Monday, June 16, 2008

Kwayar Cutar Kwamfuta (Computer Virus) #4

Matashiya

Idan mai karatu na tare da mu, muna yin bayani ne kan kwayoyin cutar kwamfuta da illolin su da kuma masu hakki wajen kirkiro wannan annoba. Har wa yau, a makon da ya gabata mun kawo bayanai kan tsarin da masu wannan al’ada ke bi wajen yada kwayoyin cutar da ke ma kwamfuta illa a duniya. A karshe kuma mai karatu ya samu bayanai kan tasirin wannan sana’a nasu, hatta ga siyasar duniya. A yau za mu ci gaba, inda zamu kawo hanyoyin da wadannan masana harkan kwamfuta ke bi wajen shiga kwamfutocin jama’a; ko dai don yada kwayoyin cuta, ko aiwatar da satan bayanai, ko kuma don sace ma jama’a kudade da kuma aikin leken asiri.

Brute-Force (Karfin Cin Tuwo)

Idan mai karatu na tare da mu, mun sanar da cewa masu kirkira da kuma yada kwayoyin cutar kwamfuta mutane ne masana harkan kwamfuta, wadanda suke kwararru wajen abinda ya shafi ginawa da kuma tsara mata manhajan ta, wadanda kuma suka gwammace su rinka cutar da ita maimakon amfanar da masu amfani da ita. Su ne ake kira Crackers ko kuma Hackers, a turancin kwamfuta. Mun kuma nuna irin kwarewar da suke da ita wajen iya yada manhajoji masu yiwo musu aikin leken asiri, da masu dauke da kwayoyin cuta, da kuma masu sato musu bayanai a ko ina kwamfutar kuwa take a duniya. Manya cikin dalilan da ke sawwake musu wannan mummunan aiki su ne samuwar fasahar Intanet, da kuma gajere ko dogon zangon sadarwa da ake iya tsarawa a gida ko ofisoshin hukumomi ko kamfanoni masu zaman kan su, watau Local Area Network (LAN) da kuma Wide Area Network (WAN). Idan suka samu haka, hanya ta farko da suke bi wajen yada tsiyatakun su shine ta amfani da karfin cin tuwo wajen shiga cikin wata kwamfutar, da niyyar sato bayanai ko kuma shuka wani tsiya a siffar manhaja mai gabatar da aikin leken asiri. Wannan shi ake kira Brute-Force, a turancin kwamfuta. Masu amfani da wannan hanya wajen yada cutar kwamfuta na bukatar mu’amala da kwamfutar ne kai tsaye ; ido-na-ganin-ido. Idan a kunne take, kuma mai shi ya kulle ta da kalmomin asirin sa (Passwords), sai su yi kirdadon kalmomin da yayi amfani dasu, don budewa da kuma aikata abinda suke son yi. Galibin su kuma kan samu kalmomin asirin ne daga wajen wadanda ke aiki a wajen, ko kuma watakil mai shi ya basu, don amince musu da yayi ko don kasancewan su ma’aikata a wajen. Da zaran sun samu shiga Uwar Garken (Server) da ke zangon, shikenan. Sauran ayyukan duk ita zata musu. Idan na satan bayanai ne, ita ce zata aika da manhajan da zai sato su. Idan kuma kwayar cutar kwamfuta ce, to duk wata kwamfutar da ta sake ta karbi wasu bayanai daga gareta; ta hanyar Intanet ne ko kuma ta hanyar ma’adanan bayanai (Storage Devices), ita ma zata kamu dasu, kai tsaye ba tare da bata lokaci ba. Wannan hanya ta farko kenan da suke bi wajen aikata wannan mummunan aiki nasu.

Sniffing Software (Manhajan Sinsino Bayanai)

