![](\"https:\/\/www.webtekno.com\/images\/editor\/default\/0002\/21\/11de88488fc86c2d9edd1316d53a0c40c50346d0.jpeg\"\/)
<\/p>\nSay\u0131s\u0131n\u0131n her ge\u00e7en g\u00fcn artt\u0131\u011f\u0131n\u0131 bildi\u011fimiz berbat maksatl\u0131 yaz\u0131l\u0131mlar, art\u0131k de web uygulamalar\u0131 kullanarak yay\u0131lmaya ba\u015flad\u0131.\u00a0Microsoft ve Cisco's Talo \u00e7al\u0131\u015fanlar\u0131 yeni bir makus hedefli yaz\u0131l\u0131m olan Nodersok'u ke\u015ffettiler. Bu yaz\u0131l\u0131m\u0131n yaln\u0131zca bilgisayar\u0131n\u0131z\u0131 uzaktan ele ge\u00e7irebilen botnetlerden \u00e7ok daha berbat oldu\u011fu biliniyor.<\/p>\n
Nodersok isimli yaz\u0131l\u0131m, internet trafi\u011fi yaratabilmek i\u00e7in proxyleri web uygulamalar\u0131 \u00fczerinden ele ge\u00e7iriyor. Ak\u0131nlar d\u00fczmece bir reklam ya da belge indirip HTA ile \u00e7al\u0131\u015ft\u0131rarak yay\u0131l\u0131yor.\u00a0HTA'daki JavaScript, farkl\u0131 bir JavaScript evrak\u0131 indiriyor ve s\u0131rayla, Windows Defender'\u0131 devre d\u0131\u015f\u0131 b\u0131rak\u0131p daha fazla denetim isteyen, bilgi paketleri yakalamay\u0131\u00a0ama\u00e7layan\u00a0proxyler\u00a0de\u00a0dahil olmak \u00fczere bir dizi ara\u00e7 y\u00fckleyen ve \u00e7al\u0131\u015ft\u0131ran bir PowerShell komutunu \u00e7al\u0131\u015ft\u0131r\u0131yor.<\/p>\n
Sistemde tespit edilemiyor:<\/b><\/p>\n
<\/p>\n
Bu vir\u00fcs, Windows'a yerle\u015fik de olsa, \u00fc\u00e7\u00fcnc\u00fc bir ki\u015fi taraf\u0131ndan indirilmi\u015f de olsa gayesine ula\u015fabilmek i\u00e7in web uygulamalar\u0131n\u0131 kullan\u0131yor. Yani depolamaya kopyalanan bir makus emelli yaz\u0131l\u0131m bulunmuyor. Bu durum da tespit edilmesini ve \u00fczerinde \u00e7al\u0131\u015f\u0131lmas\u0131n\u0131 \u00e7ok zorla\u015ft\u0131r\u0131yor.\u00a0<\/p>\n
Nodersok'un ard\u0131nda kimin oldu\u011fu belirli de\u011fil ancak\u00a0yaz\u0131l\u0131m, mak\u00fbs niyetli \u00fclkelerden fazla mak\u00fbs niyetli \u015fah\u0131slar\u0131n i\u015fiymi\u015f \u00fczere g\u00f6r\u00fcn\u00fcyor. Cisco, yaz\u0131l\u0131m\u0131n \u00f6ncelikli hedefinin\u00a0t\u0131klama sahtekarl\u0131\u011f\u0131 oldu\u011funu d\u00fc\u015f\u00fcn\u00fcyor. Yaz\u0131l\u0131m\u0131n web sitelerinden elde edilen geliri art\u0131rmak gayesiyle otomatik olarak reklam t\u0131klamalar\u0131 olu\u015fturmak i\u00e7in yap\u0131lm\u0131\u015f olma ihtimalinin y\u00fcksek oldu\u011fu d\u00fc\u015f\u00fcn\u00fcl\u00fcyor. Bir\u00e7ok gaye, kurumsal yahut devlet kullan\u0131c\u0131lar\u0131ndan \u00e7ok Avrupa ve ABD'deki s\u0131radan bilgisayar kullan\u0131c\u0131lar\u0131ndan olu\u015fuyor.<\/p>\n
Microsoft ve Cisco bu vir\u00fcs\u00fc engellemek ve bir savunma sistemi olu\u015fturmak\u00a0i\u00e7in \u00e7al\u0131\u015fmalar yap\u0131yor. Birden fazla insan\u0131n \u015fu anda bu vir\u00fcse ula\u015fabilmesi ya da tespit edebilmesi m\u00fcmk\u00fcn de\u011fil. Hatta bir\u00e7ok vir\u00fcs tersi yaz\u0131l\u0131m\u0131n\u0131n da vir\u00fcse kar\u015f\u0131 s\u0131k\u0131nt\u0131 g\u00fcnler ya\u015fayaca\u011f\u0131n\u0131 s\u00f6yleyebiliriz. Nodersok'un ge\u00e7ti\u011fimiz hafta binlerce bilgisayara eri\u015fti\u011fini biliyoruz ve Microsoft'a nazaran yak\u0131n bir vakitte bu vir\u00fcs\u00fcn \u00f6n\u00fcne ge\u00e7mek pek de m\u00fcmk\u00fcnm\u00fc\u015f \u00fczere g\u00f6r\u00fcnm\u00fcyor.<\/p>\n
Say\u0131s\u0131n\u0131n her ge\u00e7en g\u00fcn artt\u0131\u011f\u0131n\u0131 bildi\u011fimiz berbat maksatl\u0131 yaz\u0131l\u0131mlar, art\u0131k de web uygulamalar\u0131 kullanarak yay\u0131lmaya ba\u015flad\u0131.\u00a0Microsoft ve …<\/p>\n","protected":false},"author":1,"featured_media":10380,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[15],"tags":[2291,1237],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/10379"}],"collection":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10379"}],"version-history":[{"count":1,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/10379\/revisions"}],"predecessor-version":[{"id":10381,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/posts\/10379\/revisions\/10381"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=\/wp\/v2\/media\/10380"}],"wp:attachment":[{"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10379"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10379"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/kutaybilen.com.tr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10379"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}