Ƙin fahimtar Ƙwayar cutar da kuma yadda za a share shi
Salula shine iyali na yin amfani da fayilolin mallaka wanda ke rinjayar kwakwalwan Windows ta hanyar yada cututtuka ta hanyar fayilolin EXE da SCR.
Salula, wadda ta fara farawa a Rasha, ta samo asali ne a tsawon shekaru, saban haka bambancin bambancin malware sun nuna halaye daban-daban. Duk da haka, yawancin bambance-bambancen Sality su ne tsutsotsi a cikin cewa suna amfani da wasu nau'i na aikin izini don kwashe fayilolin da za a iya aiwatarwa ta hanyar cirewa ko gano kayan aiki.
Wasu ma sun hada da kodayen da suka haɗa da kamfanonin da aka kamuwa da su a cibiyar sadarwa na P2P domin kwakwalwa suyi aiki don taimakawa abubuwa kamar satar bayanan sirri, ƙwaƙwalwar shiga kalmomin shiga, aikawa da spam, da sauransu.
Kwayar Sality na iya haɗawa da mai sauƙi na Trojan wanda ya samo ƙarin malware ta intanit, kuma mai mahimmanci wanda ke dubawa da kuma rikodin keystrokes.
Lura: Wasu shirye-shirye na riga-kafi suna nuna zuwa ƙwayoyin ƙwayar cuta ta wasu sunayen kamar SaILoad, SaliCode, Kookoo, da Kukacka.
Yadda Yake aiki
Kamar yadda aka ambata a sama, Mallam malware yana shafar fayilolin da aka kashe a kan kwamfutar da ke kamuwa.
Yawancin iri na malware sun saka fayil din DLL na musamman a kan kwamfutar a cikin % SYSTEM% babban fayil sannan kuma yana iya kira shi "wmdrtc32.dll" ko, don jigilar kwamfutar, "wmdrtc32.dl_".
Duk da haka, ba duka bambance-bambance na cutar sality za su yi amfani da fayil din DLL ta wannan hanya ba. Wasu suna ɗaukar code ɗin tsaye cikin ƙwaƙwalwar, kuma ba a samo fayil din DLL a ko'ina a cikin ainihin fayilolin faifan ba.
Wasu za su iya ajiye kaya a cikin sakon % SYSTEM% \ drivers . Abin da ke sa wannan tricky shi ne cewa za'a iya adana shi tare da sunan fayil din bazuwar, don haka idan kwamfutarka ta riga-kafi kawai ta karanta sunayen fayiloli don bincika ƙwayoyin cuta, kuma ba abubuwan da ke cikin fayil ba, akwai damar da zai iya samun salus kwayoyin cuta .
Ana ɗaukaka abubuwan sabuntawa zuwa Malware ta hanyar HTTP ta hanyar jerin abubuwan da aka raba tsakanin URLs . Da zarar kamuwa da cutar, malware yana buƙata kawai buƙatar sabuntawa bayan al'amuran don canzawa da girma a kansa, don sauke sababbin fayiloli don harba wasu kwakwalwa.
Alamun kamuwa da cuta
Yana da muhimmanci a fahimci bayyanar cututtuka na kamuwa da cutar ƙwayar cuta - abin da kwamfutarka zai iya yi ko yadda za a yi a yayin da cutar sality ta kasance.
Kamar yadda yake tare da sauran malware, Sality na iya yin wani daga cikin wadannan:
- Kashe software na riga-kafi kuma hana samun dama ga wasu riga-kafi da shafukan tsaro.
- Tsaida gangamin zuwa Safe Mode .
- Cire fayilolin da aka shafi tsaro, tafiyar matakai, da / ko ayyuka .
- Ajiye fayil na CMD, PIF, da / ko EXE zuwa tushen kayan aiki na ganowa, tare da fayil din fayilolin autorun.inf wanda ya ƙunshi umarnin don ɗaukar fayilolin da aka aika yayin da ake shiga na'urar.
- Aika wasikun banza zuwa adiresoshin imel ɗin ta hanyar shiga adireshin adireshin imel dinku na imel.
- Share fayilolin da ke dauke da wasu ƙirar fayil .
Yadda za a Share
Hanyar da ta fi dacewa don hana ƙwayar cuta ta Sality shine kiyaye kwamfutarka har kwanan wata tare da sababbin alamu da ma'anar tsaro. Yi amfani da Sabuntawar Windows da kuma kiyaye software na riga-kafi da aka sabunta don taimakawa wajen warware wannan harin.
Idan kun san cewa kuna da cutar sality, za ku iya kawar da shi a irin wannan hanya. Binciken kwamfutarka don malware tare da shirin sabuntawa mai mahimmanci wanda ya dace . Kuna iya samun sa'a ta amfani da kayan leken asiri na cirewa don kama Sality virus tun lokacin da yake aiki a matsayin kayan leken asiri, ma. Idan wadanda ba su aiki ba ko ba ku da damar samun dama zuwa Windows, yi amfani da shirin riga-kafi na rigakafi a maimakon.
Wasu masu sayar da kayan riga-kafi sun haɗa da kayan aiki na musamman wanda ke nufin musamman don magance cutar sality. Alal misali, AVG tana bada shirye-shiryen rigakafin kyauta kyauta amma sun hada da Sality Fix wanda zaka iya sauke kyauta don cire sallar cutar ta atomatik. Kaspersky yana baka damar amfani da kayan aikin SalityKiller kyauta.
Idan an samo fayil zuwa kamuwa da Sality, ba da damar software don tsaftace fayil din. Idan an sami wasu malware, kokarin kawar da cutar ko shan aikin da aka ba da shawarar ta na'urar daukar hotan takardu.
Wasu shirye-shiryen riga-kafi na rigakafi bazai gano sallar Sality ba. Idan kun yi zargin cewa kuna da kwayar cutar amma software din tsaro ba ta samo shi ba, gwada shigar da shi zuwa VirusTotal don yin nazarin kan layi tare da na'urori masu dubawa.
Wani zaɓi shine don share fayilolin ƙwayoyin cuta ta hanyar binciken ta hanyar kwamfutar tare da kayan aiki na neman fayil kamar Komai. Duk da haka, akwai kyawawan dama cewa an kulle fayilolin daga amfani kuma baza a iya cire su ba a hanya ta al'ada. Shirye-shiryen maganin rigakafin rigakafi zai iya hana wannan ta hanyar tsarawa malware don maye gurbin lokacin da aka rufe kwamfutar.
Abin da za a yi Next
Idan kun tabbata cewa an cire sallar Sality, ya kamata kuyi la'akari da warware ikon don hana rigakafi ta hanyar tafiyar da USB .
Yana da mahimmanci don canza kalmomin shiga ga duk wani asusun yanar gizo da ka yi amfani da shi a lokacin lokacin kamuwa da cuta. Idan sallar sality ta shiga cikin keystrokes, to akwai kyakkyawar damar da ya rubuta bayanan banki, bayanan bayanan kafofin watsa labarun, kalmar sirrin imel, da dai sauransu. Canza waɗannan kalmomin shiga ( bayan an gama kamuwa da shi ) da kuma duba asusunka don sata yana da matukar muhimmanci .
Shigar da kayan aiki na yau da kullum, sabuntawa, sauƙaƙe don amfani da riga-kafi don haka yana da kasa da cewa wannan zai sake faruwa. Tabbatar cewa za a iya bincika masu cirewa don cire malware don tsarawa da yin nazari don bincikawa lokaci-lokaci na malware na kowane iri, ba kawai don cutar sality ba.