Wannan ita ce hanya ta biyu. Idan basu da daman samun kwamfutar kai tsaye, sai suyi amfani da manhaja mai yawo rariya-rariya cikin giza-gizan sadarwa ta duniya, don sinsino musu bayanan da suke so. Ire-iren wadannan manhajoji suna da yawa, kuma sunayen su ya sha banban dangane da wanda ya kirkiro su. Amma dunkulallen sunan da suka fi shahara da shi shi ne Malicious Software Tools. Shi wannan tsari na aikawa da gungun manhajoji masu yawo suna mallake kwamfutocin mutane ya samo asali ne shekaru kusan tara da suka gabata. ‘Yan Dandatsa (Hackers) ne ke gina su, su aika su cikin giza-gizan sadarwa ta duniya don sato musu bayanai, ko don yada kwayoyin cuta, ko kuma don mallake ma jama’a kwamfutocin su, su mayar da su a matsayin rumbun adana bayanan da suke satowa daga wasu wurare. Dankari! Ire-iren wadannan manhajoji da ‘Yan Dandatsa ke ginawa da aikawa na tattare ne da tsari daban-daban; akwai wadanda a dunkule suke. Da zaran sun shigo kwamfutar ka, ba abinda zasu yi sai su mallake ta gaba daya. Ta kogo (System Port) daya suke shigowa, su ci gaba da abinda suke. Akwai kuma wadanda a rarrabe suke, daya ne ke jawo daya. Maginin su ya gina su ne ta yadda zai fara aikawa da guda daya da zai share ma sauran hanyar shigowa. Idan na farkon ya shigo, ya gama nazarin tsarin da kwamfutarka take, sai ya jawo sauran. Idan sun tashi shigowa ta wani kogon zasu shigo, ba ta hanyar da ya shigo ba. Manhajojin Dandatsa masu irin wannan tsari basu cika mallake kwamfuta a lokaci guda ba. Domin kowane bangare ya shigo, zai takaita ne da sashen da maginin sa ya umarce shi da himmatuwa dashi. Kuma da zaran sun shigo, suna iya wucewa zuwa wata kwamfutar, daga cikin taka, don isar da wani sakon makamancin wanda suke yi a cikin naka. Sun ga dama su mayar da kwamfutar ka a matsayin ma’adana ko ince rumbu ; duk abinda suka sato daga wata kwamfutar, sai su ajiye cikin naka. Har abada, idan ba kwarewa kayi wajen sanin dabi’un kwamfuta ba, to ba ma zaka san abinda ke faruwa ba. Sai dai kawai suyi ta amfani da ma’adar kwamfutarka (System Hard Disk) suna jibga mata nauyi. Wasu lokuta kuma ba adana bayanai kadai zasu yi ba, sun ga dama su mayar da ita wajen kasuwanci, ta yadda zasu bude gidan yanar sadarwa mai kyau na kasuwancin kayayyaki ko hajojin batsa da tambola (Casino), suna samun na kashewa daga wata uwa duniya. Kai baka sani ba, an mayar da kwamfutar ka abin neman kudi. Dan Dandatsa na iya mallake kwamfutoci sama da dubu goma ta amfani da manhaja guda, yana basu umarni daga cikin dakinsa, suna aiwatar masa da aikin da yake so. Wannan tsari shi ake kira Robot Network, ko kuma BOTNET, a turancin kwamfuta. Idan suka lura ka gane cewa kwamfutar ka na da matsalar cututtuka irin na Dandatsanci, kuma kana kokarin magance matsalar ta hanyar manhajar tace cututtukan kwamfuta watau Antivirus Softwares, sai wadannan manhajoji na dandatsa su sanar da maigidansu. Nan take zai umarce su da su diro ma kwamfutar da ke baka sadarwa ta Intanet, don hana ta tasirin magance matsalar, ta amfani da tsarin Distributed Denial of Service (DDoS). Wannan tsari na DDoS, tsari ne da ke tattare da manhaja mai turo ma kwamfuta taron shara na bayanai marasa kan gado, masu dimbin yawa a lokaci guda, don hana ta tasiri da mika ma sauran kwamfutoci bayanai. A wasu lokuta ma, sukan kashe kwamufutar gaba daya, saboda tsaban yawaitan wadannan bayanai da manhajan ke miko mata a lokaci guda. Wannan shi ake kira bita-da-kulli. Domin idan kana kokarin magance matsalar da ke cikin kwamfutar da ta kamu da Malicious Software ta hanyar Intanet, dole kana bukatar sadarwa ta Intanet a kwamfutar, don ka samu cikakken bayanai kan matsalar. Sanin haka tasa su kuma suka tsara wannan hanya ta DDoS, don toshe maka hanyar gyara. Sai dai ka hakura da kwamfutar, ko kuma ka canza mata ruhi (Reformatting). Sun ci riba a kanka kenan!

