摘要
为加固网络安全、防范木马攻击,结合实例研究了一种木马隐藏技术,实现了基于加载三级跳和线程守护的隐藏技术,增强了木马的隐蔽性与抗毁性,并提出了该技术相应的防范措施和清除方法。实验结果表明,融入该隐藏技术的木马程序完成了预期的隐藏功能并可以穿透最新的瑞星杀毒软件、瑞星防火墙及硬件防火墙,表明了该隐藏技术的可行性与有效性。
To reinforce network security and prevent Trojan horse attacks, a concealing technology by triple jump in load and thread guard is analyzed and implemented with an example, and a Trojan horse using the technology is programmed, and the hidden nature and survivability of the Trojan horse is enhanced by it. Finally, the corresponding cleaning method is put forward. Experimental results show that the Trojan horse completes the expected hidden features, and can penetrate the latest Rising anti-virus software, RisingFirewall and general hardware firewalls, which demonstrate the feasibility and effectiveness of the concealing technology.
出处
《计算机工程与设计》
CSCD
北大核心
2011年第2期489-492,496,共5页
Computer Engineering and Design
关键词
木马隐藏
线程守护
远程线程插入
加载三级跳
木马防范
Trojan concealment
thread guard
remote thread insert
triple jump in load
Trojan prevention