{"id":6403,"date":"2019-09-09T10:43:16","date_gmt":"2019-09-09T07:43:16","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=6403"},"modified":"2022-05-05T14:26:43","modified_gmt":"2022-05-05T11:26:43","slug":"back-to-school-malware-2019","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/back-to-school-malware-2019\/6403\/","title":{"rendered":"\u00d6\u011frenci \u015fa\u015f\u0131rtma: Kendini ders kitab\u0131 ve makale olarak gizleyen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m"},"content":{"rendered":"

Pop\u00fcler TV dizi<\/a> ve programlar\u0131n\u0131 veya oyun hilelerini indirmeye \u00e7al\u0131\u015f\u0131rken<\/a> istemeden baz\u0131 k\u00f6t\u00fc tuzaklara d\u00fc\u015fmenin ne kadar kolay oldu\u011funu defalarca yazd\u0131k. Buna kar\u015f\u0131n siber su\u00e7lular\u0131n ara\u00e7lar\u0131, e\u011flence d\u00fcnyas\u0131n\u0131n \u00fcr\u00fcnleriyle k\u0131s\u0131tl\u0131 de\u011fildir. \u0130\u015f ya da ders materyali ararken de vir\u00fcse denk gelebilirsiniz. Bu hususa, \u00f6zellikle ders y\u0131l\u0131 ba\u015flad\u0131\u011f\u0131nda \u00e7ok dikkat edilmelidir. K-12 ve \u00fcniversite \u00f6\u011frencileri i\u00e7in ders kitaplar\u0131n\u0131n ve di\u011fer materyallerin maliyeti, s\u0131kl\u0131kla bir \u00e7o\u011funun internet \u00fczerinden daha uygun ve hatta \u00fccretsiz alternatiflere y\u00f6nelmesine neden olur.<\/p>\n

Bir makale indiriyorsunuz ve i\u00e7inden k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m \u00e7\u0131k\u0131yor<\/h2>\n

\u00dccretsiz sunulan materyaller aras\u0131nda k\u00f6t\u00fc ama\u00e7l\u0131 i\u00e7eriklerle ne s\u0131kl\u0131kla kar\u015f\u0131la\u015f\u0131ld\u0131\u011f\u0131n\u0131 tespit etmeye karar verdik. Bu ama\u00e7la, Kaspersky \u00fcr\u00fcnlerinin okul ve \u00f6\u011frenci konulu adlar\u0131 olan dosyalarda ka\u00e7 kez vir\u00fcs tespit etti\u011fini kontrol ettik. Bir hayli \u00e7ok sonu\u00e7 da elde ettik!<\/p>\n

Anla\u015f\u0131lan o ki, ge\u00e7ti\u011fimiz ders y\u0131l\u0131nda, e\u011fitim alan\u0131n\u0131 hedefleyen siber su\u00e7lular kullan\u0131c\u0131lar\u0131m\u0131za toplamda 356.000\u2019den fazla sald\u0131r\u0131 d\u00fczenlemi\u015f. Bunlar\u0131n 233.000\u2019i 74.000 fazla ki\u015finin bilgisayarlar\u0131na indirilmi\u015f ve \u00fcr\u00fcnlerimiz taraf\u0131ndan engellenmi\u015f olan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m i\u00e7eren makalelerdi.<\/p>\n

Bu dosyalar\u0131n yakla\u015f\u0131k \u00fc\u00e7te biri ders kitab\u0131yd\u0131: Kendine metin kitab\u0131 s\u00fcs\u00fc vermi\u015f k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlarla 122.000 sald\u0131r\u0131 yap\u0131ld\u0131\u011f\u0131n\u0131 tespit ettik. 30.000\u2019in \u00fczerinde kullan\u0131c\u0131 da bu dosyalar\u0131 a\u00e7maya \u00e7al\u0131\u015fm\u0131\u015f.<\/p>\n

2.080 indirme giri\u015fimiyle K-12 \u00f6\u011frencileri aras\u0131nda en pop\u00fcler olan\u0131, i\u00e7inde k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m gizlenen \u0130ngilizce ders kitaplar\u0131yd\u0131. \u0130kinci s\u0131rada, 1.213 \u00f6\u011frencinin bilgisayar\u0131na neredeyse bula\u015fan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m i\u00e7eren matematik ders kitaplar\u0131 bulunuyordu. 870 adet potansiyel ma\u011fdur ile edebiyat, en tehlikeli \u00fc\u00e7 ders s\u0131ralamas\u0131nda \u00fc\u00e7\u00fcnc\u00fc s\u0131rada yer al\u0131yordu.<\/p>\n

Su\u00e7lular, daha az pop\u00fcler dersleri de hedef se\u00e7mi\u015fti. Hem K-12 hem de \u00fcniversitesi d\u00fczeyinde, kendilerini do\u011fa bilimleri ders kitaplar\u0131 (18 kullan\u0131c\u0131 taraf\u0131ndan indirilmeye \u00e7al\u0131\u015f\u0131lm\u0131\u015f) ve daha az say\u0131da olmak \u00fczere yabanc\u0131 dil ders kitaplar\u0131 \u015feklinde gizleyen k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlarla kar\u015f\u0131la\u015ft\u0131k.<\/p>\n

