木马病毒防治技术研究及系统实现
|
摘要
目前计算机病毒可以渗透到信息社会的各个领域,给计算机系统带来了巨大的破坏和潜在的威胁。为了确保信息的安全与畅通,提高计算机用户的木马病毒防范意识,因此,研究计算机病毒,尤其是木马病毒的防范措施已迫在眉睫。
本文从计算机病毒及木马的起源及现状的分析开始着手,对上百种流行木马的常见攻击手段进行追踪分析,从中寻求其相似性。经过不断地实验和分析,总结并提炼出了木马病毒的攻击类型:修改系统注册表、修改文件打开关联、远程屏幕抓取、远程关机和重新启动、键盘与鼠标的控制、远程文件管理等。为了进一步揭示这些常用攻击类型的原理和危害性,本文利用Windows API函数和MFC开发语言等工具实现了对这些手段的过程模拟,并在此基础上,完成了基于进程的木马查杀模块的开发实现。本文在木马误杀问题及常见的木马类病毒的通用防治方法等方面也进行了一些原理和技术上的分析和探讨。本文给出的查杀模块的木马病毒专杀工具,经过数家单位实践检验,取得了良好的效果,在遇到新的木马病毒时,可以在很多杀毒软件生产商病毒库升级以前,通过该工具进行有效的查杀,已经为相关单位节省了数万元的投入,取得了良好的经济效益和社会效益。
本文提出的木马查杀设计思想在该领域是具有一定的指导意义,为计算机网络安全提供了一种全新的探索方法。
Presently, computer viruses are penetrating every area of information communities and have imposed substantial threats and risks on the computer system. To ensure the availability and security of the information and raise the computer users’awareness of Trojan virus prevention, intensive research on preventing the computer viruses, especially Trojan viruses, is imminent.
This paper begins with the analysis of the origin and status of the Trojan viruses, then tracks and analyzes hundreds of popular Trojan common attack means to seek their similarity. After constantly experiments and analysis, the author has finally summarized up some of the most common attack means: revised system registry, modify documents open association, remote screen capture, remote shutdown and restart, keyboard and mouse control, the remote file management. In order to further reveal the principle and danger of these commonly used attack means, the author makes use of Windows API function and MFC language development to achieve the simulation of attack process. On basis of this, the author has finished developing Trojan detected modules which is working in process.
This paper has also discussed the problem of Trojan wrongly detected and common prevention methods for the Trojan-like virus in the view of some principles and technical analysis. The author’s Trojan killing tool for Trojan virus module has already applied in several institutions, with good results. Facing of the new Trojan viruses, the Trojan killing tool is able to work effectively before many antivirus software maker improves his product. This has saved a few million dollars, and has brought good economic and social benefits.
The design idea of detecting Trojan which presents in this paper has a guiding significance in the concerned field. This paper introduces a new exploration method for the computer network's security.
本文从计算机病毒及木马的起源及现状的分析开始着手,对上百种流行木马的常见攻击手段进行追踪分析,从中寻求其相似性。经过不断地实验和分析,总结并提炼出了木马病毒的攻击类型:修改系统注册表、修改文件打开关联、远程屏幕抓取、远程关机和重新启动、键盘与鼠标的控制、远程文件管理等。为了进一步揭示这些常用攻击类型的原理和危害性,本文利用Windows API函数和MFC开发语言等工具实现了对这些手段的过程模拟,并在此基础上,完成了基于进程的木马查杀模块的开发实现。本文在木马误杀问题及常见的木马类病毒的通用防治方法等方面也进行了一些原理和技术上的分析和探讨。本文给出的查杀模块的木马病毒专杀工具,经过数家单位实践检验,取得了良好的效果,在遇到新的木马病毒时,可以在很多杀毒软件生产商病毒库升级以前,通过该工具进行有效的查杀,已经为相关单位节省了数万元的投入,取得了良好的经济效益和社会效益。
本文提出的木马查杀设计思想在该领域是具有一定的指导意义,为计算机网络安全提供了一种全新的探索方法。
Presently, computer viruses are penetrating every area of information communities and have imposed substantial threats and risks on the computer system. To ensure the availability and security of the information and raise the computer users’awareness of Trojan virus prevention, intensive research on preventing the computer viruses, especially Trojan viruses, is imminent.
This paper begins with the analysis of the origin and status of the Trojan viruses, then tracks and analyzes hundreds of popular Trojan common attack means to seek their similarity. After constantly experiments and analysis, the author has finally summarized up some of the most common attack means: revised system registry, modify documents open association, remote screen capture, remote shutdown and restart, keyboard and mouse control, the remote file management. In order to further reveal the principle and danger of these commonly used attack means, the author makes use of Windows API function and MFC language development to achieve the simulation of attack process. On basis of this, the author has finished developing Trojan detected modules which is working in process.
