木马和混合型威胁副本汇编.pptx

Trojan Horse Blended Threats Trojan Horse The Origin of “Trojan Horse” What’s “Trojan Horse” Backdoor Rootkit The History of “Trojan Horse” Impacts of “Trojan Horse” The Origin of the “Trojan Horse” The Trojan Horse is a tale from the Trojan War about the subterfuge that the Greeks used to enter the city of Troy and win the war. Client Program Server program Malicious Hackers Innocent Users (Pretend to be legitimate) (Get cheated) (Controller) A Trojan horse, or Trojan, in computing is any malicious computer program which misrepresents itself to appear useful, routine, or interesting in order to persuade a victim to install it. The Definition of Trojan Horse No! You are a liar and thief! A backdoor in a computer system is a method of bypassing normal authentication, securing unauthorized remote access to a computer, or obtaining access to plaintext while attempting to remain undetected (usually through a rootkit). A rootkit (隐匿程式) is a collection of computer software, typically malicious, designed to enable access to a computer or areas of its software that would not otherwise be allowed while at the same time masking its existence or the existence of other software. The term rootkit is a concatenation of “root” and the word “kit（工具箱）“. It’s backdoor! Adverse Impacts: steal control Damage degree varies: For Example… Category： universal transitive Crashing the computer or device. Modification or deletion of files. Data corruption. Formatting disks, destroying all contents. Spread malware across the network. Spy on user activities and access sensitive information. Destructive Features： History of Trojan Horse ?Using kernel-embedded and Rootkit technology ?Using thread technology to embed into DLL(Dynamically Linked Library)动态链接程式库 ?Using technology like Armyworm ?Systematic anti-detection technology SSDT:把一个ring3的Win32 API（应用程序界面）和ring0的内核API联系起来。 Repentant Thief Bandit （No copies and reproduction by infect