha sonra, Windows Defender\u2019\u0131 devre d\u0131\u015f\u0131 b\u0131rakarak sahte dijital sertifikalar y\u00fckler. Her \u015fey yolunda gidince de vir\u00fcs bula\u015ft\u0131rd\u0131\u011f\u0131 cihazla ne yapaca\u011f\u0131na karar verir: Dosyalar\u0131 \u015fifreleyip fidye ister veya madenci y\u00fckler.
\nSon olarak, k\u00f6t\u00fc ama\u00e7l\u0131 program, yerel a\u011fdaki di\u011fer bilgisayarlara da bula\u015fmaya \u00e7al\u0131\u015f\u0131r. \u015eirket \u00e7al\u0131\u015fanlar\u0131 kendi bilgisayarlar\u0131ndaki Kullan\u0131c\u0131lar klas\u00f6r\u00fcnde ortak eri\u015fim sunuyorsa k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m kendini kopyalamaya ba\u015flar.<\/p>\n

Maden mi, \u015fifreleme mi?<\/h2>\n

Se\u00e7im kriteri basittir: K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, kurban\u0131n bilgisayar\u0131nda Bitcoin isimli bir hizmet dosyas\u0131 bulursa dosyalar\u0131 (Office belgeleri, PDF\u2019ler, resimler ve yedekler dahil) \u015fifreleyen ve \u00fc\u00e7 g\u00fcn i\u00e7inde fidye \u00f6demesi talep eden bir fidye yaz\u0131l\u0131m\u0131 \u00e7al\u0131\u015ft\u0131r\u0131r. Siber su\u00e7lular, fidye \u00fccreti dahil olmak \u00fczere di\u011fer b\u00fct\u00fcn ayr\u0131nt\u0131lar\u0131 belirten bir posta g\u00f6ndereceklerine dair \u201cnazik\u201d bir s\u00f6z verir.<\/p>\n

Cihazda Bitcoin ile ilgili herhangi bir dosya yoksa ve k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, cihaz\u0131n kripto para madencili\u011fini kald\u0131rabilecek g\u00fc\u00e7te oldu\u011funa inan\u0131rsa; arka planda gizlice, Monero, Monero Original veya Dashcoin \u00fcreten bir madenci indirir.<\/p>\n

Kurban olmay\u0131n<\/h2>\n

Rakhni\u2019den etkilenmemek ve \u015firketinizi as\u0131l zarardan korumak i\u00e7in \u00f6zellikle bilinmeyen e-posta adreslerinden gelen mesajlara dikkat edin. Bir eki a\u00e7\u0131p a\u00e7mama konusunda emin de\u011filseniz, o eki a\u00e7may\u0131n. Ayr\u0131ca i\u015fletim sistemi uyar\u0131lar\u0131na \u00e7ok dikkat edin: Bilinmeyen yay\u0131mc\u0131lardan uygulama \u00e7al\u0131\u015ft\u0131rmay\u0131n; \u00f6zellikle de bu yay\u0131mc\u0131lar\u0131n isimleri pop\u00fcler programlar\u0131n isimlerini and\u0131r\u0131yorsa.<\/p>\n

Kurumsal a\u011fdaki madencilere ve \u015fifrecilere kar\u015f\u0131 verilen sava\u015fta, a\u015fa\u011f\u0131daki \u00f6nlemleri alman\u0131z sizin a\u00e7\u0131n\u0131zdan olduk\u00e7a faydal\u0131 olacakt\u0131r:<\/p>\n