Professional Documents
Culture Documents
Tim Hieu Virus Hooker
Tim Hieu Virus Hooker
BI TP LN
Mn : H iu Hnh
Lp :
HTTT-K53
H Ni Thng 4/2011
Mc Lc
Tn phn : Trang :
3 4 4 5 7 7 9 9 14 15 19 20 21 Phn 1: Li ni u Phn 2: Ni Dung I. S lc v virus 1. Hooker l g 2. Lch s ca virus Hooker 3. Cu to ca Hooker II. Cch thc virus tip cn vo my 1. Cc dng ly nhim 2. Cch ly bm III. Cch thc hot ng 1. Sau khi trojan c kch hot chng s lm nhng vic nh sau 2. Cch thc ngy trang 2.1.Tin hnh vic ly thng tin 2.2.Tin hnh lin lc vi ch ca n 2.3RPC(Remote Procedure Call) 2.4. Cch thc Config virus Hooker IV. Lm sao bn t bo v mnh Phn 3: Tng Kt
N pht hin thm li kt ni RAS v c nh li ny. i khi n cng xung t vi mt vi ch .Khi keyloggingDll c cha trong LZW. 2.7.Version 2.3 beta 5: Hooker gi i cc keylog. Nu trong ca s ch c . iu c ngha l trojan khng th gi th i (Hooker ch cn lm y hp th vi mt lng ln cc th). 2.8.Version 2.3 beta 6: Ch cn mt cht thay i trong th tc gi mail l hooker c th bt u trn my m khng cn rasapi32.dll. 2.9.Version 2.4: Khng c thm phin bn, y l bn pht hnh.C nh t li trong tn ngi dng v tn my ch pht hin.C thm mt vi tnh nng:
Keylog y : nu khng c kim tra Hoocker s ch ng nhp ca
s, ni m c keystrokes.
Nng cao ng nhp: nu khng c kim tra, Hoocker s khng ng
b. Mt s loi Hook :
5
Trong Windows, khi chng ta thc hin cc thao tc nhp chut, nhn phm th h iu hnh s chuyn cc s kin ny thnh cc thng ip (message) ri a vo hng i (queue) ca h thng. Sau , cc thng ip c trao li cho tng ng dng c th x l. Hook l mt k thut cho php mt hm c th chn, theo di, x l, hoc hy b cc thng ip trc khi chng m n c ng dng. Hai v d thng gp ca Hook l ng dng son tho vn bn ting Vit (Unikey, Vietkey) v ng dng tra t in trc tip trn mn hnh (ClicknSee, Lc Vit MTD, English Study). Chng x l thng ip t bn phm i vn bn sang ting Vit, hoc x l thng ip t con chut ly vn vn di con tr. Chng trnh KeyLogger chuyn n cp mt khu cng s dng k thut ny , v con Virus Hooker cng da trn nguyn tc Xt v mt chc nng, Hook c 15 loi ng vi nhm s kin m n s x l : - WH_CALLWNDPROC - hook qun l cc thng ip trc lc h thng gi chng ti ca s ch - WH_CALLWNDPROCRET - hook qun l cc thng ip sau khi chng c x l bi th tc ca s ch - WH_CBT - hook nhn nhng thng bo c ch ti ng dng hun luyn trn c s tnh ton (CBT) - WH_DEBUG - hook c ch cho vic debug nhng th tc hook khc - WH_FOREGROUNDIDLE - hook s c gi khi thread foreground ca ng dng s tr thnh khng dng n. Hook ny c ch cho hot ng nhng nhim v (task) u tin thp trong thi gian khng c dng n - WH_GETMESSAGE - hook qun l cc thng ip c post ti hng thng ip - WH_JOURNALPLAYBACK - hook post nhng thng ip c ghi trc bi th tc hook WH_JOURNALRECORD
WH_JOURNALRECORD - hook ghi nhng thng ip u vo c post ti hng thng ip h thng. Hook ny c ch cho vic ghi cc macro - WH_KEYBOARD - hook qun l cc thng ip keystroke - KEYBOARD_LL Windows NT - hook qun l nhng s kin nhp vo t keyboard mc thp - WH_MOUSE - hook qun l cc thng ip chut - WH_MOUSE_LL Windows NT - hook qun l nhng s kin u vo chut mc thp - WH_MSGFILTER - hook qun l cc thng ip c kt sinh nh l mt kt qu cu s kin u vo trong dialog box, message box, menu hay scroll bar - WH_SHELL - hook qun l cc thng ip nhn thng bo hu ch shell cc ng dng - WH_SYSMSGFILTER - t mt ng dng cc thng ip c kt sinh nh l kt qu ca mt s kin u vo trong dialog box, message box, menu hay scroll bar. Th tc hook qun l nhng thng ip ny cho tt c cc ng dng trong h thng ng vi mi loi Hook, Windows s c mt chui cc hm lc (filter function) x l. V d, khi ngi dng nhn phm, thng ip ny s c truyn qua tt c cc hm lc thuc nhm WH_KEYBOARD
