{"id":1083,"date":"2020-03-04T00:33:26","date_gmt":"2020-03-03T21:33:26","guid":{"rendered":"https:\/\/blog.hostixo.com\/?p=1083"},"modified":"2020-11-25T11:08:33","modified_gmt":"2020-11-25T08:08:33","slug":"wannacry-doublepulsar-nedir-nasil-onlem-alinmali","status":"publish","type":"post","link":"https:\/\/www.hostixo.com\/blog\/wannacry-doublepulsar-nedir-nasil-onlem-alinmali\/","title":{"rendered":"Wannacry Doublepulsar Nedir? Nas\u0131l \u00d6nlem Al\u0131nmal\u0131?"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_82_2 counter-hierarchy ez-toc-counter ez-toc-grey ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">\u0130\u00e7indekiler \u2714<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"\u0130\u00e7indekiler Tablosunu A\u00e7\/Kapat\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.hostixo.com\/blog\/wannacry-doublepulsar-nedir-nasil-onlem-alinmali\/#Wannacry_Doublepulsar_Nedir\" >Wannacry Doublepulsar Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.hostixo.com\/blog\/wannacry-doublepulsar-nedir-nasil-onlem-alinmali\/#Wannacry_Doublepulsar_Nasil_Bulasiyor\" >Wannacry Doublepulsar Nas\u0131l Bula\u015f\u0131yor?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.hostixo.com\/blog\/wannacry-doublepulsar-nedir-nasil-onlem-alinmali\/#Exploit_Nedir\" >Exploit Nedir?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.hostixo.com\/blog\/wannacry-doublepulsar-nedir-nasil-onlem-alinmali\/#Wannacry_Doublepulsar_Virusu_Nasil_Anlasilir\" >Wannacry Doublepulsar Vir\u00fcs\u00fc Nas\u0131l Anla\u015f\u0131l\u0131r?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.hostixo.com\/blog\/wannacry-doublepulsar-nedir-nasil-onlem-alinmali\/#Wannacry_Doublepulsar_Nasil_Korunulur\" >Wannacry Doublepulsar Nas\u0131l Korunulur<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.hostixo.com\/blog\/wannacry-doublepulsar-nedir-nasil-onlem-alinmali\/#Wannacry_Doublepulsar_Hangi_Sistemleri_Etkiliyor\" >Wannacry Doublepulsar Hangi Sistemleri Etkiliyor?<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>Wannacry Doublepulsar Nedir<\/strong> sorusu vir\u00fcs\u00fcn t\u00fcm d\u00fcnyay\u0131 etkilemesi ile g\u00fcndem oldu. Peki Wannacry Doublepulsar Nedir ve nas\u0131l korunulur?<\/p>\n<p>Wannacry Doublepulsar vir\u00fcs\u00fc 2017 y\u0131l\u0131nda yakla\u015f\u0131k 99 \u00fclkede yer alan yakla\u015f\u0131k 280.000 bilgisayara bula\u015fm\u0131\u015f ve W\u0130ndows i\u015fletim sistemini hedefleyen bir fidye yaz\u0131l\u0131m\u0131d\u0131r. Kendisi 28 farkl\u0131 dilde bir siber sald\u0131r\u0131n\u0131n ba\u015f kahraman\u0131d\u0131r.<\/p>\n<p>Ba\u015fta bilin\u00e7siz internet kullan\u0131c\u0131lar\u0131n\u0131 avlayan bu zararl\u0131 D\u00fcnya \u00e7a\u011f\u0131nda olduk\u00e7a ses getirmi\u015fti. G\u00fcn\u00fcm\u00fczde art\u0131k kendisi i\u00e7in t\u00fcm tedbirler al\u0131nm\u0131\u015f olsa da halen yay\u0131lma ihtimali mevcuttur. Bu yaz\u0131m\u0131z ile sizleri zararl\u0131 hakk\u0131nda bilgilendiriyoruz.