g My
y Tnh v Truyn
y Thng
g
Khoa Mng
AN TON
MNG
MY TNH
ThS. T Nguyn Nht Quang
NI DUNG MN HC
1.
2.
3.
4.
5.
6.
7.
8.
9.
Tng
gq
quan v an ninh mng
g
Cc phn mm gy hi
Cc g
gii thut
m ho d liu
BI 2
CC PHN MM GY HI
A. TROJAN V BACKDOOR
Ni dung
1
1.
2.
3.
Ph lloii T
Phn
Trojan
j
4.
Mt s Trojan ph bin
5.
6
6.
7.
Bi tp
ATMMT - TNNQ
1
1. Lch s hnh thnh Trojan
Nga Trojan trong
truyn thuyt Hy Lp c
i th k 17
17.
Trojan trn my tnh
c
to
t ra u
tin
ti l
Back Orifice, c cng
xm
nhp
h l 31337
31337.
ATMMT - TNNQ
2
2. Khi nim v Trojan
Trojan l chng trnh gy tn hi n ngi
dng my tnh
tnh, phc v cho mc ch ring no
ca hacker.
Thng hot ng b mt v ngi dng khng
nhn
h ra s h
hott
ng ny.
ATMMT - TNNQ
ATMMT - TNNQ
2
2. Khi nim v Trojan
Trojan khng t nhn bn nh virus my
tnh m ch chy ngm trong my b
nhim.
nhim
Trojan thng lm chm tc my tnh,
cm chnh sa registry
registry
ATMMT - TNNQ
Cc con ng
ng d
dng
ng
Messenger.
File nh km
km.
Truy cp vt l.
D
Duyt
t W
Web
b v
E
Email.
il
Chia s file.
Ph mm
Phn
min
i ph.
h
Download tp tin, tr
chi,
h i screensaver t
internet
ATMMT - TNNQ
10
Graffiti.exe
One file
exe maker
k
ATMMT - TNNQ
11
ATMMT - TNNQ
12
ATMMT - TNNQ
13
3
3. Phn loi Trojan
Loi iu khin t xa (RAT)
Keyloggers
Trojan ly cp password
FTP trojans
Trojan ph hoi
Trojan chim quyn kiu leo thang
ATMMT - TNNQ
14
3.
3 Phn loi Trojan
ATMMT - TNNQ
15
3
1 Trojan iu khin t xa (RAT)
3.1.
RAT bin my tnh b nhim trojan thnh
mt server my tnh client ca hacker
truy cp vo v nm quyn iu khin
khin.
T ng kch hot mi khi my tnh hot
ng.
ng
Gm 2 file, mt cho server, mt cho client.
Thng c ngy trang di mt kiu
file bnh thng no giu kiu exe.
ATMMT - TNNQ
16
3
1 Trojan iu khin t xa (RAT)
3.1.
Mi RAT thng chy server di mt cng
ring bit cho php hacker thm nhp vo my
b nhim trojan v tin hnh iu khin t xa.
Thng v hiu ho vic chnh sa registry nn
kh xo trojan
j ny.
y
i khi c th s dng trong vic qun l my
ttnh t xa.
a
Ph bin c Back Orifice, Girlfriend, Netbus
ATMMT - TNNQ
17
3
2 Keyloggers
3.2.
Keylogger bao gm hai loi,
mt loi keylogger phn cng
v mt loi l phn mm.
Nh gn, s dng t b nh
nn kh p
pht hin.
Hot ng n gin, ch yu l
g
ghi li
d
din
b
bin
ca b
bn p
phm
ri lu li trn my hoc gi v
cho hacker qua email.
ATMMT - TNNQ
18
3
2 Keyloggers
3.2.
Nu dng gim st con ci, ngi thn xem
h lm g vi PC, vi internet, khi chat vi ngi
l th keylogger l tt.
Khi s dng keylogger nhm nh cp cc
thng
g tin c nhn ((ti khon c nhn,, mt
khu,,
th tn dng) th keylogger l xu.
ATMMT - TNNQ
19
3
2 Keyloggers
3.2.
Mt
keylogger
y gg thng
gg
gm ba phn
p
chnh:
Chng trnh iu khin: iu phi hot ng, tinh
chnh cc thit lp, xem cc tp tin nht k. Thng
thng ch c th gi bng t hp phm tt
tt.
Tp tin hook, hoc l mt chng trnh monitor dng
ghi nhn li cc thao tc bn phm, capture screen.
Tp tin nht k (log), ni cha ng ton b nhng g
hook ghi nhn c.
Ngoi ra, ty theo loi c th c thm phn chng
trnh bo v (protect), chng trnh thng bo
(report)
(report)
ATMMT - TNNQ
20
3.2.