This paper has also discussed the problem of Trojan wrongly detected and common prevention methods for the Trojan-like virus in the view of some principles and technical analysis. The author’s Trojan killing tool for Trojan virus module has already applied in several institutions, with good results. Facing of the new Trojan viruses, the Trojan killing tool is able to work effectively before many antivirus software maker improves his product. This has saved a few million dollars, and has brought good economic and social benefits.
The design idea of detecting Trojan which presents in this paper has a guiding significance in the concerned field. This paper introduces a new exploration method for the computer network's security.
引文
[1] 林俊杰.新一代 Visual C++ 2005 程序设计[M].北京:清华大学出版社,2006,P10
[2] 胡哲源.掌握 Visual C++-MFC 程序设计与剖析[M].北京:清华大学出版社,2001,P195-262
[3] George Shepherd,Scot Wingo.MFC Internals: Inside the Microsoft Foundation Class Architecture[M].北京:中国电力出版社,2003
[4] 侯捷.深入浅出 MFC(第二版)[M].武汉:华中科技大学出版社,2001
[5] 姚领田.精通 MFC 程序设计[M].北京:人民邮电出版社,2006
[6] Jeff Prosise.MFC Windows 程序设计(第 2 版)[M].北京:清华大学出版社,2001
[7] 程胜利等.计算机病毒及其防治技术[M].北京:清华大学出版社,2004
[8] 曹国钧.计算机病毒防治、检测与清除[M].成都:电子科技大学出版社,1997, P107-109
[9] 袁忠良.计算机病毒防治实用技术[M].北京:清华大学出版社,1998,P130-140
[10] 左志刚.跟我学网络病毒防治[M].北京:机械工业出版社,2002
[11] 张友生、米安然.计算机病毒与木马程序设计剖析[M].北京:电子工业出版社,2003
[12] 五月.木马病毒清除的通用解法[EB/OL].http://soft.yesky.com/security/128/2552628.shtml#pls,2006-8-31
[13] 无名.病毒木马入侵招数大曝光[EB/OL]. http://db.kingsoft.com/special/le-akspecial/virus-tricks/index.shtml,2003-7-12
[14] 天马.浅析计算机病毒及防范的措施[EB/OL]. http://hi.baidu.com/dallar001/blog/item/5bb399029929500e4bfb51af.html,2007-6-12
[15] Josef Pieprzyk, Thomas Hardjono, Jennifer Seberry.Fundamentals of Com-puter Security[M].北京:中国水利水电出版社,2006,P173-175
[16] Mark Allen Weiss.Data Structures and Algorithm Analysis in C++(Third Edition)[M].北京:人民邮电出版社,2007,P333-359
[17] Josef Pieprzyk, Thomas Hardjono, Jennifer Seberry.Fundamentals of Com-puter Security[M].北京:中国水利水电出版社,2006,P214-216
[18] 胡哲源.掌握 Visual C++-MFC 程序设计与剖析[M].北京:清华大学出版社,2001,P307-324
[19] 林俊杰.新一代 Visual C++ 2005 程序设计[M].北京:清华大学出版社,2006,P337-357
[20] 网冠科技.Visual C++ 6.0 MFC 时尚编程百例[M].北京:机械工业出版社,2004
[21] 本书编写组.Visual C++ 6.0 MFC 类库参考手册[M].北京:人民邮电出版社,2002
[22] Mitnick K.D Simon W.L.The Art Of Intrusion[M].北京:清华大学出版社,2007
[23] 邓吉.黑客攻防实战入门(第 2 版)[M].北京:电子工业出版社,2007,P175-191
[24] Peter Szor.The Art of Computer Virus Research and Defense[M].北京:机械工业出版社,2007
[25] 傅建明 彭国军等.计算机病毒分析与对抗[M].武汉:武汉大学出版社,2004,P222-241
[26] 程秉辉 霍克(Hawke.J).木马防护全攻略[M].北京:科学技术出版社,2005
[27] 林东和.防范木马入侵不求人[M].北京:人民邮电出版社,2002,P277-297
[28] 小陆.怎样测试代码中难测试的部分[EB/OL].http://dev.csdn.net/author/lan-e_cn/a2e22d929ec440f7a5443a37e3bf94de.html,2006-5-18
[29] wangchinaking.VC中实现程序在启动时隐藏[EB/OL].http://dev.csdn.net/dev-elop/article/84/84754.shtm