<\/p>\n<figure id=\"attachment_1085\" aria-describedby=\"caption-attachment-1085\" style=\"width: 750px\" class=\"wp-caption alignnone\"><img decoding=\"async\" class=\"size-full wp-image-1085 lazyload\" data-src=\"https:\/\/www.hostixo.com\/blog\/wp-content\/uploads\/2020\/03\/Wannacry-Doublepulsar-Nedir.jpg\" alt=\"Wannacry Doublepulsar Nedir 1\" width=\"750\" height=\"422\" title=\"\" src=\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\" style=\"--smush-placeholder-width: 750px; --smush-placeholder-aspect-ratio: 750\/422;\"><noscript><img decoding=\"async\" class=\"size-full wp-image-1085\" src=\"https:\/\/www.hostixo.com\/blog\/wp-content\/uploads\/2020\/03\/Wannacry-Doublepulsar-Nedir.jpg\" alt=\"Wannacry Doublepulsar Nedir 1\" width=\"750\" height=\"422\" title=\"\"><\/noscript><figcaption id=\"caption-attachment-1085\" class=\"wp-caption-text\">Wannacry Doublepulsar Nedir 1<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Wannacry_Doublepulsar_Nedir\"><\/span>Wannacry Doublepulsar Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>TheShadowBrokers olarak an\u0131lan hacker grubu, Nisan ay\u0131nda National Security Agency\u2019in\u00a0 FUZZBUNCH isimli zaafiyet tak\u0131m\u0131n\u0131 s\u0131zd\u0131rarak yay\u0131nlad\u0131. S\u0131z\u0131d\u0131r\u0131lm\u0131\u015f bu kitin i\u00e7erisinde pek \u00e7ok zaafiyet mevcuttu. Bahsi ge\u00e7en zaafiyetler (Exploitler) i\u00e7inde bulunan EternalBlue a\u00e7\u0131\u011f\u0131n\u0131n i\u00e7inde yer alan DOUBLEPULSAR a\u00e7\u0131\u011f\u0131 sayesinde Windows i\u015fletim sisteminde SMB servislerinin zaafiyetinden faydalan\u0131larak y\u00f6netici hakl\u0131 komutlar \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131 sa\u011flan\u0131yordu.<\/p>\n<p>MS17-010 (CVE-\u200e2017-0144) kodlu a\u00e7\u0131k Wannacry Doublepulsar adl\u0131 bir zararl\u0131 yaz\u0131l\u0131m\u0131n kullan\u0131m\u0131na a\u00e7\u0131k hale geldi. Ayn\u0131 zamanda, bu zararl\u0131 herhangi bir kullan\u0131c\u0131 komutuna ba\u011fl\u0131 olmaks\u0131z\u0131n bilgisayar\u0131n bulundu\u011fu a\u011f \u00fczerindeki t\u00fcm bilgisayarlar\u0131 tarayarak onlar\u0131 da etkileme eyilimindeydi.<\/p>\n<figure id=\"attachment_1086\" aria-describedby=\"caption-attachment-1086\" style=\"width: 840px\" class=\"wp-caption alignnone\"><img decoding=\"async\" class=\"size-full wp-image-1086 lazyload\" data-src=\"https:\/\/www.hostixo.com\/blog\/wp-content\/uploads\/2020\/03\/Wannacry-Doublepulsar-Nedir-2.jpg\" alt=\"Wannacry Doublepulsar Nedir 2\" width=\"840\" height=\"471\" title=\"\" src=\"data:image\/gif;base64,R0lGODlhAQABAAAAACH5BAEKAAEALAAAAAABAAEAAAICTAEAOw==\" style=\"--smush-placeholder-width: 840px; --smush-placeholder-aspect-ratio: 840\/471;\"><noscript><img decoding=\"async\" class=\"size-full wp-image-1086\" src=\"https:\/\/www.hostixo.com\/blog\/wp-content\/uploads\/2020\/03\/Wannacry-Doublepulsar-Nedir-2.jpg\" alt=\"Wannacry Doublepulsar Nedir 2\" width=\"840\" height=\"471\" title=\"\"><\/noscript><figcaption id=\"caption-attachment-1086\" class=\"wp-caption-text\">Wannacry Doublepulsar Nedir 2<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Wannacry_Doublepulsar_Nasil_Bulasiyor\"><\/span>Wannacry Doublepulsar Nas\u0131l Bula\u015f\u0131yor?