{"id":9891,"date":"2021-08-09T13:04:27","date_gmt":"2021-08-09T10:04:27","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=9891"},"modified":"2021-08-09T13:04:27","modified_gmt":"2021-08-09T10:04:27","slug":"malware-link-under-the-picture","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/malware-link-under-the-picture\/9891\/","title":{"rendered":"K\u00f6t\u00fc ama\u00e7l\u0131 ba\u011flant\u0131 i\u00e7eren e-posta"},"content":{"rendered":"<p>Bir konu\u015fmada kimlik bilgisi h\u0131rs\u0131zl\u0131\u011f\u0131 s\u00f6z konusu oldu\u011funda, ilk s\u0131rada genellikle kimlik av\u0131 ba\u011flant\u0131lar\u0131na sahip e-posta mesajlar\u0131 gelir. Ancak bu mesajlar, \u00e7e\u015fitli online servislere ait kullan\u0131c\u0131 adlar\u0131 ve parolalar\u0131 elde etmenin yaln\u0131zca bir yoludur. Doland\u0131r\u0131c\u0131lar hala d\u00fczenli \u015fekilde casus yaz\u0131l\u0131mlara ba\u011flant\u0131lar g\u00f6ndermeye devam ediyor. Bu ba\u011flant\u0131lar\u0131 gizlemek i\u00e7in kulland\u0131klar\u0131 y\u00f6ntemlerden biri de e-postaya ek gibi g\u00f6r\u00fcnen bir resim eklemektir.<\/p>\n<h2>K\u00f6t\u00fc ama\u00e7l\u0131 ba\u011flant\u0131 i\u00e7eren e-posta<\/h2>\n<p>Bug\u00fcnk\u00fc \u00f6rnekte, hedefli bir e-posta sald\u0131r\u0131s\u0131n\u0131 ele al\u0131yoruz. S\u00f6z konusu siber su\u00e7lular, e-postalar\u0131n\u0131n g\u00fcvenilir g\u00f6r\u00fcnmesini sa\u011flayarak, bir sanayi hizmetleri ve ekipmanlar\u0131 tedarik\u00e7isine ekte y\u00f6nergelerin yer ald\u0131\u011f\u0131 bir RFQ (teklif talebi) g\u00f6nderiyor.<\/p>\n<p>B\u00fcy\u00fck \u015firketler bu t\u00fcr talepleri olduk\u00e7a s\u0131k al\u0131r ve hesap y\u00f6neticileri genellikle g\u00f6nderilen k\u0131lavuz belgeyi a\u00e7ar ve e-postan\u0131n g\u00f6nderildi\u011fi alan ad\u0131 ile g\u00f6nderenin imzas\u0131 aras\u0131ndaki farklar gibi k\u00fc\u00e7\u00fck ayr\u0131nt\u0131lar\u0131n fark\u0131na varmadan bir teklif haz\u0131rlar. Burada dikkat \u00e7ekmek istedi\u011fimiz \u015fey, siber su\u00e7lular\u0131n, al\u0131c\u0131lar\u0131 k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 \u00e7al\u0131\u015ft\u0131rmalar\u0131 konusunda nas\u0131l kand\u0131rd\u0131\u011f\u0131d\u0131r. \u0130\u015fte s\u00f6z konusu e-posta bu \u015fekilde g\u00f6r\u00fcn\u00fcyor.<\/p>\n<div id=\"attachment_9894\" style=\"width: 885px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9894\" class=\"wp-image-9894 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2021\/08\/04163730\/malware-link-under-the-picture-letter.jpg\" alt=\"\" width=\"875\" height=\"492\"><p id=\"caption-attachment-9894\" class=\"wp-caption-text\">K\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131ma ait ba\u011flant\u0131n\u0131n yer ald\u0131\u011f\u0131 e-posta<\/p><\/div>\n<p>\u00a0<\/p>\n<p>Ek yap\u0131lan PDF\u2019i g\u00f6r\u00fcyor musunuz? Asl\u0131nda bakt\u0131\u011f\u0131n\u0131z \u015feyin bir ekle alakas\u0131 yok. Outlook, e-posta eklerini buna benzer \u015fekilde g\u00f6r\u00fcnt\u00fcler ancak burada \u015f\u00f6yle bir tak\u0131m farkl\u0131l\u0131klar s\u00f6z konusu:<\/p>\n<ul>\n<li>Ek yap\u0131lan dosyan\u0131n simgesi, sisteminizde PDF dosyalar\u0131n\u0131 a\u00e7mak i\u00e7in kulland\u0131\u011f\u0131n\u0131z uygulaman\u0131n simgesiyle e\u015fle\u015fmelidir. E\u015flemiyorsa; ya bu bir ek de\u011fildir ya da eklenen PDF dosyas\u0131 de\u011fildir,<\/li>\n<li>Farenizi ger\u00e7ek ekin \u00fczerine