返回
黑客特技隐身技术与僵尸网络.pdf

黑客特技隐身技术与僵尸网络.pdf

ID:52934575

大小:1.63 MB

页数:23页

时间:2020-04-02

黑客特技隐身技术与僵尸网络.pdf_第1页
黑客特技隐身技术与僵尸网络.pdf_第2页
黑客特技隐身技术与僵尸网络.pdf_第3页
黑客特技隐身技术与僵尸网络.pdf_第4页
黑客特技隐身技术与僵尸网络.pdf_第5页
资源描述:

《黑客特技隐身技术与僵尸网络.pdf》由会员上传分享,免费在线阅读,更多相关内容在行业资料-天天文库

1、HONGKONG.November.2006WEFINDTHEMBEFORETHEYFINDYOU.黑客特技隱身技術與殭屍網絡LawrenceTsuiManager,ProfessionalServicesDatalinkBusinessSolutionsTheReality:TodayWhatisa“Rootkit”隱身技術?°OriginallyreferredtoasetofrecompiledUnixtool°“Arootkitisatoolthatisdesignedtohideitselfandotherprocesses,data,a

2、nd/oractivityonasystem.“–G.Hoglund(www.rootkit.com)°Atoolkitusedforpreservationofremoteaccessor“root”°“Atoolusedtoprotectbackdoorsandothertoolsfromdetectionbyadministrators”Natureof“Rootkit”°Rootkitisnot–Anexploitofanykind–Compromiseahostbyitself–Gainaccesstoasystem,buttoprese

3、rveexistingaccess–Avirusorworm°Rootkithideprocesses,ports,files,andotherresourcesfromtheOSandsecurityprogramsWhyShouldYouCare?°Rootkitsrepresentoneofthegreatestthreatstonetworksecurity,yetmostadminsareunawareoftheirpresence–OSindependent–Undetectable–Symptom-free–Nearimpossibl

4、etoremove–Dangerouspayloads•Keyloggers•PasswordSnatchers•RemoteConsoles•Andmore!°NewviruseswillusenewrootkittechnologyHowRootkitsWork?°Compromisedsystemexposed–unpatched,zerodayexploit,poorconfiguration,etc.°Malwareexploitshost–virus,worm,spyware,etc.°Installspayload–keylogger

5、,FTPserver,remoteshell,etc.°Activatesrootkit–hooksintoOSAPIlibraries–redirectssystemcallsthroughitself–preventsOSfrom“seeing”processesandfilesEVENAFTERhostispatchedandoriginalmalwareisremovedHowRootkitsWork?docsrootkitwindowswindowsrootkitfiltersresultstohideitselfRootkitDLLdi

6、rc:docsReadFile()rootkitwindowsDLL“tricked”intoNTFScommandthinkingitcan’texecutecommand,callsrootkitC:Case:Rootkit°Cametopubicawarenessin2005SonyBMGCDCopyProtection°Firstmainstreammediacoverageofarootkit°DiscoveredbyMarkRussinovichwhenusinghisrootkitdetectionsoftware°Used“ro

7、otkit”technologytoprotecttheircopyprotectionmechanismfromusers–Anythingthatwasnamed$SYSwashiddenfromthesystem,eventheAdministratorCommonRootkits°HackerDefender–Mostpopularrootkit–Avoidsantivirusdetection–IsabletohookintotheLogonAPItocapturepasswords–Youcanpaythedevelopersmoney

8、($100-$900)foracustomversionofthesoftwaretoavoidalldetectors°

当前文档最多预览五页,下载文档查看全文

此文档下载收益归作者所有

当前文档最多预览五页,下载文档查看全文
温馨提示:
1. 部分包含数学公式或PPT动画的文件,查看预览时可能会显示错乱或异常,文件下载后无此问题,请放心下载。
2. 本文档由用户上传,版权归属用户,天天文库负责整理代发布。如果您对本文档版权有争议请及时联系客服。
3. 下载前请仔细阅读文档内容,确认文档内容符合您的需求后进行下载,若出现内容与标题不符可向本站投诉处理。
4. 下载文档时可能由于网络波动等原因无法下载或下载错误,付费完成后未能成功下载的用户请联系客服处理。