De Tai Tim Hieu Virus-trojan-worm

7/31/2019 De Tai Tim Hieu Virus-trojan-worm

1/37


2/37

TI TM HIU BO MT

VIRUS-TROJAN-WORM

ATHENA BASIC NETWORKMANAGEMENT

GING VIN PH TRCH:.NHM HC VIN: V H Duy.

Khc Nguyn PhngDuy

Nguyn Thchn


3/37

Cu trc:

A, CC NG DNG NGUYHIMI-Chng trnh ac h)i

1.Virus v su

2.Trojan

3.Cng c c hi

II-Chng trnh tm 1n khng mong muYn khc

1.Adware

2.Pornware

3.Riskware

B, CC MI E DAKHCI-Th rc hay th nh5n khng mong muYn

II-Lsa +oIII-T-ng cng hO thYng m)ng

IV-Banner qu+ng co

C, PHNG TRNH V X LVIRUSI-S

dng ph/n mIm diOt virus (Antivirus)

II-S dng tng la

III-C5p nh5t cc b+n sa l_i ca hO iIu hnh

IV-V5n dng kinh nghiOm s dng my tnh

V-B+o vO d liOu my tnh


4/37

A, CC NG DNG NGUYHIMChng trnh mang m c (Malware) c to ra vi nhiu mc ch chnghnly trm , xa hoc chnh sa thng tin, kim sot hnh vi my tnh ca bnhaythm ch l chim quyn kim sot h thng mng mytnhChng trnh tim tng cc mi nguy him L cc chng trnh cha nguy cgyhi cho my tnh, n c th gip cc chng trnh khc xm nhp vo my tnhcabn v t gy hi cho my tnh ca

bnT in v virus cha m t chi tit cc chng trnh

nyI-CHNG TRNH `C H(I

Chng trnh c hi c to ra gy hi cho my tnh v ngi dng: ncp,kha, iu chnh hoc xa thng tin hoc lm gin on hot ng ca mytnh,ca h thngmng.Chng trnh c hi c chia thnh 3 nhm chnh: viruses v worms, Trojansvphn mm chi.Viruses v worms c th to ra cc bn sao ca chnh mnh v sao chp li

chng.Mt s trong chng hot ng m ngi dng khng bit, mt s khc yucuphi c tc ng t ngi dng. Chng trnh thc thi cc hnh ng c hican.

Chng trnh Trojan khng to ra cc bn sao ca n, khng nh worms vvirus.N len vo my tnh thng qua email hoc khi ngi dng truy cp vo mttrangweb b nhim. N kch hot khi c tc ng ca ngi dng v bt u cchnhng gyhi.Phn mm c hi c to ra c bit gy hi. Tuy nhin, khng gingnhnhng phn mm c hi khc, n khng thc thi cc hnh ng ghi hi khichy,m n c lu tr an ton trong my tnh. N gip to ra cc virus, worms, vccTrojan sp xp cuc tn cng qua mng t mt my ch xa, hack hoclmcc hnh ng gy hikhc.1-VIRUS VSUChuyn mc con : virus v su mytnh


5/37

Mc nguy him:caoVirus my tnh v su my tnh thc hin nhng hnh vi tri php trn hthngmy tnh b nhim, ngay chnh bn thn chng c kh nng nhn bn v lantruynlm tng nguy c ly

lan.Virus cinSau khi virus xm nhp h thng ca bn, n s bm vo h thng file ca bn,tn s kch hot cc hnh vi thit lp trc v ly lan sang cc file khc tronghthng.Virus truyn thng khi xm nhp h thng ca bn n s li dng vic chp dliut my tnh ny sang my tnh khc m di chuyn theo. Cc con ng c thlchp d liu, gi/nhn e-

mail...Virus c th thm nhp vo cc vng khc nhau ca my tnh, c th l cc filehthng ca h iu hnh hay cc ng dng. C s khc bit gia cc file, vng

boot,cc on m script, v cc macro

Virus c th nhim vo cc file bng nhiu hnh thc khc nhau. Virus bn thnnc c ch ghi (overiting) s thay th ni dung on d liu trong cc file

bnhim. Cc file b nhim virus ny s b ngng khng lm vic c. Virus ksnhthay i ton b file hoc thay i mt phn. Virus Companion khng safilenhng li thay th chng, v th khi file b nhim virus c m ra, n s nhn

bnv s chy. Cc kiu virus khc bao gm cc lin kt virus, virus m nhim

theom un i tng, virus lin quan n cc th vin ca cc trnh bin dch vvirusly qua cc chng trnh chuyn filetext.Mt s loi virus c th t to ra cc bin th khc nhau gy kh khn choqutrnh pht hin v tiu dit chng. Mt s bin th khc xut hin do sau khivirusb nhn dng ca cc phn mm dit virus, chnh tc gi hoc cc tin tc khc(bitc m ca chng) vit li, nng cp hoc ci tin chng tip tc phttn.Mt s virus khc tinh vi hn c kh nng v hiu ho hoc can thip vo hiuhnh lm t lit (mt s) phn mm dit virus. Sau hnh ng ny chng mi

tinhnh ly nhim v tip tc pht tn. Mt s khc ly nhim chnh vo phnmmdit virus (tuy kh khn hn) hoc ngn cn s cp nht ca cc phn mmditvirus.Cc cch thc ny khng qu kh nu nh chng nm r c c ch hotngca cc phn mm dit virus v c ly nhim hoc pht tc trc khi hthngkhi ng cc phn mm ny. Chng cng c th sa i file host ca hiu


6/37

hnh Windows ngi s dng khng th truy cp vo cc website v phnmmdit virus khng th lin lc vi server ca mnh cpnht.

Su mytnhSu my tnh sau khi xm nhp vo my tnh, su s hot ng v thc thiccchng trnh cha m c. Su mng l tn gi cho cc loi su ly lan trongmngt my tnh ny sang my khc. Bn thn n c kh nng ly lan theo bngnhiucon ng khcnhau.Bn thn su c kh nng nhn bn. Di y l danh mc mt s loi sumytnh.Danh mc su my tnh v c tnh

Kiu Tn M t

Email-Worm

Su e-mail Su e-mail ly nhim qua ng e-mail.

