{"id":6526,"date":"2019-10-08T14:06:56","date_gmt":"2019-10-08T11:06:56","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=6526"},"modified":"2019-11-15T14:23:24","modified_gmt":"2019-11-15T11:23:24","slug":"smominru-botnet-eternalblue","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/smominru-botnet-eternalblue\/6526\/","title":{"rendered":"Smominru botnet g\u00fcnde 4700 yeni bilgisayara bula\u015f\u0131yor"},"content":{"rendered":"

2017\u2019den beri aktif olan Smominru, halka a\u00e7\u0131k bir rapora g\u00f6re<\/a> en h\u0131zl\u0131 yay\u0131lan k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlardan biri haline geldi. 2019\u2019un yaln\u0131zca A\u011fustos ay\u0131nda, g\u00fcnde 4700\u2019e kadar bilgisayara bula\u015fma oran\u0131yla d\u00fcnya \u00e7ap\u0131nda 90.000 makineyi etkiledi. Sald\u0131r\u0131lar en \u00e7ok \u00c7in, Tayvan, Rusya, Brezilya ve ABD\u2019de ger\u00e7ekle\u015fti, fakat bu, di\u011fer \u00fclkelerin kapsam d\u0131\u015f\u0131nda kald\u0131\u011f\u0131 anlam\u0131na gelmiyor. \u00d6rne\u011fin, Smominru\u2019nun 65 ana bilgisayara vir\u00fcs bula\u015ft\u0131rarak hedef eld\u0131\u011f\u0131 en geni\u015f a\u011f \u0130talya\u2019dayd\u0131.<\/p>\n

Smominru botnet nas\u0131l yay\u0131l\u0131yor<\/h2>\n

Botneti yayan su\u00e7lular, \u00fcniversitelerden sa\u011fl\u0131k hizmeti sa\u011flay\u0131c\u0131lar\u0131na kadar uzanan hedefleri hakk\u0131nda pek se\u00e7ici davranm\u0131yorlar. Fakat hedeflerin ortak bir y\u00f6n\u00fc var: Vir\u00fcse maruz kalma vakalar\u0131n\u0131n %85\u2019i, Windows 7 ve Windows Server 2008 sistemlerinde ger\u00e7ekle\u015fiyor. Geri kalan vakalar\u0131n ger\u00e7ekle\u015fti\u011fi sistemler ise Windows Server 2012, Windows XP ve Windows Server 2003.<\/p>\n

Sald\u0131r\u0131dan etkilenen makinelerin yakla\u015f\u0131k d\u00f6rtte biri, Smominru sistemden \u00e7\u0131kar\u0131ld\u0131ktan sonra tekrar vir\u00fcse maruz kald\u0131. Ba\u015fka bir deyi\u015fle, kurbanlar\u0131n baz\u0131lar\u0131 sistemlerini temizledi, fakat olay\u0131n temelinde yatan nedeni atlad\u0131.<\/p>\n

Bu da \u015fu soruyu akla getiriyor: Temelde yatan neden ne? Botnet, yay\u0131lmak i\u00e7in birden fazla y\u00f6ntem kullansa da sistemi esas olarak iki \u015fekilde etkiliyor: Farkl\u0131 Windows hizmetlerinin zay\u0131f kimlik bilgilerini kaba kuvvetle zorlayarak veya \u00e7o\u011funlukla \u00fcnl\u00fc EternalBlue k\u00f6t\u00fcye kullan\u0131m\u0131 arac\u0131l\u0131\u011f\u0131yla.<\/p>\n

Microsoft, daha \u00f6nce WannaCry<\/a> ve NotPetya<\/a> salg\u0131nlar\u0131na sabep olan EternalBlue k\u00f6t\u00fcye kullan\u0131m\u0131n\u0131 yamam\u0131\u015f olsa da, 2017\u2019de bir\u00e7ok \u015firket piyasadan kald\u0131r\u0131lan sistemlerin bile g\u00fcncellemelerini ihmal ediyor.<\/p>\n

Smominru botnet i\u015f ba\u015f\u0131nda<\/h3>\n

Smominru sisteme s\u0131zd\u0131ktan sonra admin$ ad\u0131nda yeni bir kullan\u0131c\u0131 olu\u015fturuyor ve y\u00f6netici ayr\u0131cal\u0131klar\u0131na sahip bu kullan\u0131c\u0131yla bir\u00e7ok zararl\u0131 y\u00fck indiriyor. En belirgin hedef, vir\u00fcs bula\u015ft\u0131r\u0131lan bilgisayarlar\u0131, kurban\u0131n cebinden kripto para (\u00f6zel olarak Monero) madencili\u011fi i\u00e7in kullanmak.<\/p>\n

Ne var ki durum bundan ibaret de\u011fil: K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m ayn\u0131 zamanda g\u00f6zetleme, veri s\u0131zd\u0131rma ve kimlik h\u0131rs\u0131zl\u0131\u011f\u0131 i\u00e7in kullan\u0131lan bir dizi mod\u00fcl de indiriyor. B\u00fct\u00fcn bunlar yetmezmi\u015f gibi, bir defa s\u0131zmay\u0131 ba\u015faran Smominru, m\u00fcmk\u00fcn olan en fazla say\u0131da sisteme vir\u00fcs bula\u015ft\u0131rmak i\u00e7in a\u011fda ilerlemeye \u00e7al\u0131\u015f\u0131yor.<\/p>\n

\u0130lgin\u00e7 bir ayr\u0131nt\u0131: Botnet a\u015f\u0131r\u0131 derecede rekabet\u00e7i ve girdi\u011fi bilgisayarda kar\u015f\u0131s\u0131na \u00e7\u0131kan t\u00fcm rakiplerini \u00f6ld\u00fcr\u00fcyor. Di\u011fer bir deyi\u015fle, hedeflenen bilgisayarda \u00e7al\u0131\u015fan di\u011fer k\u00f6t\u00fc ama\u00e7l\u0131 faaliyetleri etkisiz hale getirip engellemekle kalm\u0131yor, ayn\u0131 zamanda rakiplerinin ba\u015fka vir\u00fcsler bula\u015ft\u0131rmas\u0131n\u0131 da \u00f6nl\u00fcyor.<\/p>\n

Sald\u0131r\u0131 altyap\u0131s\u0131<\/h3>\n

Botnet, birka\u00e7\u0131 Malezya ve Bulgaristan\u2019da bar\u0131nd\u0131r\u0131lsa da \u00e7o\u011fu ABD\u2019de yer alan 20\u2019den fazla \u00f6zel sunucu arac\u0131l\u0131\u011f\u0131yla \u00e7al\u0131\u015f\u0131yor. Smominru\u2019nun sald\u0131r\u0131 altyap\u0131s\u0131 o kadar geni\u015f bir alana da\u011f\u0131t\u0131lm\u0131\u015f, karma\u015f\u0131k ve esnek ki, kolayca ba\u015fa \u00e7\u0131k\u0131lmas\u0131 olduk\u00e7a g\u00fc\u00e7; dolay\u0131s\u0131yla botnet bir s\u00fcre daha aktif olmaya devam edecek gibi g\u00f6r\u00fcn\u00fcyor.<\/p>\n

A\u011f\u0131n\u0131z\u0131, bilgisayarlar\u0131n\u0131z\u0131 ve verilerinizi Smominru\u2019dan nas\u0131l koruyabilirsiniz:<\/p>\n