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Windows i\u015fletim sisteminde yer alan SMB protokol\u00fcn\u00fc kullanarak sistem i\u00e7inde yay\u0131l\u0131yor. NSA&#8217;n\u0131n bu a\u00e7\u0131\u011f\u0131 olan sistemlere eri\u015fmek i\u00e7in kulland\u0131\u011f\u0131 bir sistem zaafiyetidir asl\u0131nda. NSA\u2019den gelen bilgiler \u0131\u015f\u0131\u011f\u0131nda biri yada birileri bu fidye yaz\u0131l\u0131m\u0131n\u0131 tasarlayarak internete sundu.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Exploit_Nedir\"><\/span>Exploit Nedir?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Mevcut bir sistemin zay\u0131fl\u0131klar\u0131n\u0131 kullan\u0131p sistemi t\u00fcketmek, elde etmek veya sistem i\u00e7indeki bilgileri elde etmek amac\u0131yla kullan\u0131lan yaz\u0131l\u0131m yada ara\u00e7lar b\u00fct\u00fcn\u00fcd\u00fcr. Exploit yaz\u0131l\u0131mlar s\u0131kl\u0131kla C, Perl, Python, Ruby dilleri kullan\u0131larak yaz\u0131lmaktad\u0131r.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Wannacry_Doublepulsar_Virusu_Nasil_Anlasilir\"><\/span>Wannacry Doublepulsar Vir\u00fcs\u00fc Nas\u0131l Anla\u015f\u0131l\u0131r?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>E\u011fer internet ortam\u0131nda dola\u015f\u0131rken bilgisayar\u0131n\u0131z\u0131n g\u00fcvenlik duvar\u0131 a\u00e7\u0131k de\u011fil ise ve bu zaman diliminden sonra bilgisayar\u0131n\u0131zda kendili\u011finden arka planda ger\u00e7ekle\u015fen baz\u0131 i\u015flemleri fark ettiyseniz ya da ara s\u0131ra farkl\u0131 penceler anl\u0131k olarak a\u00e7\u0131l\u0131yor ise bilgisayar\u0131n\u0131z sorun ile ba\u015f ba\u015fa olabilir.<\/p>\n<p>Sunucular\u0131n\u0131zda ise size ba\u011fl\u0131k domainlere eri\u015fim sa\u011flayan ip adreslerinde bir anormalite var m\u0131 yok mu kontrol etmeniz gerekmektedir. E\u011fer eri\u015fim denemeleri mevcut ise <em>Wannacry Doublepulsar vir\u00fcs\u00fc<\/em> kontrol\u00fc i\u00e7in ip adresinizi taratarak a\u00e7\u0131kl\u0131k olup olmad\u0131\u011f\u0131n\u0131 kontrol edebilirsiniz.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Wannacry_Doublepulsar_Nasil_Korunulur\"><\/span>Wannacry Doublepulsar Nas\u0131l Korunulur<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u00d6ncelikle e\u011fer a\u011f yap\u0131n\u0131z Wannacry Doublepulsar vir\u00fcs\u00fc ile kar\u015f\u0131 kar\u015f\u0131ya ise sisteminiz a\u011f ba\u011flant\u0131s\u0131ndan \u00e7\u0131kart\u0131lmal\u0131 ve temizlenmesi i\u00e7in sistem izole edilmelidir. Buradaki ama\u00e7 di\u011fer sistemlere yay\u0131lmas\u0131n\u0131 \u00f6nlemektir. Bu durumda bukla\u015fma \u015fekline g\u00f6re tersine m\u00fchendislik y\u00f6ntemini izleyerek sorunun yad aa\u00e7\u0131\u011f\u0131n \u00e7\u00f6z\u00fcm\u00fcne ula\u015f\u0131labilir.