Mt thng ip cha su hoc lin kt cha su cgnvo trong email s i theo thng ip c gi i.Trangweb ny thng l web ca cc tay hacker hoc bhackerkhai thc. Khi ngi dng nhn file v m ra th su

btu c iu kin pht tn. Sau su tip tc sao chpbn thn n sang cc e-mail khc.

IM-Worm

SuIM

Nhng su ny nhn bn thng qua cc chng trnhtraoi thng ip ti cc my trm, nh cc chngtrnhchat, ICQ,MSN Messenger, AOL, Yahoo,Skype....Thng th cc su ny dng danh sch trongchnhchng trnh ca nn nhn gi cc th cha cclinkt n cc trang web khng mong mun. Khi

ngidng download hoc m file su s c kch hot.IRC-Worms

SuIRC Kiu su ny xm nhp vo my tnh thng qua

ccchng trnh chat trung gian nm cc my trm.Ccmy ny thng giao tip vi nhng ngi dngkhcthng qua Internet ngay thi im .


7/37

Loi su ny nhn bn da trn mi trng internet,khingi dng download hoc m file su s ckchhot.

Net-Worms

Su mng Nhng loi su ny nhn bn thng qua mng mytnh Nhng kiu su ny khng ging vi cc loi su

thngthng, chng c kh nng t ly lan m khng cnlidng thng qua ngi dng. Chng d tm cc mytnhtrong h thng mng ni b v khai thc ccchngtrnh trn cc my tnh c nhiu l hng. lmiuny chng pht tn mt gi c bit c cha mcachnh chng hay cc m cho mi my tnh. Nu

khmph ra cc my tnh khng phng b trong mng chngslan sang. Mt khi su vo my tnh ca bn. Nsc kch hot.

P2P-Worm

Su trao ifile Su trao i file ly lan trong mng ngang hng (peer-

to-peer), nh Kazaa, Grokster, EDonkey, FastTrackhocGnutella.Su loi ny t sao chp n vo trong cc th mcchafile v theo con ng trao i file m lan ra. Chng

cc ch ring d tm cc yu cu trong mng vchophp ti bn sao chp chng v. Bin tng ca sunytr nn phc tp khi lan ra trong mng.

Worm Cc loi sukhc

Cc loi su mngkhc::

Su ly qua mi trng mng khai thc cc chcnngca h iu hnh, khi chng xm nhp vo cccth mc chung ca mng, l th mc chia s dliuca nhm ngi dng hoc cng ty, su ny s ktnin cc my trm. Khng ging nh su mng,ngidng khi m file cha bn su ny v tnh s kchhotn.

Su dng cc phng php khc nhn bn, cnhiuloi khc nhau, v d su ly lan qua in thoi.

2-TROJANS


8/37

Chuyn mc con: Trojans (Chng trnhTrojan)Mc nguy him:caoKhng ging nh su my tnh hoc virus, chng trnh Trojan khng t sao

chp.Chng ln vo vo my tnh ca bn, qua ng e-mail hoc lc duyt web,khingi dng truy cp vo cc website cha cc chng trnh ny. ChngtrnhTrojan chy v thc thi cc on m c vit trc theo mc ch canhngngi vit rachng.Cc chng trnh Trojan kh a dng, chc nng chnh l ngn cc thao tctrnmy tnh hoc chnh sa, xa cc d liu, ngt cc quyn kim sot my tnhhocc h thng mng. Mt khc, chng trnh Trojan c th gi v nhn file, chyccfile ny, hin th thng ip, truy cp website hay thm ch ti v ci ccchngtrnh khc v khi ng li my

tnh...Nhng v khch khng mi ny c rt nhiu "hnh dng" v bao gm nhiuloichng trnhTrojanMt s kiu chng trnh Trojan v cim:Phn loi cc kiu chng trnh Trojan theo hnh vi /c im

Kiu Tn M t

Trojan-ArcBomb

ChngtrnhTrojan "di

bom"

L chng trnh tng kch thc lm ydunglng my tnh cng nh lm chm vic x ltrongmy tnh khin my tnh chy ch. Loi trojannyc bit nguy him i vi h thng file v mychmail. Khi b di bom c th c h thng s bnghnkhin cc hot ng tr nn ngng tr

Backdoor ChngtrnhTrojan kim

sott xa

Cc chng trnh ny c xem l c mc nguyhim cao nht trong s cc chng trnh

Trojan.Bn thn n c chc nng tng t nh ccchngtrnh thc hin cc hnh vi t xa(remote).Ccchng trnh ny mt khi ln vo my tnhvc kch hot s khin my tnh ca bn bkimsot t xa bi ai

Trojans Trojans Trojans bao gm cc loi chng trnh mang m


9/37

c:

Chng trnh Trojan truyn thng: Chngchc nhim v chnh l kha, thay i hoc xadliu, ngt cc tc v iu khin ca my tnh

hoch thng mng my tnh; chng khng c ccchnng cng thm nh cc loi Trojan m ttrongbngny.

Cc chng trnh Trojan "a mc ch" :ngoi cc chc nng c trng ca chngtrnhTrojan truyn thng cn c cc kiu chngtrnhTrojan c xy dng theo mc ch khc nhau

Trojan-Ransoms

ChngtrnhTrojan bt cc

Loi Trojan ny "bt cc" my tnh ngidng,chnh sa hoc kha, ngt cc tin trnh ca

mytnh khin ngi dng khng th truy xut dliu.T chng to ra cc yu cu tr gip bng cchtruy cp vo cc website no hoc cung cp ccthng tin cho chng khi phc li h thng.

Trojan-Clickers

Trojan-Clickers Cc chng trnh Trojan ny ln vo my tnhca ngi dng qua con ng web, chng gi cc yu

cu n trnh duyt web hay th cc a chlutrfileDng nhng chng trnh ny tn cng

vomng v to ra rt nhiu cc banner qung co

Trojan-Downloaders

Trojan yu cuti dliu,chngtrnh

Chng trnh ny cha cc quyn truy xutvoweb, truy cp vo ti cc chng trnhmangm c v ci t ln my tnh.

