{"id":3049,"date":"2009-01-20T12:09:26","date_gmt":"2009-01-20T10:09:26","guid":{"rendered":"http:\/\/www.korhanyilmaz.com\/?p=3049"},"modified":"2009-01-20T12:09:26","modified_gmt":"2009-01-20T10:09:26","slug":"solucan-9-milyon-bilgisayari-ele-gecirdi","status":"publish","type":"post","link":"http:\/\/www.korhanyilmaz.com\/?p=3049","title":{"rendered":"Solucan 9 milyon bilgisayar\u0131 ele ge\u00e7irdi"},"content":{"rendered":"

\"Solucan<\/a><\/p>\n

Microsoft’un Ekim ay\u0131nda yay\u0131nlad\u0131\u011f\u0131 MS08-067 yamas\u0131yla \u00e7\u00f6zd\u00fc\u011f\u00fc a\u00e7\u0131\u011f\u0131 kullanan solucan (Worm), h\u0131zla yay\u0131lmaya devam ediyor.<\/p>\n

\u0130STANBUL – Downadup, Kido ve Conficker ad\u0131yla bilinen “solucan” tipi vir\u00fcs, Microsoft’un 2008 Ekim ay\u0131nda yay\u0131nlad\u0131\u011f\u0131 bir g\u00fcvenlik bildirisine ra\u011fmen, gerekli \u00f6nlemler al\u0131nmay\u0131nca, yay\u0131nlanan son g\u00fcvenlik bildirilerine g\u00f6re 9 milyon bilgisayar\u0131 ele ge\u00e7irdi.<\/p>\n

Microsoft’un 23 Ekim’de yay\u0131nlad\u0131\u011f\u0131 g\u00fcvenlik b\u00fclteniyle duyurdu\u011fu zararl\u0131 yaz\u0131l\u0131m, Windows i\u015fletim sistemlerinin sunucu servislerini etkileyerek d\u00fc\u015f\u00fck g\u00fcvenlikli bilgisayar a\u011flar\u0131, ve USB fla\u015f belleklerle son derece ciddi bir h\u0131zla yay\u0131lmaya devam ediyor.<\/p>\n

K\u00f6kl\u00fc g\u00fcvenlik firmalar\u0131ndan F-Secure taraf\u0131ndan yay\u0131nlanan rapora g\u00f6re, ilk olarak 2008 y\u0131l\u0131n\u0131n Ekim ay\u0131nda saptanan vir\u00fcs, g\u00fcn\u00fcm\u00fczde 8,9 milyon bilgisayar\u0131 etkilemi\u015f durumda. Yay\u0131nlanan raporda “h\u0131zla yay\u0131lmaya devam etti\u011fi” belirtilen solucan\u0131n (Worm – bula\u015ft\u0131\u011f\u0131 sistemleri yeni sistemlere bula\u015fmak i\u00e7in kullanan zararl\u0131 uygulama ve dosya par\u00e7ac\u0131klar\u0131) g\u00fcncel anti-vir\u00fcs yaz\u0131l\u0131mlar\u0131 veya Microsoft’un yay\u0131nlad\u0131\u011f\u0131 MS08-067 yamas\u0131n\u0131n sisteme y\u00fcklenerek engellenmesi m\u00fcmk\u00fcn.<\/p>\n

Microsoft’un yay\u0131nlad\u0131\u011f\u0131 g\u00fcvenlik yamas\u0131yla ev kullan\u0131c\u0131lar\u0131n\u0131n zaman\u0131nda korunmas\u0131na olanak sa\u011flad\u0131\u011f\u0131n\u0131 belirten anti-vir\u00fcs yaz\u0131l\u0131m geli\u015ftirici firmas\u0131 Sophos’un teknoloji dan\u0131\u015fmanlar\u0131ndan Graham Culley, g\u00fcvenlik yamas\u0131n\u0131 g\u00f6rmezden gelen firmalar\u0131n tehlikeyi artt\u0131rd\u0131\u011f\u0131n\u0131 ifade ediyor.<\/p>\n

