{"id":100470,"date":"2025-05-29T23:48:12","date_gmt":"2025-05-29T23:48:12","guid":{"rendered":"https:\/\/ekamu.net\/?p=100470"},"modified":"2025-05-29T23:48:12","modified_gmt":"2025-05-29T23:48:12","slug":"linux-icin-dunyanin-ilk-uefi-bootkiti-bootkitty","status":"publish","type":"post","link":"https:\/\/ekamu.net\/index.php\/2025\/05\/29\/linux-icin-dunyanin-ilk-uefi-bootkiti-bootkitty\/","title":{"rendered":"Linux i\u00e7in d\u00fcnyan\u0131n ilk UEFI bootkit\u2019i: Bootkitty"},"content":{"rendered":"<p><figure> <span> <img decoding=\"async\" src=\"https:\/\/ekamu.net\/wp-content\/uploads\/2025\/05\/linux-icin-dunyanin-ilk-uefi-bootkiti-bootkitty-0-9iNSVS8H.jpg\"\/> <\/span> ESET\u2019in siber g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131, <strong>Linux <\/strong>i\u015fletim sistemi i\u00e7in geli\u015ftirilen ilk <strong>UEFI bootkit <\/strong>olan <strong>Bootkitty<\/strong>&#8216;yi ke\u015ffetti. Bu geli\u015fme, a\u00e7\u0131k kaynakl\u0131 Linux platformunun da art\u0131k siber su\u00e7lular\u0131n hedef tahtas\u0131nda oldu\u011funu ve art\u0131k Windows&#8217;ta oldu\u011fu gibi Linux \u00e7ekirde\u011finin en alt seviyelerine ula\u015fmaya \u00e7al\u0131\u015ft\u0131klar\u0131n\u0131 g\u00f6steriyor. <\/figure>\n<p><b>Linux i\u00e7in bootkit d\u00f6nemi ba\u015fl\u0131yor<\/b><\/p>\n<p>Bootkitty, i\u015fletim sisteminin ba\u015flang\u0131\u00e7 a\u015famas\u0131n\u0131 hedefleyen bir zararl\u0131 yaz\u0131l\u0131m t\u00fcr\u00fc olan UEFI bootkit olarak tan\u0131mlan\u0131yor. Bu t\u00fcr yaz\u0131l\u0131mlar, i\u015fletim sistemi ve kullan\u0131c\u0131 uygulamalar\u0131 \u00fczerinde tam kontrol elde edebilmek i\u00e7in ba\u015flang\u0131\u00e7 y\u00fckleyicisini de\u011fi\u015ftiriyor veya ele ge\u00e7iriyor. Daha \u00f6nce Windows sistemlerinde \u00f6rneklerini g\u00f6rd\u00fc\u011f\u00fcm\u00fcz BlackLotus gibi bootkitlerin Linux\u2019a ta\u015f\u0131nmas\u0131, siber g\u00fcvenlik d\u00fcnyas\u0131nda endi\u015fe yarat\u0131yor. Eset analistleri k\u0131sa bir s\u00fcre \u00f6nce bootkit&#8217;i daha \u00f6nce bilinmeyen bir UEFI uygulamas\u0131nda (bootkit.efi) ke\u015ffetti ve bu uygulama VirusTotal&#8217;a y\u00fcklenmi\u015f durumda.<\/p>\n<figure> <span> <img decoding=\"async\" src=\"https:\/\/ekamu.net\/wp-content\/uploads\/2025\/05\/linux-icin-dunyanin-ilk-uefi-bootkiti-bootkitty-1-4HkBhdvd.jpg\"\/> <\/span> \u00d6te yandan ara\u015ft\u0131rmac\u0131lar Bootkitty&#8217;nin Linux&#8217;u hedef ald\u0131\u011f\u0131n\u0131 ancak yaln\u0131zca <strong>belirli Ubuntu da\u011f\u0131t\u0131mlar\u0131na kar\u015f\u0131<\/strong> \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 do\u011frulad\u0131. Bootkitty, Linux kerneline ve GRUB \u00f6ny\u00fckleyiciye m\u00fcdahale etmek i\u00e7in \u00f6zel rutinler i\u00e7eriyor. Bu yaz\u0131l\u0131m, \u201c<strong>teorik<\/strong>\u201d olarak <strong>Secure Boot<\/strong> (G\u00fcvenli \u00d6ny\u00fckleme) <strong>etkinle\u015ftirilmi\u015f olsa bile<\/strong> Linux \u00e7ekirde\u011fini &#8220;sorunsuzca&#8221; ba\u015flatabiliyor ve ard\u0131ndan sistem a\u00e7\u0131l\u0131\u015f\u0131nda kendisini \u00e7al\u0131\u015ft\u0131rarak zararl\u0131 i\u015flemlerine ba\u015flayabiliyor. \u00a0Ancak dedi\u011fimiz gibi; teorik olarak. <strong>Pratikte<\/strong> ise Bootkitty, <strong>hen\u00fcz<\/strong> <strong>G\u00fcvenli \u00d6ny\u00fckleme\u2019yi ge\u00e7ersiz k\u0131lam\u0131yor<\/strong>. <\/figure>\n<p>Fakat