{"id":476393,"date":"2023-08-09T07:28:31","date_gmt":"2023-08-09T07:28:31","guid":{"rendered":""},"modified":"2023-12-22T07:01:07","modified_gmt":"2023-12-22T07:01:07","slug":"conficker","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/tr\/wiki\/conficker\/","title":{"rendered":"Conficker"},"content":{"rendered":"

Downup, Downadup veya Kido olarak da bilinen Conficker, 2008'in sonlar\u0131nda ortaya \u00e7\u0131kan k\u00f6t\u00fc \u015f\u00f6hretli bir bilgisayar solucan\u0131d\u0131r. Bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m, Microsoft Windows i\u015fletim sistemlerindeki g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanarak bilgisayar a\u011flar\u0131 \u00fczerinden h\u0131zla yay\u0131larak d\u00fcnya \u00e7ap\u0131nda \u00f6nemli hasarlara neden olur. Conficker solucan\u0131, k\u00f6t\u00fc niyetli akt\u00f6rlerin kontrol\u00fc alt\u0131ndaki vir\u00fcs bula\u015fm\u0131\u015f bilgisayarlardan olu\u015fan bir a\u011f olan bir botnet olu\u015fturmak ve bu bilgisayarlar\u0131n DDoS sald\u0131r\u0131lar\u0131 ba\u015flatmak, hassas bilgileri \u00e7almak ve spam da\u011f\u0131tmak gibi \u00e7e\u015fitli yasa d\u0131\u015f\u0131 faaliyetler ger\u00e7ekle\u015ftirmelerini sa\u011flamak \u00fczere tasarlanm\u0131\u015ft\u0131r.<\/p>\n

Conficker'in k\u00f6keninin tarihi ve ilk s\u00f6z\u00fc<\/h2>\n

Conficker'\u0131n k\u00f6kenleri, g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131 taraf\u0131ndan ilk kez tespit edildi\u011fi Kas\u0131m 2008'e kadar uzanabilir. H\u0131zl\u0131 yay\u0131lmas\u0131 ve kodunun karma\u015f\u0131kl\u0131\u011f\u0131 nedeniyle h\u0131zla dikkat \u00e7ekti ve ortadan kald\u0131r\u0131lmas\u0131n\u0131 zorla\u015ft\u0131rd\u0131. Solucan\u0131n birincil hedefleri, o d\u00f6nemde yayg\u0131n olan Windows i\u015fletim sistemlerini, \u00f6zellikle de Windows XP ve Windows Server 2003'\u00fc \u00e7al\u0131\u015ft\u0131ran bilgisayarlard\u0131.<\/p>\n

Conficker hakk\u0131nda detayl\u0131 bilgi. Conficker konusunu geni\u015fletiyoruz.<\/h2>\n

Conficker, bilgisayarlara yay\u0131lmak ve bula\u015fmak i\u00e7in birden fazla teknik kullan\u0131yor. Yay\u0131lmas\u0131 esas olarak Windows sistemlerindeki bilinen g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanmaya dayan\u0131r. Solucan\u0131n birincil da\u011f\u0131t\u0131m y\u00f6ntemi, zay\u0131f y\u00f6netici parolalar\u0131ndan, a\u011f payla\u015f\u0131mlar\u0131ndan ve USB s\u00fcr\u00fcc\u00fcleri gibi \u00e7\u0131kar\u0131labilir depolama ayg\u0131tlar\u0131ndan yararlanmay\u0131 i\u00e7eriyor. Solucan ayr\u0131ca e-posta ekleri ve k\u00f6t\u00fc ama\u00e7l\u0131 web siteleri arac\u0131l\u0131\u011f\u0131yla da yay\u0131lma yetene\u011fine sahiptir.<\/p>\n