<\/p>\n<p>Bilgisayarlar\u0131n\u0131z\u0131 bu zararl\u0131dan korumak ad\u0131na ise, m\u00fcmk\u00fcn mertebe bilmedi\u011finiz g\u00fcvenmedi\u011finiz USB s\u00fcr\u00fcc\u00fclerden sisteminizi uzak tutun, e\u011fer bilin\u00e7li bir internet kullan\u0131c\u0131s\u0131 oldu\u011funuzu d\u00fc\u015f\u00fcnm\u00fcyorsan\u0131z girdi\u011finiz <a href=\"https:\/\/www.hostixo.com\/hosting\/hazir-site\/\" data-internallinksmanager029f6b8e52c=\"11\" title=\"haz\u0131r site\">site<\/a>lere ve t\u0131klad\u0131\u011f\u0131n\u0131z linklere \u00e7ok dikkat edin. Ayr\u0131ca mevcut vir\u00fcs koruma yaz\u0131l\u0131m\u0131n\u0131z\u0131 s\u00fcrekli g\u00fcncel tutman\u0131z da korunman\u0131z a\u00e7\u0131s\u0131ndan olduk\u00e7a \u00f6nemlidir.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Wannacry_Doublepulsar_Hangi_Sistemleri_Etkiliyor\"><\/span>Wannacry Doublepulsar Hangi Sistemleri Etkiliyor?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<ul>\n<li>Windows <a href=\"https:\/\/www.hostixo.com\/sunucu\/sanal-sunucu\/\" data-internallinksmanager029f6b8e52c=\"3\" title=\"vps sat\u0131n al\">Server<\/a> 2008 SP2 and R2 SP1<\/li>\n<li>Windows 7<\/li>\n<li>Windows Vista SP2<\/li>\n<li>Windows XP<\/li>\n<li>Windows 8.1<\/li>\n<li>Windows RT 8.1<\/li>\n<li>Windows Server 2016<\/li>\n<li>Windows 10<\/li>\n<li>Windows Server 2012 and R2<\/li>\n<\/ul>\n<p>Kurumsal Bir Sistem Uzman\u0131 Wannacry Doublepulsar Vir\u00fcs\u00fcne Kar\u015f\u0131 Ne Yapmal\u0131d\u0131r?<\/p>\n<p>\u00d6ncelikle kurumsal sunucu yap\u0131lar\u0131nda sistem uzmanlar\u0131n\u0131n t\u00fcm vir\u00fcs t\u00fcrlerine kar\u015f\u0131 \u00fcst d\u00fczeyde hassasiyet g\u00f6stermesi gerekmektedir. Depolad\u0131\u011f\u0131n\u0131z firma bilgileri ve finansal bilgilerin g\u00fcvenli\u011fi a\u00e7\u0131s\u0131ndan\u00a0 her daim sistemi koruma alt\u0131nda tutmal\u0131 ve sistemi g\u00fcncellemelidir. \u0130\u015fletim sistemini ve yaz\u0131l\u0131mlar\u0131 g\u00fcncellememek, sald\u0131r\u0131lara a\u00e7\u0131k hale gelmek demektir.<\/p>\n<ul>\n<li>445\/TCP portu internet hizmeti veren yerlerde kapat\u0131labilir.<\/li>\n<li>Vir\u00fcs koruma sisteminizin SPF, DMARC,DKIM kontrollerini yapabilirsiniz<\/li>\n<li>Sisteme ba\u011fl\u0131 kullan\u0131c\u0131lar\u0131n yetki d\u00fczeyini en d\u00fc\u015f\u00fck seviyede tutup, \u015firket i\u00e7inde ortak hesap yada etki alan\u0131 kullan\u0131m\u0131n\u0131 engellemelisiniz.<\/li>\n<li>A\u011f yap\u0131s\u0131 i\u00e7inde yer alan kullan\u0131c\u0131lara payla\u015ft\u0131rd\u0131\u011f\u0131n\u0131z dosyalar i\u00e7in m\u00fcmk\u00fcn olduk\u00e7a gereksiz kimseye yazma yetkisi vermeyin. Okuma yetkisi yeterli olacakt\u0131r.