BT (IT \/ Bili\u015fim Teknolojileri) departmanlar\u0131nda \u00e7al\u0131\u015fan yetkin elemana sahip olmayan firmalar\u0131n vir\u00fcsten korunmas\u0131n\u0131n kolay olmad\u0131\u011f\u0131n\u0131 belirten Culley, 12345, QWERTY gibi \u00e7\u00f6z\u00fclmesi kolay \u015fifreler kullanan \u00e7al\u0131\u015fanlar\u0131n bulundu\u011fu a\u011flarda, vir\u00fcs\u00fcn \u015fifreleri daha kolay k\u0131rarak daha h\u0131zl\u0131 yay\u0131ld\u0131\u011f\u0131n\u0131 ifade ediyor.<\/p>\n

USB bellekler ile de kolayl\u0131kla yay\u0131labilen solucan\u0131n bu teknikle yay\u0131l\u0131rken kurban\u0131n bilgisayar\u0131nda Microsoft’un son yamalar\u0131n\u0131n da bulunmas\u0131n\u0131n yeterli olamayabilece\u011fini belirten Culley, bu tip bula\u015fmay\u0131 \u00f6nlemenin tek yolunun g\u00fcncel bir anti-vir\u00fcs yaz\u0131l\u0131m\u0131 kullanmak oldu\u011funu belirtiyor.<\/p>\n

V\u0130R\u00dcS NASIL YAYILIYOR?
\nMicrosoft’un yay\u0131nlad\u0131\u011f\u0131 b\u00fcltene g\u00f6re solucan Windows i\u00e7inde bulunan ses hizmetleri, sunucu yaz\u0131l\u0131mlar\u0131 gibi arkaplan servislerinin \u00e7al\u0131\u015fmas\u0131n\u0131 saplayan “services.exe” isimli uygulamay\u0131 enfekte ederek, asl\u0131nda Windows’un \u00e7al\u0131\u015fmas\u0131 i\u00e7in gerekli olan bu uygulaman\u0131n bir par\u00e7as\u0131 haline geliyor.<\/p>\n

Services.exe’nin bir par\u00e7as\u0131 haline gelen zararl\u0131 betik par\u00e7ac\u0131\u011f\u0131, kendisini Windows’un sistem klas\u00f6r\u00fc alt\u0131na kopyalayarak, 5-8 karakterli bir “dll” dosyas\u0131 olarak sakl\u0131yor. Windows’un uygulama ayarlar\u0131n\u0131 tutan “Registry” (Kay\u0131t kitapl\u0131\u011f\u0131) i\u00e7inde bir d\u00fczenleme yapan uygulama, bu noktadan sonra kendini sistem i\u00e7in gerekli bir servis olarak tan\u0131mlayarak bilgisayar a\u00e7\u0131k oldu\u011fu her an arkaplanda \u00e7al\u0131\u015fmaya devam ediyor.<\/p>\n

Solucan \u00e7al\u0131\u015fmaya ba\u015flad\u0131\u011f\u0131 andan itibaren bir HTTP sunucusu (\u0130nternet \u00fczerinden taray\u0131c\u0131 vas\u0131tas\u0131yla ula\u015fabilen Web sunucu hizmeti) olu\u015fturuyor, sistemin en son Geri Y\u00fckleme Noktas\u0131n\u0131 (System Restore Point) silen vir\u00fcs bu \u015fekilde temizlenmesini daha g\u00fc\u00e7 hale getiriyor ve sald\u0131rganlar\u0131n sitesi \u00fczerinden dosyalar y\u00fcklemeye ba\u015fl\u0131yor. Bu \u015fekilde uzaktan ba\u011flanan sald\u0131rganlar enfekte olan bilgisayarda kolayl\u0131kla istedikleri i\u015flemleri ger\u00e7ekle\u015ftirebiliyorlar.<\/p>\n