Conficker bir sisteme bula\u015ft\u0131\u011f\u0131nda, g\u00fcvenlik yaz\u0131l\u0131m\u0131n\u0131 devre d\u0131\u015f\u0131 b\u0131rakmaya ve g\u00fcvenlikle ilgili web sitelerine eri\u015fimi k\u0131s\u0131tlamaya \u00e7al\u0131\u015farak kullan\u0131c\u0131lar\u0131n yaz\u0131l\u0131mlar\u0131n\u0131 g\u00fcncellemelerini veya g\u00fcvenlik yamalar\u0131n\u0131 indirmelerini zorla\u015ft\u0131r\u0131yor. Tespitten ka\u00e7\u0131nmak ve komuta ve kontrol sunucular\u0131yla ileti\u015fimi s\u00fcrd\u00fcrmek i\u00e7in geli\u015fmi\u015f \u015fifreleme ve ileti\u015fim teknikleri kullan\u0131r.<\/p>\n

Conficker'\u0131n i\u00e7 yap\u0131s\u0131. Conficker nas\u0131l \u00e7al\u0131\u015f\u0131r?<\/h2>\n

Conficker solucan\u0131, vir\u00fcsl\u00fc sistemlerin g\u00fcvenli\u011fini a\u015fmak ve kontrol etmek i\u00e7in birlikte \u00e7al\u0131\u015fan birka\u00e7 bile\u015fenden olu\u015fur:<\/p>\n

    \n
  1. Yay\u0131lma Mod\u00fcl\u00fc:<\/strong> Bu mod\u00fcl, Conficker'\u0131n Windows sistemlerindeki g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanmas\u0131na ve ayn\u0131 a\u011fdaki di\u011fer g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan bilgisayarlara yay\u0131lmas\u0131na olanak tan\u0131r.<\/li>\n
  2. Otomatik \u00c7al\u0131\u015ft\u0131rma Bile\u015feni:<\/strong> Conficker, vir\u00fcsl\u00fc cihaz ba\u011fland\u0131\u011f\u0131nda di\u011fer bilgisayarlara yay\u0131lmas\u0131n\u0131 kolayla\u015ft\u0131rmak i\u00e7in USB s\u00fcr\u00fcc\u00fcler gibi \u00e7\u0131kar\u0131labilir depolama cihazlar\u0131nda k\u00f6t\u00fc ama\u00e7l\u0131 bir autorun.inf dosyas\u0131 olu\u015fturur.<\/li>\n
  3. Etki Alan\u0131 Olu\u015fturma Algoritmas\u0131 (DGA):<\/strong> Conficker, tespit ve yay\u0131ndan kald\u0131rma i\u015flemlerini atlatmak i\u00e7in, g\u00fcnl\u00fck olarak \u00e7ok say\u0131da potansiyel komuta ve kontrol (C&C) alan ad\u0131 olu\u015fturmak \u00fczere geli\u015fmi\u015f bir DGA kullan\u0131yor. C&C sunucusuyla ileti\u015fim kurmak i\u00e7in bu alanlardan birini rastgele se\u00e7iyor, bu da solucan\u0131n altyap\u0131s\u0131n\u0131 takip etmeyi ve kapatmay\u0131 zorla\u015ft\u0131r\u0131yor.<\/li>\n
  4. Komuta ve Kontrol (C&C) \u0130leti\u015fimi:<\/strong> Solucan, operat\u00f6rlerinden talimat almak ve bile\u015fenlerini g\u00fcncellemek i\u00e7in HTTP ve P2P ileti\u015fim y\u00f6ntemlerini kullan\u0131yor.<\/li>\n
  5. Y\u00fck:<\/strong> Conficker'\u0131n birincil amac\u0131 bir botnet olu\u015fturmak olsa da, ayn\u0131 zamanda casus yaz\u0131l\u0131m, keylogger veya fidye yaz\u0131l\u0131m\u0131 gibi ek k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fckleri de vir\u00fcsl\u00fc makinelere indirip \u00e7al\u0131\u015ft\u0131rabilir.<\/li>\n<\/ol>\n

    Conficker'\u0131n temel \u00f6zelliklerinin analizi.<\/h2>\n

    Conficker'\u0131n temel \u00f6zellikleri onu son derece kal\u0131c\u0131 ve uyarlanabilir bir tehdit haline getiriyor:<\/p>\n