{"id":950,"date":"2014-02-25T04:36:28","date_gmt":"2014-02-25T09:36:28","guid":{"rendered":"http:\/\/www.kaspersky.com.tr\/blog\/?p=950"},"modified":"2020-02-26T18:35:40","modified_gmt":"2020-02-26T15:35:40","slug":"savunmasiz-hirsizlik-engelleme-yazilimlarina-dikkat-edin","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/savunmasiz-hirsizlik-engelleme-yazilimlarina-dikkat-edin\/950\/","title":{"rendered":"Savunmas\u0131z H\u0131rs\u0131zl\u0131k Engelleme Yaz\u0131l\u0131mlar\u0131na Dikkat Edin"},"content":{"rendered":"<p>Ya bilgisayar\u0131n\u0131zda sizin kurmad\u0131\u011f\u0131n\u0131z bir h\u0131rs\u0131zl\u0131k engelleme yaz\u0131l\u0131m\u0131 \u00e7al\u0131\u015f\u0131yorsa? Bilgisayar\u0131n\u0131za uzaktan eri\u015fim sa\u011flayan bir yaz\u0131l\u0131m. Sabit diskinizi de\u011fi\u015ftirseniz bile silemedi\u011finiz bir yaz\u0131l\u0131m. \u015eehir efsanesi gibi geliyor de\u011fil mi? Ancak bu hikaye art\u0131k ger\u00e7ek oluyor.<\/p>\n<p>Bu olay Kaspersky Lab zararl\u0131 yaz\u0131l\u0131m ara\u015ft\u0131rmac\u0131s\u0131 Sergey Belov\u2019un ba\u015f\u0131na geldi. Kar\u0131s\u0131n\u0131n diz\u00fcst\u00fc bilgisayar\u0131nda yaz\u0131l\u0131m kaynakl\u0131 bir hatay\u0131 ara\u015ft\u0131r\u0131rken \u015f\u00fcpheli bir i\u015flem dikkatini \u00e7ekti. \u0130lk ba\u015fta bunun \u00f6nceden bilinmeyen bir <a href=\"https:\/\/www.kaspersky.com\/blog\/fight-rootkits\/\" target=\"_blank\" rel=\"noopener nofollow\">rootkit<\/a> oldu\u011funu d\u00fc\u015f\u00fcnd\u00fc. Ancak \u00e7al\u0131\u015fan uygulama yasal g\u00f6z\u00fck\u00fcyordu ve diz\u00fcst\u00fcler i\u00e7in pop\u00fcler h\u0131rs\u0131zl\u0131k korumas\u0131 \u00e7\u00f6z\u00fcm\u00fc Absolute Computrace yaz\u0131l\u0131m\u0131 istemcisinin bir par\u00e7as\u0131yd\u0131. Computrace konusunda e\u015fsiz olan \u015fey kullan\u0131c\u0131n\u0131n bilgisayar\u0131nda \u00f6zel bir yerde durmas\u0131d\u0131r. Computrace istemcisi, bilgisayar\u0131n ilk a\u00e7\u0131l\u0131\u015f\u0131nda i\u015fletim sistemi daha a\u00e7\u0131lmadan \u00f6nce \u00e7al\u0131\u015fan sabit kodlu BIOS yada UEFI \u00e7ipinde yer almaktad\u0131r. Bu sayede Computrace \u201cdonan\u0131m s\u0131f\u0131rlamalar\u0131\u201d ve hatta sabit disk de\u011fi\u015ftirme i\u015flemleri sonunda bile bilgisayardaki varl\u0131\u011f\u0131n\u0131 s\u00fcrd\u00fcrmeye devam eder. Computrace hakk\u0131nda en rahats\u0131z edici olan \u015fey ise, Belov\u2019un kar\u0131s\u0131n\u0131n bu yaz\u0131l\u0131m\u0131 kendisinin etkinle\u015ftirmemi\u015f olmas\u0131 ve hatta varl\u0131\u011f\u0131ndan bile haberdar olmamas\u0131yd\u0131. \u0130lerleyen analizler k\u00f6t\u00fc haberleri ortaya \u00e7\u0131kard\u0131. Zararl\u0131 \u00fc\u00e7\u00fcnc\u00fc partiler Computrace istemcisini ele ge\u00e7irip kurban\u0131n bilgisayar\u0131na istedikleri gibi uzaktan m\u00fcdahale edebiliyorlard\u0131.<\/p>\n<p>H\u0131rs\u0131zlar bu k\u00fc\u00e7\u00fck ver pahal\u0131 cihazlar\u0131 sevdikleri i\u00e7in <a href=\"https:\/\/www.kaspersky.com\/blog\/tag\/anti-theft\/\" target=\"_blank\" rel=\"noopener nofollow\">h\u0131rs\u0131zl\u0131k korumas\u0131 yaz\u0131l\u0131mlar\u0131<\/a> mobil cihazlar i\u00e7in vaz ge\u00e7ilmezdir. H\u0131rs\u0131zl\u0131k yaz\u0131l\u0131m\u0131 tasarlamak kolay bir i\u015f de\u011fildir. Yaz\u0131l\u0131m \u00e7ok ufak ve g\u00f6r\u00fcnmez olmal\u0131d\u0131r. Ayr\u0131ca merkezi bir sunucuyla s\u00fcrekli ba\u011flant\u0131 halinde olmal\u0131 ve e\u011fer \u00e7al\u0131n\u0131rsa konumunu bildirmeli veya