Trojan-Droppers

Trojan bo v m L chng trnh cha cc chng trnh Trojankhcc khc v sau kch hot ci t

chng

Nhng k xm nhp c th dng kiu Trojanny ci chng trnh mang m c m ngi

dngko bit, Trojan ny khng hin th bt k thngbono v li hay cnh bo khc ...m ch mthmthc hin hnh vi camnh

Bo v cc chng trnh m c khc khiccchng trnh chng virus


10/37

Trojan-Notifiers

Trojan-notifiers

Trojan ny thng bo rng my tnh ca bnc kt ni ti t chc hay web no , v yucubn chp nhn cung cp cc thng IP, port memailang m. Chng s phn tch cc email v giao

thctruyn tp tin khai thc vi cc mc chringTrojan-notifier thng kt hp nhiu loichngtrnh Trojan.

Trojan-Proxy

Trojans-proxies Cho php k xm nhp nc danh cc trang web,tchc t gi mail ng lot(spam) ...

Trojan-PSW Chngtrnhtrojan lycpthng tin mt

m

Trojan nh cp mt khu: chng nh cptikhon thng qua cc chng trnh gi i bnngk thng tin, chng lc li trong cc file h thng

vregistry ca my tnh thng tin v email, ccfiletruyn ti v gi n nhng k to rachngThng thng cc Trojan ny nh vo ccitng qun l cc ti khon ngn hng , ...vthng thanh ton qua mng( Trojan-Bankers),nhcp ti thng tin c nhn ( Trojans-IMs), nhcpd liu ca game th chi game online(Trojans-GameThieves)

Trojan-Spies ChngtrnhTrojan ginip

Loi chng trnh ny l cc chng trnh ginip,chng thu thp thng tin ca ngi dng, lu liccthng tin g bn phm, thng tin chp li cnhmnhnh hoc cc ng dng c kch hot. Sau khiccc thng tin ny, chng chuyn cc thng tin nyrangoi qua ng e-mail, truyn file qua giaothcFTP hoc cc trang web.

Trojan-DDoS Trojan tncngmn

g

Chng trnh ny khai thc cch tn cng tchidch v, gi lin tc cc yu cu t my tnh

tiserver ngoi mng. My ch ngoi ny s trnnqu ti vi vic x l lin tc cc tin trnh caccyu cu gi n. Kiu Trojan ny c th ccitrn nhiu my tnh tn cng vo cc my ch.


11/37

S m t nhDdos:

S phn loi Ddos:


12/37

Trojan-IMs

Trojan tncngqua ng

truynkt

Nhng chng trnh ny ly cp mt khu camytrm thng qua cc chng trnh chuyn k t

timy trm nh cc chn trnh Chat, chng hnICQ,MSN, AOL, Yahoo hay Skypy. Chngchuynthng tin ti k xm nhp theo mt trong ccconng e-mail, web, FTP...nh mt s Trojan khc.

Rootkits Rootkits Nhng chng trnh ny che giu cho ccchng trnh mang m c v hnh vi ca cc chng

trnhny. Chng n cc file v cc tin trnh trong bnhca my tnh b ly nhim, chng cng n cckhachy bi chng trnh mang m c ny hoc

giudim vic chuyn file gia cc ng dng ccit trn my tnh ca ngi dng hay cc mytnhkhc trong mng.

Trojan-SMS

Trojan tncngquaSMS

Nhng chng trnh ny ly lan trn h thnginthoi cm tay thng qua vic chuyn tin nhngiangi dng.

Trojan-GameThieves

Trojan nh cpthng tin

tikhon ca ccgame th

Cc chng trnh ny ly cp thng tin tikhonca cc tay game th, chng chuyn thng tin

nyti k nh cp qua cc con ng e-mail, FTP,hayqua web...

Trojan-Bankers

Trojan nh cpthng tintikhon ngnhng

L cc chng trnh ly cp thng tin tikhonngn hng hoc thng tin tin bc qua cc giaodchtrn mng gi ti k nh cp thng qua ccconng e-mail, FTP, web..


13/37

Trojan-Mailfinders

Trojan thuthpa ch e-mail

Cc chng trnh ny thu thp a ch e-mailtrnmy tnh v chuyn cc e-mail ny ti k nhcpqua e-mail, qua FTP, web. Nhng k nh cpnys dng cc e-mail thu thp c xy dng

cc spam e-mail.3-CNG C CHIChuyn mc con: Cng c to ramalwareMc nguy him: Trung

bnhC nhiu cng c to ra cc chng trnh ph hi nguy him. Tuy nhinkhngging nh cc chng trnh m c khc, chng khng thc thi cc hnhngging m c, chng c th lu tr an ton v chy trn my tnh ca ngi

dng.Chng trnh ny gip to virus, su v chng trnh Trojan khc, sp xpmtcuc tn cng mng trn my ch hoc chim my tnh ca bn hoc cchnhngkhc.C nhiu kiu mailware vi cc c im khc nhau. Di y l mt sloithnggpPhn loi mailware theo kh nng ca chng

Kiu Tn M t

Constructor Malwaretora m c

C kh nng to ra cc loi virus mi, su hayccchng trnh Trojan. Mt s malware ny c giaodinging window, cho php hacker c th la chnkiuchng trnh m c m to ra

DoS Tn cng

mng

Tn cng t chi dch v l chng trnh gi nhiu

yucu t my trm ti my ch. My ch s tr nn qutiv khng th p ng ni cc yu cu ny v t lit

Exploit

Malwarekhaithc lhngca chngtrnh

Malware ny l mt on ca d liu hoc mt phnmca chng trnh li dng cc ng dng c l hng

bomt thc thi cc on m c trn my tnh.Chnghn chng c th ghi hoc c file hoc truy cp vo cc


14/37

trang web tim n nhng nguy c gyhi.Cc malware loi ny thng li dng cc l hngcang dng hoc dch v mng khc nhau. Malwarenyly lan qua mng sang nhiu my tnh tn cng vo

ccdch v mng khng bo mt, chng hn malwarechacc file dng .doc khi ngi dng m file cmalwaredng ny th s kch hot cho malware ny chy.Trnghp malware cha trong mt e-mail th chng litncng vo s h ca chng trnh mail cc mytrm.Chng cng c kch hot khi nn nhn m e-mail.Cc malware loi ny thng pht tn loi sumng(Net-Worm). Exploit-Nukers l cc gi lm cho mytnhngng hot ng.