[30] jm.一个简单的 windows 位图文件类的实现[EB/OL].http://dev.csdn.net/auth-or/hitjinming/5b39c759eff246af923b78d38420ebb9.html,2006-4-20
[31] jm.一个简单的使用 wininet 的 http/ftp 文件下载程序[EB/OL].http://dev.cs-dn.net/author/hitjinming/56766bc47e3e445da0f268f6c41d5e48.html,2006-4-20
[32] 宋宝华. 深入浅出 Win32 多线程程序设计[EB/OL].http://dev.csdn.net/devel-op/article/83/83443.shtm,2005-12-14
[33] 注册表_百度百科[DB/OL]. http://baike.baidu.com/view/979.htm
[2] 胡哲源.掌握 Visual C++-MFC 程序设计与剖析[M].北京:清华大学出版社,2001,P195-262
[3] George Shepherd,Scot Wingo.MFC Internals: Inside the Microsoft Foundation Class Architecture[M].北京:中国电力出版社,2003
[4] 侯捷.深入浅出 MFC(第二版)[M].武汉:华中科技大学出版社,2001
[5] 姚领田.精通 MFC 程序设计[M].北京:人民邮电出版社,2006
[6] Jeff Prosise.MFC Windows 程序设计(第 2 版)[M].北京:清华大学出版社,2001
[7] 程胜利等.计算机病毒及其防治技术[M].北京:清华大学出版社,2004
[8] 曹国钧.计算机病毒防治、检测与清除[M].成都:电子科技大学出版社,1997, P107-109
[9] 袁忠良.计算机病毒防治实用技术[M].北京:清华大学出版社,1998,P130-140
[10] 左志刚.跟我学网络病毒防治[M].北京:机械工业出版社,2002
[11] 张友生、米安然.计算机病毒与木马程序设计剖析[M].北京:电子工业出版社,2003
[12] 五月.木马病毒清除的通用解法[EB/OL].http://soft.yesky.com/security/128/2552628.shtml#pls,2006-8-31
[13] 无名.病毒木马入侵招数大曝光[EB/OL]. http://db.kingsoft.com/special/le-akspecial/virus-tricks/index.shtml,2003-7-12
[14] 天马.浅析计算机病毒及防范的措施[EB/OL]. http://hi.baidu.com/dallar001/blog/item/5bb399029929500e4bfb51af.html,2007-6-12
[15] Josef Pieprzyk, Thomas Hardjono, Jennifer Seberry.Fundamentals of Com-puter Security[M].北京:中国水利水电出版社,2006,P173-175
[16] Mark Allen Weiss.Data Structures and Algorithm Analysis in C++(Third Edition)[M].北京:人民邮电出版社,2007,P333-359
[17] Josef Pieprzyk, Thomas Hardjono, Jennifer Seberry.Fundamentals of Com-puter Security[M].北京:中国水利水电出版社,2006,P214-216
[18] 胡哲源.掌握 Visual C++-MFC 程序设计与剖析[M].北京:清华大学出版社,2001,P307-324
[19] 林俊杰.新一代 Visual C++ 2005 程序设计[M].北京:清华大学出版社,2006,P337-357
[20] 网冠科技.Visual C++ 6.0 MFC 时尚编程百例[M].北京:机械工业出版社,2004
[21] 本书编写组.Visual C++ 6.0 MFC 类库参考手册[M].北京:人民邮电出版社,2002
[22] Mitnick K.D Simon W.L.The Art Of Intrusion[M].北京:清华大学出版社,2007
[23] 邓吉.黑客攻防实战入门(第 2 版)[M].北京:电子工业出版社,2007,P175-191
[24] Peter Szor.The Art of Computer Virus Research and Defense[M].北京:机械工业出版社,2007
[25] 傅建明 彭国军等.计算机病毒分析与对抗[M].武汉:武汉大学出版社,2004,P222-241
[26] 程秉辉 霍克(Hawke.J).木马防护全攻略[M].北京:科学技术出版社,2005
[27] 林东和.防范木马入侵不求人[M].北京:人民邮电出版社,2002,P277-297
[28] 小陆.怎样测试代码中难测试的部分[EB/OL].http://dev.csdn.net/author/lan-e_cn/a2e22d929ec440f7a5443a37e3bf94de.html,2006-5-18
[29] wangchinaking.VC中实现程序在启动时隐藏[EB/OL].http://dev.csdn.net/dev-elop/article/84/84754.shtm
[30] jm.一个简单的 windows 位图文件类的实现[EB/OL].http://dev.csdn.net/auth-or/hitjinming/5b39c759eff246af923b78d38420ebb9.html,2006-4-20
[31] jm.一个简单的使用 wininet 的 http/ftp 文件下载程序[EB/OL].http://dev.cs-dn.net/author/hitjinming/56766bc47e3e445da0f268f6c41d5e48.html,2006-4-20
[32] 宋宝华. 深入浅出 Win32 多线程程序设计[EB/OL].http://dev.csdn.net/devel-op/article/83/83443.shtm,2005-12-14
[33] 注册表_百度百科[DB/OL]. http://baike.baidu.com/view/979.htm