Ders kitab\u0131 ve makale g\u00f6r\u00fcn\u00fcm\u00fc alt\u0131nda yay\u0131lan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m t\u00fcrleri nelerdir?<\/h2>\n

Ders materyali ararken kendinizi prensip sahibi olmayan bir internet sitesinde bulman\u0131z ve bu internet sitesinden materyal indirmeye \u00e7al\u0131\u015fman\u0131z halinde, her t\u00fcrden k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mla kar\u015f\u0131la\u015fma riskiye kar\u015f\u0131 kar\u015f\u0131ya kal\u0131rs\u0131n\u0131z. Ancak, baz\u0131 tehdit t\u00fcrleri de bu yolla di\u011ferlerine nazaran daha \u00e7ok da\u011f\u0131t\u0131l\u0131r. A\u015fa\u011f\u0131da, ders materyali k\u0131l\u0131\u011f\u0131nda en s\u0131k da\u011f\u0131t\u0131lan en yayg\u0131n d\u00f6rt k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m belirtilmi\u015ftir.<\/p>\n

4. s\u0131ra: MediaGet torrent uygulama indiricisi<\/h3>\n

\u00dczerinde geli\u015fig\u00fczel yerle\u015ftirilmi\u015f k\u0131\u015fk\u0131rt\u0131c\u0131 \u2018Free Download\u2019 (\u00dccretsiz \u0130ndirme) d\u00fc\u011fmeleri bulunan ders kitab\u0131 sitelerinde kullan\u0131c\u0131lara, arad\u0131klar\u0131 dok\u00fcman yerine \u00e7o\u011fu zaman MediaGet indirici sunulur. Bu, e\u011fitim kaynaklar\u0131 arayan K-12 ve \u00fcniversite \u00f6\u011frencilerini bekleyen s\u00fcrprizlerin en masumu. Bu indirici, kullan\u0131c\u0131n\u0131n ihtiyac\u0131 olmayan bir torrent istemcisini getirir.<\/p>\n

3. s\u0131ra: WinLNK.Agent.gen indirici<\/h3>\n

K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar, ar\u015fivlerde gizlenmekten ho\u015flan\u0131r \u00e7\u00fcnk\u00fc bir zip veya rar dosyas\u0131 i\u00e7indeki tehditleri alg\u0131lamak daha zordur. \u00d6rne\u011fin ders kitab\u0131 veya makale ararken kolayl\u0131kla yakalanabilece\u011finiz WinLNK.Agent.gen indirici taraf\u0131ndan kullan\u0131lan teknik budur. Ar\u015fivde, sadece dok\u00fcman\u0131 a\u00e7makla kalmay\u0131p, i\u00e7indeki k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m bile\u015fenlerini de \u00e7al\u0131\u015ft\u0131ran bir metin dosyas\u0131na k\u0131sayol bulunur.<\/p>\n

Bu bile\u015fenler de, cihaza ba\u015fka bir vir\u00fcs indirebilir. Kural olarak bunlar k\u00f6t\u00fc ama\u00e7l\u0131 kripto madencilik programlar\u0131<\/a> olup, cihaz\u0131n\u0131z\u0131n kaynaklar\u0131n\u0131 kullanarak sahipleri i\u00e7in kripto para madencili\u011fi yapar. Sonu\u00e7 olarak bilgisayar\u0131n\u0131z zarar g\u00f6r\u00fcr, internet ba\u011flant\u0131 h\u0131z\u0131n\u0131z d\u00fc\u015fer ve elektrik faturan\u0131z y\u00fckselebilir. Adware de bilgisayar\u0131n\u0131z\u0131 reddedemeyece\u011finiz reklam teklifleriyle istila edebilir. Ayr\u0131ca bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 daha tehlikeli programlar da indirebilir.<\/p>\n

2. s\u0131ra: Win32.Agent.ifdx k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m indirici<\/h3>\n

DOC, DOCX or PDF format\u0131nda gibi g\u00f6r\u00fcnen bir ders kitab\u0131 veya makale kisvesi alt\u0131nda gizlenen bir indirici daha vard\u0131r. \u0130lgili simgesiyle birlikte bir belge gibi g\u00f6r\u00fcnmesine kar\u015f\u0131n asl\u0131nda bir programd\u0131r. \u00dcstelik ba\u015flat\u0131ld\u0131\u011f\u0131nda bir metin dosyas\u0131 a\u00e7ar ve b\u00f6ylelikle ma\u011fdur, \u015f\u00fcpheli bir durumun varl\u0131\u011f\u0131n\u0131 fark etmez. Ancak bu program\u0131n ana g\u00f6revi, ma\u011fdurun bilgisayar\u0131na her t\u00fcrl\u00fc k\u00f6t\u00fc \u015feyi indirmektir.<\/p>\n