FileCryptors Malwaremha file

Malware m ha file l mt dng chng trnh mckhc, chng n mnh trc cc chng trnh chng virus.

Flooders Malwarelmnghnmng

Nhng chng trnh ny gi hng lot cc thng iptikhin mng tr nn b trn ngp cc thng ip vtrnn nghn, chng hn nh cc thng ipchat...Tuy nhin, loi malware ny khng tnh cc chng

trnhgi mail hng lot v gi tin nhn hng loi IM vSMS,chng c phn loi nh cc kiu ring trong

bngpha di (Email-Flooder v SMS-Flooder).

HackTools Cng c hack Cng c ny ci ln my tnh m mun hack, hoc tn cng vo my tnh khc. Cng c tn cng ny c th

baogm cc chc nng sau: thm ngi dng vi quynhnvo h thng, xa cc lu tr h thng giu ccduvt ca ngi dng mi trn h thng. Chng cng

baogm chc nng nghe ln chn ly password.Chngtrnh nghe ln gip chng c th xem v thng klulng mng.

not-virus:Hoax

Hoax Nhng chng trnh ny da ngi dng vi cc tinnhn v virus: d thy virus v lm sch, hoc hin th

tinnhn v khng nh dng c a.


15/37

Spoofers Malwarelao

Nhng chng trnh ny gi tin lm gi cc thng tinvngi gi. Mo nhn thng tin ngi gi.

VirTools Cng c to

hocchnhcc chngtrnh mc

Chng c th sa cc chng trnh m c khc

nchng khi cc chng trnh virus.

Email-Flooders

Chngtrnhgi mailtrnlan

Gi ng lot s lng ln cc e-mail khin trn lancce-mail. V c s lng qu ln lu lng e-mail nymngi dng khng th xem cc e-mai hp l.

IM-Flooders

Chngtrnhgi tinnhntrnlan.

Nhng chng trnh ny gi s lng ln cc tinnhncng lc ti cc chng trnh nhn tin nhn nhICQ,MSN, AOL, Yahoo hay Skype. V lung tin nhnqunhiu ny m ngi dng khng th nhn c cctinnhn khc.

SMS-Flooders

Chngtrnhgi tinnhnti inthoi

Nhng chng trnh ny gi s lng ln cc tinnhnti in thoi di ng.

II-CHNG TRNH TIHM 0N KHNG MONG MUXN

Chng trnh nguy him tim n, khng ging nh chng trnh gy hi, nkhngduy nht gy thit hi. Nhng n c th s dng phm vi bo mt ca mytnh.Chng trnh khng mong mun tim n gm adware, pornware v chngtrnhkhng mong mun timn.Adware hin th thng tin qung co n ngidng.Pornware hin th thng tin i try n ngidng.

Nhng chng trnh tim n khc (Riskware) c s dng rng ri. Tuynhin,nu mt k no t nhp c vo cc chng trnh ny hoc t chngvomy tnh ca ngi dng, h c th xm phm vo bo mt ca mytnh.


16/37

Mt chng trnh khng mong mun c ci t theo mt trong cc cchsau: c ci t bi ngi dng, c nhn hoc cng vi mt chng trnh

khc.V d, phn mm pht trin bao gm chng trnh qung co min phhocchng trnh chia

s. c ci t bi tin tc v nhng k xm nhp, v d, c th bao gmccchng trnh trong gi phn mm c hi vi cc chng trnh v s dng "ri

ro"ca trnh duyt web hoc Trojan downloaders v Droppers, khi ngi dngduytmt trang web b nhimvirus.

1-ADWAREChuyn mc con:AdwareMc nguy him: Trung

bnhCc chng rnh ny hin th cc thng tin qun co trn my tnh ca ngidng.Chng hin th cc banner qun co hoc giao din cc chng trnh khc vyucu kt ni ti cc trang web qung co. Mt s Adware thu thp v gi tinhngngi pht trin chng, cc thng tin tip th chng hn khi ai gh thm

mttrang web, n s yu cu ngi li thng tin. Khn ging trogian ginip,thng tin ny s l quyn kim sot ca ngi dng khi truy cp li vo cctrangny.

2-PORNWAREChuyn mc con :

PornwareMc nguy him: trungbnhNgi dng s dng chnh chng khi tm kim cc thng tin i try hocccthng tin khiudmK tn cng c th ci nhng chng trnh ngy trn my tnh ca nn nhnhin th cc thng tin qung co cc trang web khiu dm bt chp s ng ca


17/37

h. ci t chng khai thc nhng im yu ca h iu hanh hoc trnhduytweb v thng tin v iu ny chng nhn t cc Trojan ti chng trnh vTrojanbo v cc loi mcC ba kiu chng trnh khiu dm c

trngPhn loi cc kiu chng trnh

Type Name Description

Porn-Dialers Quay s tng

Nhng chng trnh ny t ng quay s n ccsin thoi ca dch v khiu dm, chng lu cc snynh mt dch v ca chng; khng ging ccTrojanquay s, chng cnh bo cho ngi dng v hnh vicachng

Porn-Downloaders

Chngtrnhti filetinternet

Chng trnh ny ti cc ni dung khiu dm vmytnh ngi dng, khng ging Trojan, chng cthngbo cho ngi dng v hnh vi ca chng

Porn-Tools Cc cng c Chng thng tm kim cc thng tin v hin th ccnidung khiu dm; nhng kiu cng c ny bao gmccthanh cng c hoc cc chng trnh xem phim

3-

RISKWAREChuyn mc con: cc mi nguy himkhcMc nguy him: trung

bnhNhng loi chng trnh kiu ny c s dung kh ph bin. Chng bao gmccmy trm IRC, chng trnh quay s t ng, cc chong trnh qun ldowload,cc hot ng qun l h thng my tnh, cc tin ch qun l password, vFPT,HTTP hoc cc my chTelnetTuy nhin, nu k l mt mun khai thc cc chng trnh ny hoc ci chng

trnmy tnh ngi dng, nhng chc nng ny c dng xuyn thng tngbomt ca mytnh.Cc chng trnh riskware c phn loi theo chc nng. C mt s loi cmt theo bng bndiPhn chia riskware theo chcnng


18/37

Type Name Description

Client-IRC

Chngtrnhchat

mykhch

Ngi dng ci t cc chng trnh ny giaotipvi cc knh Internet trung gian. K l mt

dngchng chy chng trnh mang m c.Dialers Chng

trnhquay s t ngNhng chng trnh ny to cc kt ni n quay srangoi thng qua modem.