-
1. Cc dng ly nhim :
T ICQ : ICQ l 1 chng trnh my tnh cho php nhn gi tin nhn trc tip vi nhau qua dng ch vit hay ting ni , n ging Instant Messenger ca Yahoo hay MS . Nhng nhiu ngi li ngh rng Trojan khng th ly lan trong khi h ang ni chuyn c th gi cho h mt ch Trojan. C th bn bit n ICQ cho bn mt bug cho php bn gi mt file .exe ti ngi khc nhng khi ngi nhn nhn nh c v bn ang gi mt file m thanh, hnh nh
1.1
V d: C ngi no s thay i biu tng ca file.exe thnh file.bmp, v ni vi bn rng y l hnh ca anh. Bn s download n v v bum bum bum !!! Nhng nu ngi gi file i tn file.exe thnh .bmp th bn an ton, v khi file.exe i tn thnh .bmp th file.exe khng th thc hin. Nhng khi file gi n bn ng l mt con Trojan c kp chung vi file hnh nh v ngi gi thay i icon ca file.exe, khi Trojan s bt u chay m bn khng h nghi ng, v khi n vn hin hnh nh ca mt ai . l l do m hu ht ngi dng ni h khng chy bt k file no trong khi h l lm truyn vo m khng bit. 1.2 T IRC: Cng ging nh phng php ly truyn t ICQ phng php ly truyn qua IRC cng l la nn nhn chy Trojan trong my ca mnh.IRC(Internet Relay Chat) l dng lin lc cp tc qua mng Internet 1.3.T mail: Trojan c ly lan bng mail v tc ca n rt nhanh. Mt cch n gin v thng dng l Trojan s ly a ch mail trong address book pht tn cho nhng ngi bn ca bn. V th phng con virus ny chng ta hy ci ngay chng trnh c th kim tra mail trc khi download v v kim tra nhng mail c gi i. 1.4 T truy cp trc tip: Trong qu trnh s dng my tnh th c th do li truy nhp m h c th b dnh Trojan, hoc do mt ngi no xm nhp vo my ca mnh v lm cho my ca ta b Trojan tn cng. 1.5. Mt s th thut v mnh khe khc: Trn cc my Microsoft Windows, ngi tn cng c th nh km mt Trojan vo mt ci tn c v lng thin vo trong mt th in t vi vic d ngi c m tp nh km ra. Trojan thng l cc tp kh thi trn Windows v do s c cc ui nh l .exe, .com, .bat, .src. hay .pif. Trong nhiu ng dng ca Windows c cu hnh mc nh khng cho php hin th cc ui ny..Do , nu trojan c tn chng hn l Readme.txt.exe th tp ny s hin th mt
cch mc nh thnh Readme.txt v n s nh la ngi dng rng y ch l mt loi h s vn bn khng th gy hi. Cc biu tng cng c th c gn vi cc loi tp khc nhau v c th c nh km v th in t. Khi ngi ny dng , m cc biu tng th cc Trojan n du s tin hnh nhng tc hi bt ng.Hin nay cc Trojan khng ch xa cc tp , b mt iu chnh cu hnh ca my tnh b nhim m cn dng my ny nh l mt c s tn cng cc my khc trong mng. Li dng mt s li ca trnh duyt web, chng hn nh Internet Explorer, nhng Trojan vo mt trang web, khi ngi dng xem trang ny s b nhim. Ngi dng nn cp nht cc bn v li thng xuyn v dng mt trnh duyt web c bo mt cao nh Firefox
2. Cch ly bm :