harekete ge\u00e7ilmesi i\u00e7in arama yapmal\u0131d\u0131r. Bunlara ek olarak da h\u0131rs\u0131z\u0131n yaz\u0131l\u0131m\u0131 silme eylemlerine kar\u015f\u0131 direnmelidir. T\u00fcm bu gereksinimler h\u0131rs\u0131zl\u0131k koruma yaz\u0131l\u0131m\u0131n\u0131n en alt seviyede \u00e7al\u0131\u015f\u0131p ayn\u0131 zamanda kullan\u0131c\u0131n\u0131n makinas\u0131nda \u00f6nemli haklara sahip olmas\u0131n\u0131 gerektirir. Peki b\u00f6ylesi g\u00fc\u00e7l\u00fc bir uygulamada g\u00fcvenlik a\u00e7\u0131\u011f\u0131 olursa ne olur? En k\u00f6t\u00fc senaryoda bir hacker bilgisayar\u0131n\u0131z\u0131 kendi bilgisayar\u0131ym\u0131\u015f gibi kullanabilir ve t\u00fcm istediklerini yapabilir.<\/p>\n<div class=\"pullquote\">H\u0131rs\u0131zlar bu k\u00fc\u00e7\u00fck ve pahal\u0131 cihazlar\u0131 sevdikleri i\u00e7in, h\u0131rs\u0131zl\u0131k korumas\u0131 yaz\u0131l\u0131mlar\u0131 mobil cihazlar i\u00e7in vaz ge\u00e7ilmezdir.<\/div>\n<p>Ne yaz\u0131k ki bu teorik bir \u015fey de\u011fil. Ge\u00e7en hafta <a href=\"https:\/\/www.kaspersky.com\/blog\/sas-day-one-kaspersky-showcases-company-industry-talent\/\" target=\"_blank\" rel=\"noopener nofollow\">G\u00fcvenlik Analizcileri Zirvesi 2014<\/a> etkinli\u011finde Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131 Vitaly Kamluk ve Sergey Belov bunu ger\u00e7ek hayat \u00f6rnekleri ile g\u00f6sterdiler. Ara\u015ft\u0131rmac\u0131 yepyeni al\u0131nm\u0131\u015f bir Asus diz\u00fcst\u00fc bilgisayar\u0131 bildik ilk kurulum prosed\u00fcrleri ile haz\u0131rlad\u0131ktan sonra ba\u015fka bir bilgisayar kullanarak diz\u00fcst\u00fc bilgisayar\u0131n kameras\u0131n\u0131 \u00e7al\u0131\u015ft\u0131rd\u0131. Ard\u0131ndan da uzaktan silme prosed\u00fcr\u00fcn\u00fc ba\u015flatt\u0131. Silme i\u015flemi kriptosuz a\u011f paketlerine araya girip m\u00fcdahale ederek ve baz\u0131 verileri geri yollayarak ger\u00e7ekle\u015ftirildi. Bu esnada araya giren bilgisayar kendisini orijinal Computrace sunucusuymu\u015f gibi g\u00f6sterdi.<\/p>\n<p>\u015eu anda hemen Computrace istemcisi var m\u0131 diye diz\u00fcst\u00fc bilgisayar\u0131n\u0131z\u0131 kontrol etmek istiyor olabilirsiniz. E\u011fer yaz\u0131l\u0131m\u0131 tamamen silmek gibi bir plan\u0131n\u0131z varsa uyaral\u0131m bu hi\u00e7 kolay bir i\u015flem de\u011fil. Yaz\u0131l\u0131m h\u0131rs\u0131zl\u0131k koruma \u00f6zelli\u011finin do\u011fas\u0131ndan dolay\u0131 silmeye \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131zda sizinle m\u00fccadele etmeye ba\u015fl\u0131yor. Bunu yapmak i\u00e7in bilgisayar her ba\u015flat\u0131ld\u0131\u011f\u0131nda BIOS Computrace istemcisinin varl\u0131\u011f\u0131n\u0131 kontrol ediyor. E\u011fer yaz\u0131l\u0131m bulunamazsa ufac\u0131k bir program BIOS \u00fczerinden Windows i\u015fletim sistemine kuruluyor. Windows a\u00e7\u0131ld\u0131\u011f\u0131nda ise bu k\u00fc\u00e7\u00fck program tam \u00f6l\u00e7ekli Computrace istemcisinin Internet \u00fczerinden indirerek etkinle\u015ftiriyor. \u0130\u015fte bu ad\u0131m SAS 2014\u2019de ispatland\u0131\u011f\u0131 gibi uzaktan m\u00fcdahaleye a\u00e7\u0131k.