当前位置:网站首页>[principle and technology of network attack and Defense] Chapter 6: Trojan horse
[principle and technology of network attack and Defense] Chapter 6: Trojan horse
2022-07-07 18:02:00 【Godams】
6.1 Malicious code
Malicious code refers to the intrusion into the user's computer system without being known , Damage system 、 The Internet 、 Confidentiality of information 、 Integrity and availability of program or code . Compared with normal code , Unauthorized 、 Destructive and other characteristics .
6.1.1 Computer virus
Insert ⼊ It destroys computer functions and can ⾃ I copied ⼀ Group program code . In accordance with the
Attached to normal software or ⽂ In the piece . Not alone ⽴ shipment ⾏.
Main performance ( characteristic ): Infectious 、 Latency 、 Trigger ability 、 Parasitism 、 Unauthorized 、 Destructive
The structure of computer virus :
- Boot module ( Basic modules ): Responsible for completing the requested memory required for the normal operation of the virus 、 Modify system interruption and other work .
- Search module : Find or locate the infected object of the virus
- Infection module ( Core module ): Self reproduction through infection module
- Presentation module : Different characteristics of different viruses
- Identification module ( Auxiliary modules ): Not all viruses contain , It can identify that the system has been infected with viruses
6.1.2 Computer worms
By computer ⽹ Collateral ⾃ I copy , Consume system resources and ⽹ Network resource program
There are the following modules :
- Search module
- Attack module : Automatic attack through vulnerability , Access permissions
- Transmission module : Responsible for worm program replication between computers
- Load module : After entering the infected system , Implement information collection 、 Site cleaning, attack and destruction
- Control module : Adjust worm behavior , Control the infected host
6.1.3 Trojan horse
finger ⼀ Species and remote computer construction ⽴ Connect , Enable the remote computer to pass ⽹ Network control local calculation
Machine program .
It falls into the following categories :
- Password stealing Trojan horse
- Launcher type Trojan horse : Install malicious programs in the infected system
- Download type Trojan horse : ditto
- Surveillance Trojan horse
- Proxy Trojan horse
- Click type Trojan horse : Guide users to click on features Web Website, etc
- Remote control Trojan horse
6.2 Working principle of Trojan horse
⽊⻢ Architecture :C/S framework ,⽊⻢ Program + Control end program
⽊⻢ The program is the server-side program , The control end program acts as the client ,⽤ It is planted to the attacker's remote control ⼊⽊⻢ My machine
device .
Difference from remote control program : Concealment ;⾮ Empowerment .
Hackers use Trojans to invade including 6 A step : Configure Trojan horse 、 Spread Trojan 、 Running a Trojan horse 、 Information feedback 、 Establishing a connection 、 Remote control .
- To configure ⽊⻢: Configure the listener ⼝、DNS、IP etc. ; Configuration functions ; Configure the installation path 、⽂ Piece name, etc
- spread ⽊⻢: Through software download 、 Email attachment 、 Communication software, etc .⼜ Subdivide into active planting ⼊ And passive planting
⼊. - start-up ⽊⻢:⾃ Dynamic loading 、 Latent standby . You can modify the registry group policy 、 Add system services 、 Replacement system DLL Such as implementation
- Information feedback :⽊⻢ shipment ⾏ in the future , The infected host ⼀ Give some information back to ⿊ customer . bring ⿊ Customers can connect to the victim host or feedback ⿊ Information of interest to customers .⽐ Such as account password, etc .
- build ⽴ Connect : Forward connection or reverse connection . because IP Address scarcity , Many operators adopt ⽤DHCP Agreement for ⽤ Household distribution IP Address . And because NAT technology , Inside ⽹ Address ⽆ Outside the law ⽹ Visited . The attacker ⽆ The law is based on IP Address find the infected host , Reverse connection technology should be used ⽽⽣. The technology can also easily pass through the victim defense ⽕ wall .
- Remote control :⿊ Customers can use the client side ⼝ And server side ⼝ Between the channel and ⽊⻢ Get in touch with the program , Go in parallel ⾏ Remote control . Including access to ⽬ Mark machine information ; Record ⽤ Household events ; Remote operation .