Downloaders Tifile

Nhng chng trnh ny ti file mt cch b mttcc website.

Monitors Chngtrnhkimsot

Nhng chng trnh ny gim st cc hot ngcamy tnh m chng c ci t ln, bao gmgimst tnh thc thi ca ng dng, ca cc thao tc traoi d liu vi cc ng dng cc my tnh khc.

PSWTools Cc cng cphc himtm

Cng c ny dng xem hoc phc hi mt mbqun. K xm nhp thng ci chng vi mcch khi ci ln my tnh ca ngi dng.

RemoteAdmin

Chngtrnhqun l txa

Nhng chng trnh ny c s dng bingiqun tr h thng; cng c ny cho php truy cpticc my tnh xa gim st v qun l. Kxmnhp dng cc cng c ny cng vi mc ch khici ln my tnh ngi dng gim st v qunlmy ca ngidng.Cc mi nguy him t cc chng trnh qun tr txakhng ging cc chng trnh Trojan (hoc

backdor).Trojan c chc nng cho php chng t ly lantrongh thng v t ci chng; nhng chng trnhchnhthng khng c chc nng ny.

Server-FTP FTP servers Cung cp cc chyc nng ca FTP server. K

xmnhp ci chng trn my ca ngi dng cthtruy cp qua giao thc FTP.

Server-Proxy Proxy servers Cung cp cc chc nng ca proxy server. Kxmnhp ci chng trn my tnh ngi dng gispamt my ca nn nhn.


19/37

Server-Telnet Telnet servers Cung cp chc nng telnet. K xm nhp cichngln my tnh ca ngi dng ginh ly quyntruycp t xa qua giao thc Telnet.

Server-Web Web servers Cung cp chc nng ca web server. K xmnhpci chng ln my ngi dng ginh lyquyntruy cp qua giao thc HTTP.

RiskTool Cng c qun l Cng c ny cung cp thm cc chc nng qunlmy tnh my tnh ngi dng. Chng hn, cho php hacker

ncc file, n cc ng dng ang chy, tt cc tintrnhang chy.

NetTool Networktools

Cho php my tnh ny qun l my tnh khctrnmng, v d khi ng li my, tm cc portangm, chy cc chng trnh ci t trn ccmytnh khc.

Client-P2P

chngtrnhpeer-to-peer

Chng trnh c dng trong mng ngang hng.Kxm nhp c th khai thc pht tn ccchngtrnh mang m c.

Client-SMTP

SMTPtrnhkhch

Gi e-mail m thm. K xm nhp ci chng lnmytnh nn nhn gi spam mail ti cc mytnhkhc.

WebToolbar

Web toolbars Thm cc thanh cng c vo cc thanh trnhduytkhc.

FraudTool Chngtrnhgianln

Ngy trang nh cc chng trnh chun ma khc.Vd nh cc chng trnh chng virus gi hin thcctin nhn v vic tm thy cc chng trnh ccham c, nhng chng khng thy hoc khnghngn chn nhng th m chng thng bo.

B, NHNG MI E DAKHC

I-TH RC HAY TH NH4N KHNG MONG MUXN

Spam l cc mail n khng mong mun v thng i km vi cc qungco.Spam c ti thm trn cc knh v trn cc my ch email ca nh cungcp.


20/37

Ngi nhn phi tr tin cho vic s dng lu lng ng truyn cho ccspamemail ny lm cho vic nhn cc mail khng phi l spam b chm li. do ,trnrt nhiu quc gia, s dng v gi spam email l khng hp

php.ng dng ca cc Antivirus thng qut cc mail n trong Microsoft

OfficeOutlook, Microsoft Outlook Express, The Bat! v Thunderbird v nu n phihinra bt c spam mail no, cc email ny s b x l bng vic s dng hnhngno do ngi dng quyt nh, v d: di chuyn hoc ch nh li th mccaemail hoc xa chng i. ng dng cng c th qut lu lng mail truyn quaccgiao thc

POP3 hay IMAP da trn cc tag (th) tng ng v cc ch camailng dng ca Antivirus tt phi pht hin cc spam vi nguy him cao. Nsp dng mt vi k thut lc spam ti cng mt thi im: pht hin spam da

trna ch ca ngi gi hoc mt t, mt cm t no trong ch hoc trongnidung ca email, pht hin spam ha v s dng cc thut ton t thu thppht hin ra cc spam da trn phn ni dung caemailC s d liu chng spam (Anti-Spam) thng bao gm cc danh sch "en"v"trng" ca a ch ngi gi, danh sch cc t v cm t lin quan n mtviloi spam nh qung co , thuc v sc khe, c

bc ...Lng ngp v spam:

II-LrA *O

La o l mt loi hnh hot ng gian ln trn internet nhm mc ch nhcpthng tin c nhn t ngi s dng my tnh, chng hn nh s th tn dng vmPIN, n cp tin cah.


21/37

La o thngng lin quan n ngn hng trc tuyn. K xm nhp to 1 bnsaochnh xc ca trang web ngn hng v sau gi tin nhn n cc khch hngcangn hng. Khch hng s c thng bo rng do thay i hay h hng hthngtrang web ca ngn hng, ngi s dng ti khon b mt thng tin v vy

thnhvin phi xc nhn hoc thay i cc thng tin trn trang web ca ngnhng.Ngi dng truy cp cc trang web ca k la o v nhp vo cc d liucanhn cah.Cng ngh Chng La o ca mt Antivirus c th bao gm mt danh schcctrang web c bit n nh l trang web lao.Antivirus phn tch nhng email c gi n phn mm kim tra th int(Microsoft Office Outlook v Microsoft Outlook Express), v nu n tm thy1lin kt n website la o c lit k sn trong danh sch ca n vcxem l th rc. Nu ngi dng m thng bo v c gng lin kt nnhngwebsite trn, th v kt ni s b chnli.