Tarihi da Yaduwan BOTNET

Kamar yadda bayanai suka gabata a sama, BOTNET shine tsarin mallakan kwamfutocin mutane daga nesa – wata uwa duniya – ta hanyar manhajan leken asiri ko sato bayanai, watau Malicious Software Tools. Ire-iren wadannan manhajoji sun fara bayyana ne cikin shekarar 1999, a watan Mayu, lokacin da wani Dan Dandatsa ya cillo wani manhaja mai suna PrettyPark, wanda kuma ya gina shi ne da hikimar gina manhajan kwamfuta mai suna Delphi. Wannan manhaja na PrettyPark na da ikon sato bayanan da suka shafi lambobin kwamfutarka (System Information), da irin babban manhajan da take amfani dashi (Operating System), da dukkan wani adireshin Imel da ke cikin kwamfutar, ko da kuwa ba naka bane, da dukkan kalmomin izinin shiga (Passwords) da kake amfani dasu wajen shiga kwamfutar ka ko kuma akwatin wasikan sadarwan ka na Imel. Duk zai sato su, ya mika ma Uban gidan sa, kai tsaye. Abu na karshe da wannan mugu ya mallaka shine, karfin ikon aiwatar da tsarin DDoS, wanda ke taimaka masa wajen hana ka magance matsalolin sa. Sai kuma manhajan dandatsa mai suna SubSeven Trojan/Bot, wanda ya bayyana a watan Yuni na shekarar 1999. Shi ma, kamar wanda ya gabace shi, an gina shi ne da Delphi, kuma idan ya shigo kwamfutarka, yana iya boye kan sa, ya sace maka kalmomin izinin shigan ka (Passwords), don yana iya shiga ko ina ya aiwatar da duk wani abinda mai kwamfutar zai iya aiwatarwa. Daga nan kuma sai aka samu labarin bullan wani mugu mai suna Global Threat, ko kuma GT Bot, a takaice. Ya bayyana ne cikin shekarar 2000, kuma yana iya sace maka bayanai muhimmai, ya nemo kogunan karban bayanai (System Ports) don neman hanya mafi sauki na shiga da fita, yana iya yaudaran ka ta hanyar nuno maka bayanai masu dauke da adireshin wasu gidajen yanar sadarwa, wanda a fili idan ka gani, sai ka dauka masu kyau ne, da zaran ka matsa su, zasu kai ka inda kwamfutar ka zata harbu ne da kwayoyin cuta masu tsanani. A karshe, shima yana da ikon kai hari ta hanyar DDoS, bayan ikon sace adireshin Imel da yake dashi. Ana shiga shekarar 2002 kuma sai wani kwararre kan dabaran gina manhajan kwamfuta (Programmer), dan kasar Rasha, ya kirkiro wani manhajan dandatsa mai suna SD Bot. Ya gina wannan manhaja ne da kwarewan gina manhajan kwamfuta mai suna C++. Wannan manhaja ya yadu sosai a tsakanin ‘Yan Dandatsa, saboda maginin sa ya saki dukkan dabarun da yayi amfani dasu (Source Codes) ne kyauta, ga duk mai so. Wannan tasa da dama suka kwafi dabarun, suka yi ta kirkiran sabbi makamantan shi. Manhajan SD Bot na iya satan adireshin Imel da ke cikin kwamfutar ka shima, yana da karfin kuduri irin na aiko sakonnin bogi (Spam Mails) masu tarin yawa cikin kankanin lokaci. Idan kuma ka sake, zaka same shi cikin makalutun sakon Imel (Email Attachments). Kafin ya gama yayin sa, sai da yayi amfani da kogunan kwamfutocin mutane da dama wajen cillo tsiyatakun sa, irin su: Port 139, 445, 135, 1025, 5000, 80, da kuma 1433. Wadannan koguna ne da kwamfuta ke amfani dasu wajen aikawa ko karban bayanai ta hanyoyin daban-daban. SD Bot, shine manhajan da aka fi samun sa cikin kwamfutocin da ke kamuwa da cututtukan zazzabi ta hanyar Intanet. A cikin wannan shekara ta 2002 ne dai har wa yau, aka samu AgoBot, wanda ke dauke da bangarori uku masu taimaka masa wajen aiwatar da aika-aikan sa na sato bayanai ga Ubangidan sa. Bangaren farko idan ya shigo kwamfutar ka ta kofar baya (Backdoor), zai shiga ne don yin bincike da sanin irin tsarin da kwamfutar ka ke