getirdi\u011finizde dosyayla ilgili isim, t\u00fcr, boyut gibi ayr\u0131nt\u0131lar g\u00f6r\u00fcnmelidir, \u015f\u00fcpheli bir internet sitesine ait bir ba\u011flant\u0131 de\u011fil,<\/li>\n<li>Dosya ad\u0131n\u0131n yan\u0131ndaki ok renklendirilmi\u015f ve i\u00e7erik men\u00fcs\u00fcn\u00fc a\u00e7an bir buton i\u015flevine sahip olmal\u0131d\u0131r,<\/li>\n<li>Yap\u0131lan ek, e-posta metninin i\u00e7inde de\u011fil, \u015funa benzer \u015fekilde metinden ayr\u0131 bir yerde g\u00f6r\u00fcnmelidir:<\/li>\n<\/ul>\n<div id=\"attachment_9896\" style=\"width: 378px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9896\" class=\"wp-image-9896 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2021\/08\/04163754\/malware-link-under-the-picture-attachment.jpg\" alt=\"\" width=\"368\" height=\"96\"><p id=\"caption-attachment-9896\" class=\"wp-caption-text\">Ger\u00e7ek bir PDF eki<\/p><\/div>\n<p>\u00a0<\/p>\n<p>PDF eki olarak gizlenen bu nesne, asl\u0131nda normal bir g\u00f6r\u00fcnt\u00fc dosyas\u0131ndan ba\u015fka bir \u015fey de\u011fil. Farenizle mesaj\u0131n b\u00f6l\u00fcmlerini se\u00e7meyi veya Ctrl-A\u2019y\u0131 kullanarak t\u00fcm\u00fcn\u00fc se\u00e7meyi denedi\u011finizde, yaln\u0131zca se\u00e7ilen k\u0131sm\u0131 kadar\u0131 g\u00f6r\u00fcn\u00fcr olur.<\/p>\n<div id=\"attachment_9897\" style=\"width: 570px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-9897\" class=\"wp-image-9897 size-full\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2021\/08\/04163815\/malware-link-under-the-picture-image.jpg\" alt=\"\" width=\"560\" height=\"232\"><p id=\"caption-attachment-9897\" class=\"wp-caption-text\">PDF eki gibi g\u00f6r\u00fcnen bir g\u00f6r\u00fcnt\u00fc<\/p><\/div>\n<p>\u00a0<\/p>\n<p>G\u00f6r\u00fcnt\u00fcde, k\u00f6t\u00fc ama\u00e7l\u0131 bir programa giden bir k\u00f6pr\u00fc ba\u011flant\u0131 gizli. Bu ba\u011flant\u0131ya t\u0131kland\u0131\u011f\u0131nda Truva At\u0131 bir casus yaz\u0131l\u0131m indirilir.<\/p>\n<h2>Sald\u0131r\u0131 y\u00fck\u00fc<\/h2>\n<p>Bu \u00f6rnek \u00f6zelinde, k\u00f6t\u00fc ama\u00e7l\u0131 ba\u011flant\u0131, Kaspersky taraf\u0131ndan olduk\u00e7a yayg\u0131n bir Truva At\u0131 casus yaz\u0131l\u0131m\u0131 olarak tan\u0131mlanan ve 2017\u2019den beri bilinen, sald\u0131rganlar\u0131n giri\u015f formlar\u0131ndaki parolalar\u0131 ve di\u011fer bilgileri \u00e7almas\u0131n\u0131 sa\u011flayan <a href=\"https:\/\/threats.kaspersky.com\/en\/threat\/Trojan-Spy.Win32.Noon\/\" target=\"_blank\" rel=\"noopener nofollow\">Trojan-Spy.Win32.Noon<\/a> Truva At\u0131na ait bir y\u00fckleyicinin yer ald\u0131\u011f\u0131 Swift_Banco_Unicredit_Wire_sepa_export_000937499223.cab adl\u0131 bir ar\u015fiv dosyas\u0131na y\u00f6nlendirilmi\u015f.<\/p>\n<h2>Kendinizi koruman\u0131n yollar\u0131<\/h2>\n<p>Truva At\u0131 casus yaz\u0131l\u0131mlar\u0131n \u015firketinize zarar vermesini, k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar\u0131n \u00e7al\u0131\u015fmas\u0131n\u0131 \u00f6nlemek i\u00e7in internet eri\u015fimi olan her cihaza <a href=\"https:\/\/www.kaspersky.com.tr\/small-to-medium-business-security?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">g\u00fcvenilir bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc<\/a> kurun.<\/p>\n<p>Ek olarak, siber su\u00e7lular\u0131n e-postalarda ba\u015fvurdu\u011fu hileleri tespit etmeleri konusunda <a href=\"https:\/\/k-asap.com\/tr\/?