trn l mt s cch thc m con virus ny tip cn my ca chng ta . cho n bm c vo cc vt mang tin nh trn th ch nhn con virus ny dng Godmessage lu trojan vo trong mail, trang web. Khi nn nhn m mail, hay trang web th s t ng b nhim trojan (Godmessage l mt cng c to ActiveX trn trang web. Ngi dng IE truy cp ti mt trang gi sn m ActiveX nguy him, th ngay lp tc trnh duyt ca h ti v mt file dng nn. V ln khi ng sau, n s c bung ra v bt u honh hnh) . ActiveX l mt on chng trnh cho php nhng con Hooker vo trong ti liu hoc trang web. Khi chng ta download mt ti liu no , chng hn l file nh , nu ngi gi file i tn file.exe thnh .bmp th bn an ton, v khi file.exe i tn thnh .bmp th file.exe khng th thc hin. Nhng khi file gi n bn ng l mt con Trojan c kp chung vi file hnh nh v ngi gi thay i icon ca file.exe, khi Trojan s bt u chay m bn khng h nghi ng, v khi n vn hin hnh nh ca mt ai . l l do m hu ht ngi dng ni h khng chy bt k file no trong khi h l lm truyn vo m khng bit
III.Cch thc hot ng: 1. Sau khi trojan c kch hot chng s lm nhng vic nh sau
- Tm v tr an ton n thn: on m chnh c th t to ra t 2 n 3 file v
9
c th nhiu hn na tm mt v tr tt m n , nhng ni m chng thch nht l... sytem, ...system32, trong c mt file gi l kch hot thng l cc file thi hnh vi ui c th l .com, .exe, .bat, .inf..., 1 file dng lu cc hm hoc th vin hoc thng tin, nu nh file cha th vin thng c ui l .dll, cn file cha thng tin thng c ui l .dat hoc l .tmp. - Ginh quyn khi ng : Sau khi n thn an ton chng bt u ginh quyn khi ng bng mt s cch - y l nhng ni m win u tin khi ng trc : - Trong cc Autostart Folder: v d file khi ng ca trojan l trojan.exe th C:\Windows\Start Menu\Programs\startup\trojan.exe. Trong file C:\windows\Win.ini ti dng lnh load=Trojan.exe hoc run=Trojan.exe - Trong file c:\windows\system.ini sau dng lnh shell Shell=Explorer.exe trojan.exe Trojan s t ng chy khi file Explorer.exe chy - Trong Autoexec.bat c:\....\Trojan.exe - Explorer Startup c:\explorer.exe,c:\...\trojan.exe - To mt kha trong Registry : [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio n\Run] "trojan"="c:\...\Trojan.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio n\RunOnce] "trojan"="c:\...\Trojan.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio n\RunServices] "trojan"="c:\...\Trojan.exe" [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersio n\RunServicesOnce] "trojan"="c:\...\Trojan.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
10
Run] "trojan"="c:\...\Trojan.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ RunOnce] "trojan"="c:\...\Trojan.exe" - Trong Registry Shell Open vi key l "%1 %*" [HKEY_CLASSES_ROOT\exefile\shell\open\command] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\com mand] trojan.exe "%1 %*" - Trong 1 s ng dng m cho php mt s chng trnh chy: v d ICQ [HKEY_CURRENT_USER\Software\Mirabilis\ICQ\Agent\Apps\] - Trong ActiveX [HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\KeyName] StubPath=C:\...\Trojan.exe - Tiu dit cc Phn mn antivirus v cc firewall tc l nhng chng trnh chng li n bng cch kim tra b nh v pht hin nu nh 1 s file no m ging nh list nm trong file d liu th remove hoc ngn chn li . Cc tin trnh m virus t ng kt thc trong khi thc thi : ZONEALARM.EXE WFINDV32.EXE WEBSCANX.EXE VSSTAT.EXE VSHWIN32.EXE VSECOMR.EXE VSCAN40.EXE VETTRAY.EXE VET95.EXE NT.98.EXET CA.EXE TBSCAN.EXE SWEEP95.EXE SPHINX.EXE SMC.EXE
11