Bir\u00e7ok solucan, \u0130nternet \u00fczerinden ba\u011fland\u0131klar\u0131 siteler sayesinde kolayl\u0131kla ay\u0131rt edilebiliyor ancak, Conficker olarak an\u0131lan bu yeni solucan, tamamen rasgele isimlerle (mphtfrxs.net, imctaef.cc, ve hcweu.org gibi) olu\u015fturulmu\u015f y\u00fczlerce alan ad\u0131na ba\u011flanan son derece sofistike bir algoritma kulland\u0131\u011f\u0131 i\u00e7in rahatl\u0131kla fark edilemiyor. \u00c7\u00fcnk\u00fc say\u0131s\u0131yla y\u00fczlerle ifade edilen bu alan adlar\u0131ndan hangisinin sald\u0131rgan\u0131n websitesi oldu\u011fu hen\u00fcz \u00e7\u00f6z\u00fclebilmi\u015f de\u011fil. Solucan\u0131n hangi internet sitesinden zararl\u0131 beti\u011fi \u00e7ekip \u00e7al\u0131\u015ft\u0131rd\u0131\u011f\u0131n\u0131 anlamak neredeyse imkans\u0131z.<\/p>\n

Solucan’\u0131n nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 anlamak amac\u0131yla vir\u00fcs\u00fc tersine m\u00fchendislik (reverse engineering) y\u00f6ntemiyle analiz eden bilgisayar uzmanlar\u0131 hen\u00fcz bir \u00e7\u00f6z\u00fcm bulabilmi\u015f de\u011fil ancak, en az\u0131ndan Downadup ad\u0131 verilen varyant\u0131n ka\u00e7 bilgisayar \u00fczerinde \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 biliyorlar.<\/p>\n

“Onlar\u0131 g\u00f6rebiliyoruz ancak, temizleyemiyoruz” \u015feklinde konu\u015fan F-Secure’un ara\u015ft\u0131rmac\u0131lar\u0131ndan Toni Kovunen, rasgele olu\u015fturulmu\u015f alan adlar\u0131ndan birka\u00e7 tanesini ele ge\u00e7irdiklerini ifade ederek, bu alan adlar\u0131na y\u00fczbinlerce farkl\u0131 IP adresi \u00fczerinden istemcilerin ba\u011fland\u0131\u011f\u0131n\u0131 s\u00f6yl\u00fcyor.<\/p>\n

Microsoft’un yorumlar\u0131na g\u00f6re, zararl\u0131 yaz\u0131l\u0131m d\u00fcnyan\u0131n farkl\u0131 noktalar\u0131nda bir \u00e7ok bilgisayar\u0131 ele ge\u00e7irmi\u015f durumda. En \u00e7ok hasar\u0131 ise \u00c7in, Brezilya, Rusya ve Hindistan’da bulunuyor.<\/p>\n

NTV-MSNBC<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

\n

Microsoft’un Ekim ay\u0131nda yay\u0131nlad\u0131\u011f\u0131 MS08-067 yamas\u0131yla \u00e7\u00f6zd\u00fc\u011f\u00fc a\u00e7\u0131\u011f\u0131 kullanan solucan (Worm), h\u0131zla yay\u0131lmaya devam ediyor.<\/p>\n

\u0130STANBUL – Downadup, Kido ve Conficker ad\u0131yla bilinen “solucan” tipi vir\u00fcs, Microsoft’un 2008 Ekim ay\u0131nda yay\u0131nlad\u0131\u011f\u0131 bir g\u00fcvenlik bildirisine ra\u011fmen, gerekli \u00f6nlemler al\u0131nmay\u0131nca, yay\u0131nlanan son g\u00fcvenlik bildirilerine g\u00f6re 9 milyon bilgisayar\u0131 ele ge\u00e7irdi.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-3049","post","type-post","status-publish","format-standard","hentry","category-bilim-ve-teknoloji","odd"],"_links":{"self":[{"href":"http:\/\/www.korhanyilmaz.com\/index.php?rest_route=\/wp\/v2\/posts\/3049","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.korhanyilmaz.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.korhanyilmaz.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.korhanyilmaz.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.korhanyilmaz.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3049"}],"version-history":[{"count":0,"href":"http:\/\/www.korhanyilmaz.com\/index.php?rest_route=\/wp\/v2\/posts\/3049\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.korhanyilmaz.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3049"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.korhanyilmaz.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3049"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.korhanyilmaz.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3049"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}