III-T,N CNG HN THXNG M(NG

1 cuc tn cng h thng mng l 1 cuc xm nhp t xa vo h thng mngmytnh v c gng iu khin n. iu ny c th gy ra s t lit hoc truy cpnthng tin h thngmng.Hnh ng tn cng mng ca ngi xm nhp (v d: qut cc cng ca mytnh,c gng n cp mt m), hoc nhng phn mm nguy him ang hot ng

angchy cc cu lnh ca ngi tn cng, v d: chuyn thng tin ca ngi dngmytnh n ngi lp trnh ra on m him c nhim vo my tnh cangidng. Nhng chng trnh c xem l Trojan, nhng cuc tn cng DoS,nhngon m him c v bao gm cc loi my tnh ly lan quamng.S tn cng h thng mng ni b v cc b s dng cc im yu ca hiuhnh v cc phn mm. H c th chuyn nhng gi IP ring l trong khonthigian kt nimng.Mt Antivirus tt s gip ta ngn chn cc cuc tn cng m khng lm nhhngn kt ni ca h thng mng, c th nh mt cng ngh s dng cc c sdliu c bit. Nhng c s d liu ny cha ng nhng bn ghi xc nhnhnggi d liu IP c gi bi cc chng trnh tn cng. Trnh Antivirus phntnhcc kt ni mng v kha bt k gi d liu IP nguyhim.


22/37

Gia giao din en ngm l hnh thn cht cm li hi km thng ip much bai admin:

IV-BANNER QU*NG CO

Nhng banner hoc qung co l nhng ng dn lin kt ti website ca

ngiqung co, thng thng c th hin di dng hnh nh. S trnh bynhngbanner ti 1 website khng lm nh hng n vn bo mt ca mytnh,nhng n c xem nh lm gim hiu xut lm vic bnh thng ca mytnh.Ngi dng b sao lng vi nhng thng tin khng thch hp, v nhng bannernylm gia tng thm bng thnginternet.


23/37

Nhiu t chc cm t nhng banner qung co nh l 1 chnh sch an ton dliuca h.

Mt Antivirus s c chc nng kha nhng banner, da vo ng dn mbanners lin kt n website. N cp nht cc banner qung co v danh sch

databasequn l vic kha cc banner b kha, danh sch ny cha ng cc 1 danhschcc URL ca th gii. Phn mm x l cc lin kt ca website c ti v,sosnh chng vi danh sch trong c s d liu v nu tm thy n s xa milinkt ti a ch web trn v tip tc ti nhng phn khc ca trangweb.


24/37

Nhng qung co khchu:


25/37

C, PHNG TRNH V X L

VIRUSI-S

dng ph/n mIm diOt virus

Bo v bng cch trang b thm mt phn mm dit virus c kh nng nhnbitnhiu loi virus my tnh v lin tc cp nht d liu phn mm lunnhnbit c cc virus mi.Trn th trng hin c rt nhiu phn mm dit virus.Mts hng ni ting vit cc phn mm virus c nhiu ngi s dng c th knl: McAfee, Symantec,Kaspersky


26/37


27/37


28/37

II-S dng tng la

Tng la cng v mm ca cc hng th ba:

Tng la (Firewall) khng phi mt ci g qu xa vi hoc ch dnh choccnh cung cp dch v internet (ISP) m mi my tnh c nhn cng cn phisdng tng la bo v trc virus v cc phn mm c hi. Khi s dngtngla, cc thng tin vo v ra i vi my tnh c kim sot mt cch v thc

hocc ch . Nu mt phn mm c hi c ci vo my tnh c hnh ngktni ra Internet th tng la c th cnh bo gip ngi s dng loi b hocvhiu ho chng. Tng la gip ngn chn cc kt ni n khng mong mungim nguy c b kim sot my tnh ngoi mun hoc ci t vo ccchngtrnh c hi hay virus my tnh.


29/37

S dng tng la bng phn cng nu ngi s dng kt ni vi mngInternetthng qua mt modem c chc nng ny. Thng thng ch mc nhcanh sn xut th chc nng "tng la" b tt, ngi s dng c th truy cpvomodem cho php hiu lc (bt). S dng tng la bng phn cng khng

phituyt i an ton bi chng thng ch ngn chn kt ni n tri php, do kthp s dng tng la bng cc phnmm.S dng tng la bng phn mm: Ngay cc h iu hnh h Windows ngynay c tch hp sn tnh nng tng la bng phn mm, tuy nhin thngthngcc phn mm ca hng th ba c th lm vic tt hn v tch hp nhiu cngchn so vi tng la phn mm sn c ca Windows. V d b phnmmZoneAlarm Security Suite ca hng ZoneLab l mt b cng c bo v huhiutrc virus, cc phn mm c hi, chng spam, v tngla.

III-C5p nh5t cc b+n sa l_i ca hO iIu hnh

H iu hnh Windows (chim a s) lun lun b pht hin cc li bo mtchnhbi s thng dng ca n, tin tc c th li dng cc li bo mt chimquyniu khin hoc pht tn virus v cc phn mm c hi. Ngi s dng luncncp nht cc bn v li ca Windows thng qua trang web Microsoft Update(chovic nng cp tt c cc phn mm ca hng Microsoft) hoc WindowsUpdate(ch cp nht ring cho Windows). Cch tt nht hy t ch nng cp(sacha) t ng (Automatic Updates) ca Windows. Tnh nng ny ch h tr

ivi cc bn Windows m Microsoft nhn thy rng chng hpphp.Khuyn khch s dng cc phn mm m m bi nh tnh cng ng m nguycv bo mt rt thp. C th k cc h iu hnh m m mnh v quen thucnhUbuntu Linux, Chrome OS c kh nng bo mt rt cao, min ph v tha hcpnht bn vli.