SERV95.EXE SCRSCAN.EXE SCANPM.EXE SCAN95.EXE SCAN32.EXE SAFEWEB.EXE RESCUE.EXE RAV7WIN.EXE RAV7.EXE PERSFW.EXEP CFWALLICON.EXE PCCWIN98.EXE PAVW.EXE PAVSCHED.EXE PAVCL.EXE PADMIN.EXE OUTPOST.EXE NVC95.EXE NUPGRADE.EXE NORMIST.EXE NMAIN.EXE NISUM.EXE NAVWNT.EXE NAVW32.EXE NAVNT.EXE NAVLU32.EXE NAVAPW32.EXE N32SCANW.EXE MPFTRAY.EXE MOOLIVE.EXE LUALL.EXE LOOKOUT.EXE LOCKDOWN2000.EXE JEDI.EXE IOMON98.EXE IFACE.EXE ICSUPPNT.EXE ICSUPP95.EXEI CMON.EXE ICLOADNT.EXE ICLOAD95.EXE IBMAVSP.EXE IBMASN.EXE
12
IAMSERV.EXE IAMAPP.EXE FRW.EXEFPROT.EXE FP-WIN.EXE FINDVIRU.EXE F-STOPW.EXE F-PROT95.EXE F-PROT.EXE FAGNT95.EXE ESPWATCH.EXE ESAFE.EXE ECENGINE.EXE DVP95_0.EXE DVP95.EXE CLEANER3.EXE CLEANER.EXE CLAW95CF.EXE CLAW95.EXE CFINET32.EXE CFINET.EXE CFIAUDIT.EXE CFIADMIN.EXE BLACKICE.EXE BLACKD.EXE AVWUPD32.EXE AVWIN95.EXE AVSCHED32.EXE AVPUPD.EXE AVPTC32.EXE AVPM.EXE AVPDOS32.EXE AVPCC.EXEAVP32.EXE AVP.EXE AVNT.EXE AVKSERV.EXE AVGCTRL.EXE AVE32.EXE AVCONSOL.EXE AUTODOWN.EXE APVXDWIN.EXE ANTI-TROJAN.EXE ACKWIN32.EXE
13
chng c kh nng ly thm d liu cc my khc hoc gip cho ch nhn ca n c th truy cp t xa hay kt ni vo my vistim ly thng tin hoc ginh quyn iu khin my vistim nh : del, upload, down ..., chim HTTP, FPT, SMTP... gip cho vic lin h vi ch nhn ca n c d dng.
15
RPC c thit k cung cp cho vic truyn ti thng tin gia client v server d dnghn, bo mt hn, v thun tin hn cho vic ng b ha cc lun d liu. Cc hm cha trong RPC h tr cho vic truy cp bt k chng trnh no i hi phng php giao tip t client n server. Hnh bn di s cho chng ta thy kin trc ca RPC
Hnh 1: Kin trc Remote Procedure Call B. Cc thnh phn ca RPC Thnh phn Client or server process RPC stubs Miu t Chng trnh hoc dch v tr li t yu cu ca RPC
Nhng h thng chng trnh con c dng bi client hoc server khi ng yu cu RPC. Cung cp mt giao din chung gia RPC Client v RPC Server v Marshalling engine c chia lm 2 loi: NDR20 v NDR64. NDR20 c dng cho h (NDR20 hoc tng 32 bits. Trong khi NDR64 c ti u dng cho h tng 64 NDR64) bits. Client v Server s thng lng nn chn NDR20 hay NRD64 giao tip vi nhau Cung cp giao din cho RPC ti Clients hoc Servers. Thng thng, RPC Clients v Servers s gi hm API (giao din lp trnh ng dng) Runtime application khi to RPC v chun b cu trc d liu s c s dng thc programming hin cuc gi RPC. Lp API s quyt nh nu yu cu RPC n t interface (API) marshalling engine hoc trc tip t client/server n my ch ni b hoc my ch t xa. Sau lp API s dn ng cho RPC n Connection RPC, Datagram RPC hoc Local RPC Layers
16
c s dng khi RPC yu cu giao thc kt ni. Lp ny s ch nh s dng giao thc kt ni nu RPC c gi i hoc nhn c mt kt ni hng ti RPC c s dng khi RPC yu cu giao thc phi kt ni. Lp ny s ch nh s dng giao thc phi kt ni nu RPC c gi i hoc nhn c mt phi kt ni ti RPC
Local RPC protocol c s dng khi Server v Client t trong cng mt host. engine c truy cp khi dch v RPC u tin c ti v. Cc thnh phn trong registry s ch nh dy port IP v tn thit b ca cc card mng Registry RPC c th kt hp chng li vi nhau. Tr khi API p buc RPC phi dng, Registry s khng c s dng trong hot ng ca RPC Kernel32.dll l mt file th vin ng 32 bits c trong Windows NT. File ny chu trch nhim qun ly b nh, cc hot ng vo ra ca h Win32 APIs thng (kernel32.dll, Advapi32.dll l file nng cao ca Windows 32 da trn giao din lp advapi32.dll, trnh ng dng. File ny h tr v bo mt v gi cc registry ntdll.dll) Ntdll.dll l