<a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2014\/02\/06015124\/anti-theft2.jpg\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-952\" alt=\"anti-theft2\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2014\/02\/06015124\/anti-theft2.jpg\" width=\"680\"><\/a><\/p>\n<p>Bu konu ile ilgili tam analiz Computrace istemcisinin aktivitelerini g\u00f6steren liste ile birlikte <a href=\"http:\/\/www.securelist.com\/en\/analysis\/204792325\/Absolute_Computrace_Revisited\" target=\"_blank\" rel=\"noopener nofollow\">Securelist \u00fczerinde<\/a> mevcut. <a href=\"https:\/\/www.kaspersky.com\/blog\/ksn\" target=\"_blank\" rel=\"noopener nofollow\">Kaspersky Security Network<\/a> \u00fczerinden gelen verilere g\u00f6re m\u00fc\u015fterilerimizden 150.000\u2019inin bilgisayar\u0131nda Computrace istemcisi aktif \u00e7al\u0131\u015f\u0131r durumda. Vitaly Kamluk, d\u00fcnya \u00e7ap\u0131nda 2 milyon bilgisayarda bu yaz\u0131l\u0131m\u0131n \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 tahmin ediyor. Bu yaz\u0131l\u0131mlar\u0131n ka\u00e7 tanesinin kullan\u0131c\u0131lar\u0131n kendileri taraf\u0131ndan etkinle\u015ftirildi\u011fini bilmiyoruz.<\/p>\n<p>Computrace istemcisinin BIOS taraf\u0131 \u00e7o\u011fu pop\u00fcler BIOS\/UEFI \u00e7iplerinde bulunuyor ve bu \u00e7iplere Acer, Asus, Sony, Toshiba, HP, Lenovo, Samsung dahil \u00e7o\u011fu diz\u00fcst\u00fc bilgisayarda rastlayabilirsiniz. Baz\u0131 diz\u00fcst\u00fc bilgisayarlar Computrace yaz\u0131l\u0131m\u0131n\u0131 a\u00e7mak\/kapamak i\u00e7in BIOS se\u00e7eneklerine sahipken baz\u0131lar\u0131nda b\u00f6yle bir se\u00e7enek bulunmuyor. Ek olarak, BIOS bile\u015feni ana kartta bulunsa bile t\u00fcm bilgisayarlarda Computrace yaz\u0131l\u0131m\u0131 aktif olarak \u00e7al\u0131\u015fm\u0131yor ve kapal\u0131 durumda bekliyor. Ancak Kaspersky Lab ara\u015ft\u0131rmac\u0131lar\u0131 yeni bir diz\u00fcst\u00fc sat\u0131n alarak yapt\u0131klar\u0131 testlerde bilgisayar\u0131n kutusundan \u00e7\u0131kar\u0131l\u0131p daha ilk \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131 ile birlikte Computrace yaz\u0131l\u0131m\u0131n\u0131n aktif hale geldi\u011fini g\u00f6rd\u00fcler. Bu istemcilerin neden aktif oldu\u011fu ve kontrol\u00fcn\u00fcn kimlerin elinde oldu\u011fu ise bir s\u0131r olarak kalmaya devam ediyor.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ya bilgisayar\u0131n\u0131zda sizin kurmad\u0131\u011f\u0131n\u0131z bir h\u0131rs\u0131zl\u0131k engelleme yaz\u0131l\u0131m\u0131 \u00e7al\u0131\u015f\u0131yorsa? Bilgisayar\u0131n\u0131za uzaktan eri\u015fim sa\u011flayan bir yaz\u0131l\u0131m. Sabit diskinizi de\u011fi\u015ftirseniz bile silemedi\u011finiz bir yaz\u0131l\u0131m. \u015eehir efsanesi gibi geliyor de\u011fil mi? Ancak bu<\/p>\n","protected":false},"author":350,"featured_media":951,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1351],"tags":[534,532],"class_list":{"0":"post-950","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-threats","8":"tag-bilgisayar-guvenligi","9":"tag-hirsizlik-korumasi"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/savunmasiz-hirsizlik-engelleme-yazilimlarina-dikkat-edin\/950\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/bilgisayar-guvenligi\/","name":"bilgisayar g\u00fcvenli\u011fi"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/950","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/350"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=950"}],"version-history":[{"count":3,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/950\/revisions"}],"predecessor-version":[{"id":7738,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/950\/revisions\/7738"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/951"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=950"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=950"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=950"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}