<\/li>\n<li>A\u011f\u0131n\u0131z\u0131n g\u00fcvenlik a\u00e7\u0131klar\u0131n\u0131 varsa tespit etmeli ve gidermelisiniz<\/li>\n<li>D\u00fczenli sistem ve dosya yede\u011fi almal\u0131s\u0131n\u0131z<\/li>\n<li>Kurum i\u00e7i e\u011fitimler ile \u00e7al\u0131\u015fanlar\u0131 bilin\u00e7li bilgisayar kullan\u0131m\u0131 ve siber sald\u0131r\u0131lara kar\u015f\u0131 bilgilendirebilirsiniz.<\/li>\n<\/ul>\n<p>T\u00fcm vir\u00fcslere kar\u015f\u0131 hepimiz bilin\u00e7li olmal\u0131y\u0131z. Bu sebepten \u00f6t\u00fcr\u00fc mutlaka bilgisayar ve internet kullan\u0131m\u0131 bilgimizi \u00fcst seviyelere \u00e7ekecek \u015fekilde bilin\u00e7lenmeli, \u00f6\u011frenmeliyiz. G\u00fcn\u00fcm\u00fczde bilgisayarlar ve sistemlerin yan\u0131 s\u0131ra vir\u00fcs ve zararl\u0131larda kendilerini geli\u015ftirmekte ve zaman\u0131 yakalamaktad\u0131rlar.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Wannacry Doublepulsar Nedir sorusu vir\u00fcs\u00fcn t\u00fcm d\u00fcnyay\u0131 etkilemesi ile g\u00fcndem oldu. Peki Wannacry Doublepulsar Nedir ve nas\u0131l korunulur? Wannacry Doublepulsar vir\u00fcs\u00fc 2017 y\u0131l\u0131nda yakla\u015f\u0131k 99 \u00fclkede yer alan yakla\u015f\u0131k 280.000 bilgisayara bula\u015fm\u0131\u015f ve W\u0130ndows i\u015fletim sistemini hedefleyen bir fidye yaz\u0131l\u0131m\u0131d\u0131r. Kendisi 28 farkl\u0131 dilde bir siber sald\u0131r\u0131n\u0131n ba\u015f kahraman\u0131d\u0131r. Ba\u015fta bilin\u00e7siz internet kullan\u0131c\u0131lar\u0131n\u0131 avlayan bu &hellip;<\/p>\n","protected":false},"author":1,"featured_media":1087,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mbp_gutenberg_autopost":false,"footnotes":""},"categories":[28],"tags":[187,185,186],"class_list":["post-1083","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-guvenlik","tag-wannacry-doublepulsar-nasil-korunulur","tag-wannacry-doublepulsar-nedir","tag-wannacry-doublepulsar-virusu"],"_links":{"self":[{"href":"https:\/\/www.hostixo.com\/blog\/wp-json\/wp\/v2\/posts\/1083","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostixo.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostixo.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostixo.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostixo.com\/blog\/wp-json\/wp\/v2\/comments?post=1083"}],"version-history":[{"count":0,"href":"https:\/\/www.hostixo.com\/blog\/wp-json\/wp\/v2\/posts\/1083\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.hostixo.com\/blog\/wp-json\/wp\/v2\/media\/1087"}],"wp:attachment":[{"href":"https:\/\/www.hostixo.com\/blog\/wp-json\/wp\/v2\/media?parent=1083"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostixo.com\/blog\/wp-json\/wp\/v2\/categories?post=1083"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostixo.com\/blog\/wp-json\/wp\/v2\/tags?post=1083"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}