gudanuwa a kai. Idan ya gama, sai ya gayyato daya bangaren. Idan wannan bangare na biyu ya shigo, sai yabi dukkan wani manhaja da kake amfani dashi wajen tace kwayoyin cutar kwamfuta, watau Antivirus Software, ya kashe musu guiwa, ya hana su aiki, ta hanyar gurgunta su. idan ya gama nashi aikin, sai ya janyo bangare na uku. Kafin mu ci gaba, a ka’ida, duk lokacin da ka lura cewa kwamfutarka ta kamu da kwayoyin cuta masu haddasa zazzabi da halakar da bayanai, zaka yi kokarin ka tace (Scan) kwamfutar ne don tsamo su da kona su ko tarwatsa su. Da zaran ka nemo su, sai ka ga sun daina aiki, su ma ta kansu suke! Wannan manhaja na AgoBot na ganin haka, to ya san hanyar da ta saura maka ita ce kaje gidajen yanar sadarwa masu dauke da irin wadannan manhaja na tace kwayoyin cuta, don ka tace kwamfutar ka ta hanyar Intanet, watau Online Virus Scan. Don haka yana gama gurgunta wadannan jami’an tsaro da kake dasu, sai ya wuce kai tsaye zuwa kwakwalwan kwamfutar, ya dare a kan ta, ya kura maka ido, yana jiran ya ga abinda zaka yi, wanda ya danganci bata masa aikin sa. Idan ka ci gaba da aikin ka na kwankwashe-kwankwashen bayanai (Typing), shi ma zai ci gaba da aikinsa na satan bayanai ko kuma leken asiri. Amma da ya lura kana kokarin shiga Intanet da nemo bayanai kan abinda ya shafi kwayar cutar kwamfuta, to ya san kana son magance shi ne da hana shi tasiri wajen yin nashi aikin. Don haka sai ya gayyato bangaren karshe, watau Module 3, wanda aikin sa shine ya kashe kwamfutar gaba daya, tare da kunna ta, kai tsaye ! Wannan mugun manhajan satan bayanai da leken asiri ne na taba cin karo dashi cikin shekarar 2006, lokacin da nake kokarin sauko da wani manhaja na kwamfuta daga wani gidan yanar sadarwa na ‘yan Dandatsa, mai suna ProjectW (http://www.projectw.org). Lokacin da ya shige cikin kwamfuta ta, nan take na gane, don babban manhajan kwamfuta na Windows ya sanar dani, cewa kwamfutar ta harbu da kwayoyin cuta masu aiwatar da leken asiri. Yana shigowa sai ya kashe min dukkan jami’an tsaron da nake dasu a kwamfutar, ba tare da bata lokaci ba. Daga nan na ci gaba da nemo yadda zan magance shi, amma ina ! Gashi magriba ta yi, ina zaune a ofis, na kura ma kwamfutar ido, zuruuuu ! Babban abin bakin ciki ma shine yadda zan fitar da dukkan jakunkunan bayanai na. Domin ina da bayanai da mizanin nayin su ya haura miliyan dari hudu (400MG) ; na tarin bayanai kadai. Daga nan sai nai kokarin shiga Intanet, don gane nau’in kwayar cutar. Da zaran na shigar da kalman tambaya a gidan yanar sadarwa na Google, sai ya kashe kwamfutar gaba daya, ya sake kunna ta. Tashin hankali. Haka dai na hakura aka goge wannan ruhi nata, tare da dukkan bayanan da ke ciki, aka sanya mata wani sabo. Allah Yai min gyadan dogo ina dasu a wata kwamfutar, sai na kwafo su. Manhajan AgoBot kenan; mai mallakar kwamfutar ka, tare da hana ka aikata dukkan abin da kake son yi, sai wanda ya ga dama.

Kammalawa

Hakika mun tsawaita bayanai kan wannan fage. Ayi hakuri. Amfanin da ke tattare da hakan ne ya jawo haka. Idan Allah Ya kai mu mako mai zuwa, zamu gama bayanai kan wadannan mutane da duk wani abinda ya shafi kwayar cutar kwamfuta. Zamu karasa bayani kan sauran shahararrun manhajan leken asiri da muka faro a yau, sannan mu ji takaitaccen bayanai kan duniyar ‘Yan Dandatsa: yadda suke mu’amala a tsakaninsu; irin harshen su; finafinan su; gidajen yanan su da kuma labarin sana’arsu, a aikace. A ci ga da kasancewa tare da mu.

No comments:

Post a Comment