3 2 Keyloggers
ATMMT - TNNQ
21
3.2.
3 2 Keyloggers
ATMMT - TNNQ
22
3
3 Trojan n trm password
3.3.
n cp cc loi mt khu lu trn my b
nhim nh mt khu ca ICQ, IRC,
Hotmail Yahoo
Hotmail,
Yahoo ri gi v cho hacker
qua email.
Cc loi trojan ph
bin l Barri,
Kuang, Barok.
ATMMT - TNNQ
23
3
4 FTP Trojan
3.4.
Loi ny m cng 21 trn my b nhim
nn mi ngi u c th truy cp my
ny ti d liu.
liu
ATMMT - TNNQ
24
3
5 Trojan ph hoi
3.5.
Mc ch chnh l ph hoi
Ph hu a cng, m ho cc file
Rt nguy him, kh kim sot
ATMMT - TNNQ
25
kiu lleo th
thang
c quyn
Thng c gn vo mt ng dng h
thng no v s cho hacker quyn cao
hn quyn c trong h thng khi ng
dng ny chy.
ATMMT - TNNQ
26
4. Mt s Trojan ph bin
G S
KGB
SPY
L loi trojan mnh, c s dng rng ri.
Version c cp nht lin tc.
C th theo di cc p
phm nhn,, mn hnh
C cc tab trong chng trnh:
- General options
p
- Password
- Email Delivery
- Filters
- Invisibility
- Advanced options
p
- Screenshot
- FPT Delivery
- Alert Notifications
ATMMT - TNNQ
27
4. Mt s Trojan ph bin
KGB
G SPY
S
ATMMT - TNNQ
28
4. Mt s Trojan ph bin
KGB SPY
ATMMT - TNNQ
29
4. Mt s Trojan ph bin
Blazing Tool Perfect
f
Keylogger
L mt trojan mnh, c s dng rng
ri trn internet
internet.
Cho php nhn thng tin t my b nhim
trojan t email hoc fpt server.
server
C th lu li cc phm nhn, cc link
web,
b ni
i d
dung chat
h t
ATMMT - TNNQ
30
4. Mt s Trojan ph bin
Blazing Tool Perfect Keylogger
ATMMT - TNNQ
31
4. Mt s Trojan ph bin
007 Spy Software
ATMMT - TNNQ
32
4. Mt s Trojan ph bin
007 Spy Software
ATMMT - TNNQ
33
4. Mt s Trojan ph bin
St lth Keylogger
Stealth
K l
ATMMT - TNNQ
34
4. Mt s Trojan ph bin
DJI RAT
ATMMT - TNNQ
35
4. Mt s Trojan ph bin
NET BUS
S
ATMMT - TNNQ
36
4. Mt s Trojan ph bin
HackerzRAT
ATMMT - TNNQ
37
4 Mt s Trojan ph bin
4.
ATMMT - TNNQ
38
ATMMT - TNNQ
39
5
5. Phng chng Trojan
Hn ch s dng chung my tnh
tnh, ci t
mt khu bo v.
Khng m cc tp tin l khng r ngun
gc, ch cc file c phn m rng l
exe com
exe,
com, bat
bat, scr,
scr swf
swf, zip
zip, rar
rar, gif
gif
Khng vo cc trang web l.
Khng click vo cc ng link l.
Khng
g ci t
cc p
phn mm l.
ATMMT - TNNQ
40
5
5. Phng chng Trojan
Khng download chng trnh t cc
ngun khng tin cy.
Lun lun t bo v mnh bng cc
chng chnh chuyn dng chng virus,
chng spyware v dng tng la khi
ng nhp Internet.
Th
Thng
xuyn
cp
nht
ht
y cc
b
bn
cp nht bo mt ca h iu hnh.
ATMMT - TNNQ
41
5
5. Phng chng Trojan
Qut cc port ang m vi cc cng c nh
Netstat, Fport, TCPView
Q
Qut cc tin trnh ang
g chy
y vi Process
Viewer, Whats on my computer, Insider
Qut nhng
g thay
y i trong
g Registry
g y vi
MsConfig, Whats running on my computer
Qut nhng hot ng mng vi Ethereal,
WireShark
Chy cc phn mm dit Trojan.