yaz\u0131l\u0131m\u0131n bu a\u015famada hala tam anlam\u0131yla \u00e7al\u0131\u015fmad\u0131\u011f\u0131 ve kodunun <strong>geli\u015ftirilme s\u00fcrecinde <\/strong>oldu\u011fu ifade ediliyor. Bootkitty&#8217;deki bir\u00e7ok hata ve eksik \u00f6zellik, zararl\u0131 yaz\u0131l\u0131m\u0131n hen\u00fcz konsept a\u015famas\u0131nda oldu\u011funu g\u00f6steriyor. Ara\u015ft\u0131rmac\u0131lar ayr\u0131ca, bu bootkit ile ba\u011flant\u0131l\u0131 olabilecek BCDropper isimli bir \u00e7ekirdek mod\u00fcl\u00fcn\u00fc de tespit etti. Bu mod\u00fcl, Linux \u00e7ekirde\u011fi i\u00e7in zararl\u0131 programlar y\u00fcklemek amac\u0131yla tasarlanm\u0131\u015f durumda.<\/p>\n<p>Bootkitler, i\u015fletim sistemi d\u00fczeyinde derin bir kontrol sa\u011flayarak geleneksel g\u00fcvenlik \u00f6nlemlerini etkisiz hale getirebiliyor. Linux kullan\u0131c\u0131lar\u0131n\u0131n g\u00fcvenli\u011fi i\u00e7in \u015fimdiye kadar nispeten d\u00fc\u015f\u00fck bir tehdit seviyesi s\u00f6z konusu olsa da, bu durum h\u0131zla de\u011fi\u015fiyor. Bootkitler ve UEFI rootkitleri geleneksel olarak yaln\u0131zca Windows sistemlerini hedef alsa da Linux platformlar\u0131 da art\u0131k cazip bir hedef haline gelmeye ba\u015flam\u0131\u015f durumda.<\/p>\n\n<p><span style=\"display: block; width: 343.125px; color: rgb(55, 58, 60); font-size: 14px; background-color: rgb(255, 249, 236);\"><\/span><\/p>\n<p>Kaynak :\u00a0<span style=\"background-color: rgb(255, 249, 236); color: rgb(55, 58, 60); font-size: 14px;\">https:\/\/www.donanimhaber.com\/linux-icin-dunyanin-ilk-uefi-bootkit-i-bootkitty&#8211;184796<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>ESET\u2019in siber g\u00fcvenlik ara\u015ft\u0131rmac\u0131lar\u0131, Linux i\u015fletim sistemi i\u00e7in geli\u015ftirilen ilk UEFI bootkit olan Bootkitty&#8217;yi ke\u015ffetti. Bu geli\u015fme, a\u00e7\u0131k kaynakl\u0131 Linux platformunun da art\u0131k siber su\u00e7lular\u0131n hedef tahtas\u0131nda oldu\u011funu ve art\u0131k Windows&#8217;ta &#8230;<\/p>\n","protected":false},"author":1,"featured_media":100471,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[5967,2127,4243,641,888],"class_list":["post-100470","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji","tag-bootkit","tag-guvenli","tag-linux","tag-sistem","tag-yazilim"],"_links":{"self":[{"href":"https:\/\/ekamu.net\/index.php\/wp-json\/wp\/v2\/posts\/100470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ekamu.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ekamu.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ekamu.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ekamu.net\/index.php\/wp-json\/wp\/v2\/comments?post=100470"}],"version-history":[{"count":1,"href":"https:\/\/ekamu.net\/index.php\/wp-json\/wp\/v2\/posts\/100470\/revisions"}],"predecessor-version":[{"id":100474,"href":"https:\/\/ekamu.net\/index.php\/wp-json\/wp\/v2\/posts\/100470\/revisions\/100474"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ekamu.net\/index.php\/wp-json\/wp\/v2\/media\/100471"}],"wp:attachment":[{"href":"https:\/\/ekamu.net\/index.php\/wp-json\/wp\/v2\/media?parent=100470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ekamu.net\/index.php\/wp-json\/wp\/v2\/categories?post=100470"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ekamu.net\/index.php\/wp-json\/wp\/v2\/tags?post=100470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}