6.3 Trojan horse hiding technology
- Hide when loading :
- Hiding during storage :⽊⻢⽂ Pieces of /⽬ Record hidden : By some means ⼿ Paragraph makes ⽤ Household ⽆ I can't find ⽊⻢⽂ Pieces and ⽬ record . For example, make ⽤ hide , There are also replacement icons
- Runtime hiding
- Start hiding : bring ⽬ The standard host is in operation ⾏⽊⻢ The program is not found .
- Process hiding : hide ⽊⻢ process , Make it impossible in the task manager ⻅.
- False concealment : Refers to the process of the program still exists , Just let him disappear in the process list .
Set window ⼝ must not ⻅
hold ⽊⻢ Register as a service
Cheat the function of viewing the process
send ⽤ Variable ⾼ End ⼝
send ⽤ System server ⼝ - It's really hidden : Let the program disappear completely , Don't to ⼀ A process or service ⽅ type ⼯ do .
- Replace the system driver or DLL
- Dynamic embedding ⼊, send ⽤ window ⼝hook、 Hook up API、 Remote ready-made, etc ⽅ Equation will ⽊⻢ Program inlay ⼊ To be transported ⾏ In the process of
- Communication hidden : Do not enter directly with the controller ⾏ signal communication , Through special ICMP message 、 Port multiplexing technology or through the middle ⽅ Exchange information .⽐ Such as ⽹ disc 、⽹⻚、 electric ⼦ Mail, etc. .
- False concealment : Refers to the process of the program still exists , Just let him disappear in the process list .
6.4 The most basic way to find that the host is infected with Trojans
- Pay attention to the listening port
- Pay attention to the network connection established by this machine
6.5 Prevention technology for Trojans
Do not cling to ⾏ Any software of unknown origin . Because the software may have been ⿊ Guest tamper .
Don't trust him ⼈. Because he ⼈ May be ⿊ Guest disguised , No ⾃⼰ Friends of .
Put... Into the system ⾏ Reasonable and safe configuration .⽐ Such as display and hide ⽂ Pieces of 、 Extensions, etc .
Install software and system patches in time .
anti-virus software .
边栏推荐
- 手机版像素小鸟游js戏代码
- 【OKR目标管理】案例分析
- 数字化转型的主要工作
- Vscode three configuration files about C language
- Functions and usage of serachview
- Chapter 3 business function development (to remember account and password)
- [distributed theory] (II) distributed storage
- 利用七种方法对一个文件夹里面的所有图像进行图像增强实战
- <代码随想录二刷>链表
- Mrs offline data analysis: process OBS data through Flink job
猜你喜欢
基于百度飞浆平台(EasyDL)设计的人脸识别考勤系统
Pytorch中自制数据集进行Dataset重写
2021年全国平均工资出炉,你达标了吗?
In depth understanding of USB communication protocol
DatePickerDialog and trimepickerdialog
[trusted computing] Lesson 13: TPM extended authorization and key management
面试官:页面很卡的原因分析及解决方案?【测试面试题分享】
数学分析_笔记_第11章:Fourier级数
Create dialog style windows with popupwindow
YARN Capacity Scheduler容量调度器(超详细解读)
随机推荐
Chapter 3 business function development (to remember account and password)
AI 击败了人类,设计了更好的经济机制
青年时代历练和职业发展
Toast will display a simple prompt message on the program interface
性能测试过程和计划
Chapter 3 business function development (safe exit)
SD_DATA_RECEIVE_SHIFT_REGISTER
Cf:c. factors and powers of two [DP + sort + Select Board + select several numbers equal to the minimum number of known sums]
Taffydb open source JS database
[trusted computing] Lesson 13: TPM extended authorization and key management
Machine vision (1) - Overview
Cartoon | who is the first ide in the universe?
Mui side navigation anchor positioning JS special effect
Chapter 2 building CRM project development environment (building development environment)
Chapter 3 business function development (user login)
Tips of the week 136: unordered containers
Test for 3 months, successful entry "byte", my interview experience summary
Tips for this week 140: constants: safety idioms
手机版像素小鸟游js戏代码
Notification is the notification displayed in the status bar of the phone