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______&amp;utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=tr_wpplaceholder_nv0092&amp;utm_content=link&amp;utm_term=tr_kdaily_organic_avmwswubv8qh92b\" target=\"_blank\" rel=\"noopener\">\u00e7al\u0131\u015fanlar\u0131n\u0131z\u0131 e\u011fitin<\/a>.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kesb-trial-leadgen\">\n","protected":false},"excerpt":{"rendered":"<p>Posta kutunuzda kar\u015f\u0131n\u0131za \u00e7\u0131kan tek tehdit spam ve kimlik av\u0131 e-postalar\u0131 de\u011fildir. Siber su\u00e7lular hala k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131mlar konusunda o eski g\u00fczel ba\u011flant\u0131lardan yararlan\u0131yor.<\/p>\n","protected":false},"author":2598,"featured_media":9892,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[1900,1921,2456,652],"class_list":{"0":"post-9891","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-casus-yazilim","10":"tag-e-posta","11":"tag-e-posta-tehditleri","12":"tag-truva-ati"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/malware-link-under-the-picture\/9891\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/malware-link-under-the-picture\/23125\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/malware-link-under-the-picture\/18607\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/malware-link-under-the-picture\/25109\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/malware-link-under-the-picture\/23134\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/malware-link-under-the-picture\/22475\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/malware-link-under-the-picture\/25753\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/malware-link-under-the-picture\/25245\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/malware-link-under-the-picture\/31192\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/malware-link-under-the-picture\/40978\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/malware-link-under-the-picture\/17415\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/malware-link-under-the-picture\/17876\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/malware-link-under-the-picture\/15100\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/malware-link-under-the-picture\/27145\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/malware-link-under-the-picture\/31349\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/malware-link-under-the-picture\/27359\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/malware-link-under-the-picture\/24166\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/malware-link-under-the-picture\/29502\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/malware-link-under-the-picture\/29307\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/e-posta-tehditleri\/","name":"e-posta tehditleri"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9891","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2598"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=9891"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9891\/revisions"}],"predecessor-version":[{"id":9903,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/9891\/revisions\/9903"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/9892"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=9891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=9891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=9891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}