ATMMT - TNNQ
42
5
5. Phng chng Trojan
ATMMT - TNNQ
43
ATMMT - TNNQ
44
ATMMT - TNNQ
45
ATMMT - TNNQ
46
ATMMT - TNNQ
47
ATMMT - TNNQ
48
ATMMT - TNNQ
49
ATMMT - TNNQ
50
ATMMT - TNNQ
51
ATMMT - TNNQ
52
ATMMT - TNNQ
53
6. Mt s cng
i cng
cc
Trojan thng
dng
ATMMT - TNNQ
54
6. Mt s cng
i cng
cc
Trojan thng
dng
Satanz Backdoor|666
FTP99CMP|1492
WinCrash|4092
DeepThroat|6771
Silencer|1001
BackDoor|1999
ICQTrojan|4590
GateCrasher|6969
Shivka--Burka|1600
Shivka
|
Trojan
j Cow|2001
|
Sockets de Troie|5000
|
Priority|6969
y|
SpySender|1807
Ripper|2023
Sockets de Troie
1.x|5001
Remote Grab|7000
Shockrave|1981
Bugs|2115
NetMonitor|7300
Firehotcker|5321
WebEx|1001
NetMonitor 1.x|7301
Deep Throat|2140
Blade Runner|5400
Doly Trojan|1011
NetMonitor 2.x|7306
The Invasor|2140
Blade Runner 1.x|5401
Psyber Stream
Server|1170
Ultors Trojan|1234
NetMonitor 3.x|7307
Phineas Phucker|2801
Blade Runner 2.x|5402
NetMonitor 4.x|7308
Masters
Paradise|30129
Robo--Hack|5569
Robo
ICKiller|7789
VooDoo Doll|1245
Portal of Doom|3700
DeepThroat|6670
ATMMT - TNNQ
55
6. Mt s cng
i cng
cc
Trojan thng
dng
Portal of Doom|9872
Portal of Doom
1.x|9873
Portal of Doom
2.x|9874
Portal of Doom
3.x|9875
Portal of Doom
4.x|10067
Portal of Doom
5 |10167
5.x|10167
iNi--Killer|9989
iNi
Senna Spy|11000
py|
Hack?99
KeyLogger|12223
Evil FTP|23456
Masters Paradise
1 x|40422
1.x|40422
Ugly FTP|23456
GabanBus|1245
Delta|26274
NetBus|1245
Back Orifice|31337
Whack--a-mole|12361
Whack
Masters Paradise
2.x|40423
Masters Paradise
3.x|40426
Back Orifice|31338
Sockets de Troie|50505
Whack-a-mole
Whack1 |12362
1.x|12362
DeepBO|31338
Priority|16969
NetSpy DK|31339
Millennium|20001
|
BOWhack|31666
Remote Windows
Shutdown|53001
NetBus 2 Pro|20034
BigGluck|34324
Telecommando|61466
GirlFriend|21544
The Spy|40412
Devil|65000
Fore|50766
The tHing|6400
ATMMT - TNNQ
56
6. Mt s cng
i cng
cc
Trojan thng
dng
NetBus 1.x|12346
1 x|12346
Gatecrasher |6969
BladeRunner | 5400
Telecommando | 61466
IcqTrojan | 4950
SubSeven|1243
|
Gjamer
j
||12076
InIkiller | 9989
NetSphere|30100
IcqTrojen| 4950
GirlFriend | 21554
PortalOfDoom | 9872
Silencer |1001
Priotrity |16969
Fore, Schwindler|
50766
ProgenicTrojan | 11223
Millenium |20000
Vodoo | 1245
Wincrash | 5742
NetMonitor| 7306
Wincrash2| 2583
Kuang |30999
RemoteWindowsShutd
own | 53001
RoboHack |5569
Streaming Audio
Trojan| 1170
Netspy |1033
Silencer | 1001
WhackJob | 23456
Striker | 2565
ShockRave | 1981
Socket23 |30303
ATMMT - TNNQ
57
7
7. Bi tp
1.
ATMMT - TNNQ
58
7
7. Bi tp
2.
ATMMT - TNNQ
59
7
7. Bi tp
3.
4.
5.
6.
7.
Gii th
thch
h ttii sao S
System
t
Ad i i t t kh
Administrator
khng nn
s
dng
d
mt ti khon ngi dng c mt khu super
super--user duyt
Web hoc gi v nhn E
E--Mail.
ATMMT - TNNQ
60
7
7. Bi tp
8.
hai ca cng
tng ng gia Web 2.0 v Web 1.0 th h trc:
61
7
7. Bi tp
9.
Vo trang http://www.microsoft.com/downloads
http://www.microsoft.com/downloads,, download
v v ci t trn my tnh cc phn mm:
1.
Windows Defender
2.
Ch Wi
Chy
Windows
d
D
Defender
f d qut
t S
Spyware, gii
ii th
thch
h c
ch hot ng ca phn mm ny.
Kh nng chng m c hi
2.
Tng la tch hp vo IE
3.
4.
62
5
5. Bi tp
10.
63
5
5. Bi tp
11.
64