30/37

Giao din ca Ubuntu, mt bn phn phi ni ting caLinux:

V-V

5n dng kinh nghiOm s dng my tnhI

c trn nhng my tnh vnc

ot ng khc thng ca my tnh: a phn ngi sdng

Cho d s dng tt c cc phn mm v phngthkh nng b ly nhim virus v cc phn mm c hi bi mu virus michac cp nht kp thi i vi phn mm dit virus. Ngi s dng my tnhcns dng trit cc chc nng, ng dng sn c trong h iu hnh v cc

kinhnghim khc bo v cho h iu hnh v d liu ca mnh. Mt s kinhnghimtham kho nhsau: Pht hin shmy tnh khng c thi quen ci t, g b phn mm hoc thng xuyn lmhiu hnh thay i - c ngha l mt s s dng n nh - s nhn bit c sthayi khc thng ca my tnh. V d n gin: Nhn thy s hot ng chmchp


31/37

ca my tnh, nhn thy cc kt ni ra ngoi khc thng thng qua tng lacah iu hnh hoc ca hng th ba (thng qua cc thng bo hi s cho phptruycp ra ngoi hoc s hot ng khc ca tng la). Mi s hot ngkhcthng ny nu khng phi do phn cng gy ra th cn nghi ng s xut hin

cavirus. Ngay khi c nghi ng, cn kim tra bng cch cp nht d liu mi nhtchophn mm dit virus hoc th s dng mt phn mm dit virus khc quttonhthng. Kim sot cc ng dng ang hot ng: Kim sot s hot ng cacc

t s tnh nng ca h iu hnh c th to iu kin cho sly

n virus trctuyn

phn mm trong h thng thng qua Task Manager hoc cc phn mm cahngth ba (chng hn: ProcessViewer) bit mt phin lm vic bnh thnghthng thng np cc ng dng no, chng chim lng b nh bao nhiu,chimCPU bao nhiu, tn file hot ng l g...ngay khi c iu bt thng ca hthng(d cha c biu hin ca s nhim virus) cng c th c s nghi ng v c

hnhng phng nga hp l. Tuy nhin cch ny i hi mt s am hiu nht nhcangi sdng. Loi bmnhim virus: Theo mc nh Windows thng cho php cc tnh nng autorungipngi s dng thun tin cho vic t ng ci t phn mm khi a a CDhoca USB vo h thng. Chnh cc tnh nng ny c mt s loi virus li dngly nhim ngay khi va cm USB hoc a a CD phn mm vo h thng(mtvi loi virus lan truyn rt nhanh trong thi gian gn y thng qua cc USBbng cch to cc file autorun.ini trn USB t chy cc virus ngay khi cm

USB vo my tnh). Cn loi b tnh nng ny bng cc phn mm ca hng thbanh TWEAKUI hoc sa i trongRegistry. S dng thm cc trang web cho php phthiV-

B+o vO d liOu my tnh

Nu nh khng chc chn 100% rng c th khng b ly nhim virus my tnhv

u.

i ca d liu cabn.

cc phn mm him c khc th bn nn t bo v s ton vn ca d liucamnh trc khi d liu b h hng do virus (hoc ngay c cc nguy c timtngkhc nh s h hng ca cc thit b lu tr d liu ca my tnh). Trong phm

viv bi vit v virus my tnh, bn c th tham kho cc tng chnh nhsau:Sao lu d liu theo chu k l bin php ng n nht hin nay bo v dliBn c th thng xuyn sao lu d liu theo chu k n mt ni an ton nhccthit b nh m rng ( USB, cng di ng, ghi ra a quang...), hnh thc nycth thc hin theo chu k hng tun hoc khc hn tu theo mc cp nht,thay


32/37

To cc d liu phc hi cho ton h thng khng dng li cc tin ch sn ccah iu hnh (v d System Restore ca Windows Me, XP...) m c th cnn

i hn ca

HM: TMHI

.Triu chng nhnbit:

cc phn mm ca hng th ba, v d bn c th to cc bn sao lu h thngbngcc phn mm ghost, cc phn mm to nh a hoc phn vng

khc.Thc cht cc hnh ng trn khng chc chn l cc d liu c sao lukhngb ly nhim virus, nhng nu c virus th cc phin bn cp nhtmphn mm dit virus trong tng lai c th loi b cchng.

Cc thit b lu tr: cng-USB-a CD

T U CONFIGKER V DNS-CHANGER:

I-CONFIGKER:1

Quy nh kha ti khon b t ng tito.

Ngi dng s thy PC bung ra rt nhiu qung co dng pop-up khc nhau.

Trnh iu th l m ngi dng cha tng thy cng nhcha

duyt web xut hin rtnhtng ti v ci t trcy.

Mt s thit lp trn h thng b thay i m ngi dng khng h hay bit. Vdtrang ch (homepage) ca trnh duyt b thay i sang trang khc v khng thili nh c cna.


33/37

Png rt chm khi c yu cu t my khch. Nghn mng ni

b.Th n mt s dch v ca Microsoft Windows nh t ng cp nht(AutomaticUpdates), Background

C t dng chy chm hn bnh thng rt nhiu. Trnh iu khin tn minphn

Intelligent Transfer Service (BITS), Windows Defender

vError Reporting Services b tt. Conficker ngn cn khng cho ngi dng truycpn mt s th mc nht nh cng nh khng cho php truy cp n ccwebsiteca cc hng bo mt nh www.symantec.com, www.mcafee.com... Trn hthngt dng xut hin mt s tc v c lp lch chy thng xuyn (scheduletask).2.Nguynl:Conficker l mt su tinh vi, n khai thc l hng an ninh MS08-067caMicrosoft. L hng ny xut hin trn c h iu hnh Windows 32 bit v 64

bit,mi phin bn Windows Windows 2000, Windows 95, Windows 98,WindowsMe, Windows NT, Windows Server 2003, Windows Vista, v Windows XPnu m vonh ngi dng cha ci t bn sa li ca Microsoft. Conficker lynhimy tnh m khng cn c s tc ng ca ngi s dng. Phng thc lynhimch yu ca con su my tnh ny l thng qua th nh USB hoc mt PC blynhim trong mng s t ng ly nhim sang cc PC khc ngang hng.Confickerc th t nhp c vo PC do (1) ngi dng ti v nhng phn mmtnhng website khng an ton trn mng Internet, (2) ngi dng c s dngccng dng chia s tp tin ngang hng v (3) ngi dng truy cp vo mtwebsitedng pht tn su Conficker. Mc ch cui cng ca con su Conficker l giptin tc ng ng sau n nm c quyn iu khin PC ca ngi dng.Bnchng c th t xa ra lnh cho PC ca ngi dng pht tn th rc, tncngwebsite, n cp d liu hoc dng la o trc tuynT bo v chnh n: Vic u tin Configker thc hin l v hiu ha cc dchvan ninh ca my, dch v update ca Windows cng nh cc cng c v phnmmc ci t chng lin.


