Munzvimbo isingaregi yekutyisidzira kwecybersecurity, kubuda kweGoBear, yakasarudzika backdoor malware, yasimudza kushushikana kukuru pakati penyanzvi dzekuchengetedza. Yakagadzirwa mumutauro weGo uye yakasimbiswa nechitupa cheD2innovation Co., LTD chiri pamutemo, GoBear inoshanda sekutyisidzira kwakavanzika inokwanisa kuita mirairo yakaipa, kuba data, uye kufambisa kure kure nevatambi vane hutsinye. Ichi chinyorwa chinotarisa mukuoma kweGoBear, zviito zvayo, mhedzisiro, uye inopa gwara rakazara rekubvisa nekudzivirira.
GoBear Malware Overview
GoBear, inoratidzwa sea backdoor malware, inozvitsaura nekusimudzira mutauro weGo uye nekuwana chaiyo D2innovation Co.,LTD chitupa. Huchokwadi hwechitupa ichi hunowedzera mutsetse wekuomarara, uchinongedza pakubirwa kana kushandiswa kusina mvumo.
Iyo malware inoshanda nekuita mirairo yakaipa yakagamuchirwa kubva kuCommand and Control (C&C) server, ichibvumira vanorwisa kuti vatange kupinda kune iyo ine hutachiona system. GoBear inoenderera mberi nekubatanidza SOCKS5 proxy mashandiro, ichiwedzera hunyanzvi hwayo uye zvichigoneka kufambisa kutaurirana kwakavanzika kana kusazivikanwa zviitiko zveanorwisa.
Zviito uye Migumisiro
- Kubiwa Kwedata: GoBear inoshandisa mirairo yakafanana neBetaSeed malware, ichivavarira kuba data kubva kuhurongwa hwemunhu akabatwa. Izvi zvinogona kusanganisira ruzivo rwakadzama, zvitupa zvekupinda, uye data rebhizinesi remuridzi.
- Remote Control: Iyo yekumashure hunhu hweGoBear inobvumira vanorwisa kure kudzora uye kunyengera kweiyo ine hutachiona mudziyo. Izvi zvinogona kusanganisira kuisa imwe malware, kuita zviitwa zvekucherekedza, kana kutanga zvimwe zviito zvakaipa.
- SOCKS5 Proxy Kubatanidzwa: Iko kusanganisirwa kweSOCKS5 mashandiro emumiririri anoratidza mukana wekunzvenga kuonekwa, kufambisa traffic ine hutsinye kuburikidza nemaseva epakati, uye kusazivikanwa zviitiko zveanorwisa.
Mazita ekuona uye Kutyisidzira kwakafanana
GoBear yaonekwa nemapurogiramu akasiyana-siyana ekuchengetedza pasi pemazita akadai saWin64:Evo-gen [Trj], Gen:Variant.Lazy.459270, A Variant Of Win32/GenCBL.EKB, Trojan.Win32.SelfDel.imwn, uye Trojan:Win64 /SelfDel!MTB. Zvikuru, inogovera D2innovation Co., LTD chitupa neimwe malware inozivikanwa seTroll.
Removal Nhungamiro
Kubvisa iyo GoBear malware kubva kune yako Windows system, tevera iyi yakazara yekubvisa gwara:
- Manual Removal:
- Ziva uye kumisa maitiro ekufungidzira uchishandisa Task Manager.
- Tsvaga uye bvisa mafaera akashata ane hukama neGoBear.
- Bvisa zvinyorwa zvekunyoresa zvakabatanidzwa kune malware uchishandisa Registry Editor.
- Network Analysis: Ita ongororo yetiweki kuona uye kuvhara kutaurirana neC&C server.
- Chengetedzo Software Scan: Mhanyai kunyatsoongorora neantivirus zviri pamutemo kana anti-malware software kuti uone uye ubvise chero masarairi eGoBear.
Nzira dzokudzivirira
- Software Kugadziridza: Gara uchivandudza yako yekushandisa system, software, uye maturusi ekuchengetedza kuti apete kusasimba.
- Email Vigilance: Chenjerera nemaemail zvakanamirwa, kunyanya kubva kusingazivikanwe kana kunyumwa.
- Safe Browsing Habits: Regedza kushanyira mawebhusaiti akakanganiswa, kudzvanya pane zvakashata ads, kana kudhawunirodha software kubva kune isingavimbike masosi.
- Maropafadzo emushandisi: Deredzai kodzero dzemushandisi kudzikisa kukanganisa kwezvingangoita hutachiona hwemalware.
mhedziso
GoBear inomira sekutyisidzira kunotyisa munzvimbo yecyberattacks, ichishandisa matekiniki epamberi kukanganisa masisitimu uye kuba ruzivo rwakadzama. Kunzwisisa zviito zvaro, mhedzisiro, uye kuita akasimba ekuchengetedza maitiro matanho akakosha mukuchengetedza pane izvi uye. kutyisidzira kwakafanana. Gara uchiziva, ramba wakasvinura, uye tungamira cybersecurity kuchengetedza yako dhijitari nharaunda kubva mukubuda kwe malware kutyisidzira seGoBear.