Son zamanlarda bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, \u00e7e\u015fitli kripto madencilik programlar\u0131<\/a> indirme e\u011filimi g\u00f6stermi\u015ftir. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m da\u011f\u0131t\u0131c\u0131lar\u0131n\u0131n \u00f6nceliklerinin de\u011fi\u015febildi\u011fini unutmamakta fayda vard\u0131r. K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n\u0131, kripto para madencili\u011fi programlar\u0131 yerine online bankalarda ve ma\u011fazalarda kartlardan ve hesaplardan veri \u00e7alan bankac\u0131l\u0131k trojanlar\u0131, casus yaz\u0131l\u0131mlar ve hatta fidye yaz\u0131l\u0131mlar\u0131 indirecek \u015fekilde modifiye etmekten kendilerini al\u0131koyan hi\u00e7bir \u015fey yoktur.<\/p>\n

1. s\u0131ra: Stalk solucan\u0131 ile okullara istenmeyen e-posta g\u00f6nderme<\/h3>\n

G\u00fcvenilmez internet sitelerine girmeden de cihaz\u0131n\u0131za vir\u00fcs bula\u015fabilir. Spam mail g\u00f6nderenler, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m i\u00e7eren ders kitaplar\u0131 ve makaleler de g\u00f6nderir. \u00d6rne\u011fin Worm.Win32 Stalk.a solucan\u0131n\u0131 yaymak i\u00e7in tercih edilen y\u00f6ntem budur. Bu solucan, bir s\u00fcredir ortakl\u0131kta dola\u015f\u0131yor ve daha \u00f6nceleri art\u0131k kullan\u0131mdan kalkt\u0131\u011f\u0131n\u0131 d\u00fc\u015f\u00fcn\u00fcyorduk. Oysa, hala aktif bir \u015fekilde kullan\u0131lmakla kalmay\u0131p, ayn\u0131 zamanda \u2018e\u011fitim\u2019 g\u00f6r\u00fcn\u00fcm\u00fc alt\u0131nda \u00e7ok say\u0131da ma\u011fduru olan bir k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m.<\/p>\n

Bir bilgisayara girdi\u011finde Stalk, bilgisayara ba\u011fl\u0131 t\u00fcm ayg\u0131tlara n\u00fcfuz ediyor. \u00d6rne\u011fin, yerel a\u011fdaki di\u011fer bilgisayarlara ve e\u011fitim materyali i\u00e7eren bir USB belle\u011fe bula\u015fabiliyor. Bu \u00e7ok sinsi bir ad\u0131m \u00e7\u00fcnk\u00fc okul veya \u00fcniversite kaynaklar\u0131n\u0131 kullanarak bir fla\u015f bellekten makalenin \u00e7\u0131kt\u0131s\u0131n\u0131 ald\u0131\u011f\u0131n\u0131zda solucan, e\u011fitim kurumunun a\u011f\u0131na giriyor.<\/p>\n

Ancak bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, bununla da yetinmiyor. M\u00fcmk\u00fcn oldu\u011funca \u00e7ok sisteme bula\u015fmak i\u00e7in kendini sizin ad\u0131n\u0131za ki\u015filer listenizdeki adreslere e-posta ile g\u00f6ndermeye \u00e7al\u0131\u015f\u0131yor. Okul ve s\u0131n\u0131f arkada\u015flar\u0131n\u0131z da mesaj\u0131n\u0131z\u0131n g\u00fcvenli oldu\u011fu d\u00fc\u015f\u00fcncesiyle ekteki k\u00f6t\u00fc ama\u00e7l\u0131 uygulamay\u0131 b\u00fcy\u00fck ihtimalle a\u00e7\u0131yor.<\/p>\n

Do\u011fal olarak Stalk, sadece kendini bir yerel a\u011fa ve e-posta yoluyla yayabildi\u011fi i\u00e7in tehlikeli de\u011fil. Bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, bula\u015ft\u0131\u011f\u0131 cihaza ba\u015fka k\u00f6t\u00fc ama\u00e7l\u0131 uygulamalar da indirebilir ve bilgisayardaki dosyalar\u0131 gizlice kopyalay\u0131p k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131n sahiplerine g\u00f6nderebilir.<\/p>\n

Stalk solucan\u0131n\u0131n hala etkili olabilmesinin en olas\u0131 nedenlerinden biri, genel olarak e\u011fitim kurumlar\u0131n\u0131n ve \u00f6zellikle yaz\u0131c\u0131 sistemlerinin, ne yaz\u0131k ki g\u00fcncel olmayan i\u015fletim sistemleri ve yaz\u0131l\u0131mlar kullanmas\u0131d\u0131r. Bu durum, solucan\u0131n yay\u0131lmaya devam etmesine olanak veriyor.<\/p>\n

K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m i\u00e7eren \u2018ders kitaplar\u0131\u2019 ve \u2018makalelerden\u2019 korunma yollar\u0131<\/h2>\n

G\u00f6r\u00fcld\u00fc\u011f\u00fc \u00fczere, internette e\u011fitim materyali aramak, bir tak\u0131m olduk\u00e7a tats\u0131z sonu\u00e7lar do\u011furabilir. Vir\u00fcs bula\u015fmas\u0131n\u0131 \u00f6nlemek i\u00e7in:<\/p>\n