34/37

T pht tn chnh n: Conficker c lp trnh t ng cp nht t cc tnminm n ngu nhin to ra. T ngy 1 thng 4 s lng tn min m n tm kimt update c th ln n 50.000 tn min mi ngy. K vit virus ch cn sdngmt trong nhng tn min ny pht tn cc phin bn mi caConficker.

3.Cch i ph:

Microsoft v Conficker Cabal - mt y ban c bit do Microsoft lnh ochng li Conficker, c th kim sot 13% s tn min ni trn, tuy vy consny cha th bo m bt c iug.Hin ti theo c on, s lng my tnh nhim su ny tng ln khong10triu my trn ton

cu.Hin ti cc hnh ng chng li Conficker phn ln l hot ng kim sotthithi n c th gy ra. V vy, nu mi ngi bo m my tnh ca mnhkhngcha virus ny v cp nht thng xuyn cc bn v mi t Microsoft th ylcch hu hiu v chc chn nht ngn chn t bng pht mi caConficker.


35/37

i vi su Conficker c th ngi dng nn nhanh chng ti v v ci t bncpnht

MS08-067 sm chng no hay chng . Tt nht ngi dng nn bttnh

nng t ng cp nht Automatic Updates cho Windows t ng ti v v

cit mi bn cp nht cn thit. Nu nh may mn cha b ly nhim suConfickerth ngi dng cng nn trin khai cc bin php bo v mnh trc khngchsu Conficker m c cc loi m ckhc.Bn cnh ngi dng cng nn s dng cc chng trnh chng virusdanhting nh Kaspersky, Symantec Norton bo v h thng. V hiu hahonton tnh nng AutoRun caWindows.

Ngoi ra ngi dng cng nn p dng cc bin php s dng Internet an tonnhkhng nn m cc tp tin nh km t cc email khng r ngun gc, nn tpthiquen qut cc a USB khi kt ni vo h thng, nn s dng mt khu bovWindows

II-DNSchanger

1.Lm my tnh c triu chng: khng th truy cp website ca cc cng tycungcp phn mm dit virus, cc bn v h iu hnh trong khi vn vo c boint hoc cc trang web tmkim.2.Nguynl:Sau khi ly nhim vo my tnh, virus lp tc can thip vo h thng, cn trcctruy cp n website hay my ch update ca cc phn mm dit virus. Bngcchny, chng khin ngi s dng khng th ti v phn mm dit virus hay

updatecc mu nhn din virus mi cho my tnh camnhNgoi vic cn tr ngi s dng khng th cp nht c phn mm ditvirus,cc virus s thc hin nh cp thng tin c nhn, ti khon ngn hng, tikhongame online hay ci backdoor kim sot mytnh.


36/37

Kt qu phn tch cho thy, cc k thut virus s dng cn tr truy cpgm:sa file host ca h thng (file thc hin nh x t tn min, tn my ra a chIP);Hook (kim sot), cc hm API phc v truy vn tn min gi mo kt qutrv; thay i a ch DNS Server tr n DNS Server c do hacker kim

sot.Cc k thut ny u nhm mc ch chuyn hng truy cp ca my tnh khiktni n my ch update hay website phn mm dit virus. Do , my tnh s

bchuyn hng kt ni n mt a ch gi mo hoc mt a ch khng tnti.

3.Cchdit:Cch n gin nht remove DNSChanger

TrojanNu DNS Changer trojan tim nhim vo my tnh ca bn th rt c th bncth cng b tim nhim nhiu virus v trojan khc. Mt trong cc chngtrnha thch cho vic tm kim cc vn ny l MalwareBytes Anti-Malware. ylmt chng trnh chng spyware mi nhng l mt trong nhng chng trnhttm c bit. Trong thc t, tc gi vit ra chng trnh ny to ra cc cngcc kh nng remove cho About:Blank hijacker mt vi nm cchy.i ph vi

DNSchanger:-Tt v g b nhng dch v khng cn thit. Theo mc nh nh h iuhnh,thit t li nhng dch v m khng phi FPT server, telnet, v web

server.

- Nu c nhng li e da cng vi vic khai thc nhng dch v mng v hiuhahoc truy nhp ti nhng dch v ng dng mng th bn c mt

conDNSchanger trong myri.

- Lun lun cp nht nhng thng tin mi nht, c bit trn nhng my chcnhng dch v co th tip cn xuyn qua Firewall, th d HTTP, FPT, mail vdchv DNS. (th d: Tt c cc my tnh trn Windows cn phi c cc dch vhinthi c ci t). ng thi, hy p dng bt k nhng s cp nht an tonnom ng tin cy hoc trn nhng Website ca nh cungcp.


37/37

- Bt buc phi c mt khu, nhng mt khu phc tp lm cho n khi canthipvo nhng files trn my

tnh.- Nhng email ca my ch nhim virut, ngn chn b email m chang

nhng files c s dng ui: (.vbs, .bat, .exe, .pif and.scr).C lp nhng my tnh b ly lan nhanh. Thc hin mt s phn tch khi

phcnhng my tnh s dng phng tin truy nhp thng tin c tincy.- Bn hy vo mt website downloaded nhng phn mm dit virut

trnInternet

Cc bcdit:1. V hiu ha H thng khi phc (WindowsMe/XP)2. Ci t chng trnh qut virut v cp nht phin bn minhtNorton AntiVirus 2006, Symantec AntiVirus Corporate edition 10.0 HocNortonAntiVirus 2005, Symantec AntiVirus Corporate edition9.03. Chy v qut ton b hthng.

a. Khi ng chng trnh Symatec ca bn v cho qut tt c ccfiles.

b. Chy mt h thng y vqutc. Nu c nhng files c pht hin ra th hy c theo nhng ch dn antivirustrn.4. Xa bt k nhng gi tr no thm vo ni ngk.Cc mc d liu Registry b

nhimHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.14885.255.112.223 -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{806586a1 a695 45bb 9075

Documents

De Tai Tim Hieu Virus-trojan-worm