file dll qun l chc nng cc file h thng ca Windows NT Cung cp giao din bo mt cho RPC. File secur32.dll s thng SSPI lng cch dng cho vic chng thc v m ha nh: Kerberos, (secur32.dll) NTLM, hoc Secure Sockets Layer (SSL) Rpcss.dll (Remote procedure call subsystem) ch yu cung cp c s h tng cho cc dch v COM, nhng mt phn ca Rpcss.dll c Endpoint Mapper dng cho EPM. RPC Server lin lc vi EPM nhn nhng im kt (EPM) thc ng v ng k nhng im ny vo c s d liu ca EPM. (rpcss.dll) Ri sau khi RPC Clients mun kt ni ti RPC Server, n s lin lc vi EPM nh EPM phn gii nhng im kt thc.. Ch c s dng cho qu trnh x l RPC client khi giao din bo mt c th nh Kerberos hoc Negotiate nh nh cung cp bo mt hoc khi Server dng NTLM nh nh cung cp bo mt Active Directory Used in the RPC client process only when the security interface specifies Kerberos or Negotiate as the security provider or when the server uses NTLM as the security provider. c s dng thng qua cc yu cu v tr li ca RPC gia Client Network stack v Server c s dng thng qua cc yu cu v tr li ca RPC gia Client Kernel v Server C. Qu trnh x l v tng tc ca RPC Cc thnh phn ca RPC s gip cho Clients x l d dng bng cch gi hm nm trn mt chng trnh t xa. Client v Server c mt a ch khng gian ring; iu c
17
ngha l mi ngun ti nguyn b nh ca Client v Server cp pht cho d liu s c dng bi hm.
Hnh 2: Qu trnh x l ca RPC Qu trnh x l ca RPC bt u t pha Client. ng dng t pha Client s gi Client stub thay v client phi vit code trin khai cho hm . Cc stub s c bin son v lin kt vi cc ng dng t pha client trong qu trnh pht trin. Thay v cha m code thc hin th tc gi hm t xa, cc code ca stub s yu cu truy vn nhng tham s t a ch khng gian ca Client v sau chuyn chng vo th vin chy thc ca client. Sau , th vin chy thc ca client s bin dch nhng tham s cn thit vo nh dng chun NDR (Network Data Representation) chuyn giao cho Server. Tip theo stub ca Client s gi hm trong th vin chy thc ca Client (rpcrt4.dll) gi cc yu cu v thng s ca n n server. Nu server c t trong cng 1 host vi client, th vin chy thc c th s dng cc tnh nng ca Local RPC (LRPC) v thng qua cc yu cu ca RPC ti Windows kernel cho vic truyn ti n server. Nu server c t mt host khc, th vin chy thc s xc nh mt giao thc truyn ti thch hp v thng qua cc yu cu ca RPC n Network Stack cho vic truyn ti n server. RPC c th dng cc c ch trao i khc (Interprocess Communications IPC) nh: Name pipes v Winsock thc hin truyn ti n server. Bng di y s lit k cc giao thc mng h tr RPC v cc loi RPC kt ni vi giao thc tng ng c s dng Protocol Transmission Control Protocol (TCP) Sequenced Packet Exchange (SPX) Named Pipe HTTP User Datagram Protocol (UDP) Cluster Datagram Protocol (CDP) RPC Type Connectionoriented Connectionoriented Connectionoriented Connectionoriented Connectionless Connectionless
18
Khi Server nhn c yu cu ca RPC(t pha client trong ni b hoc client t xa), cc hm trong th vin chy thc RPC ca Server chp nhn cc yu cu v gi hm x l Server Stub. Server stub s truy vn cc tham s t network buffer v chn 1 trong 2 loi NDR20 hoc NDR64 (trong NDR Marshalling Engines), sau chuyn i chng t nh dng truyn ti mng sang nh dng theo yu cu bi my ch. Sau cc th tc t xa s c chy, c kh nng xut ra cc tham s v tr v gi tr. Khi cc th tc t xa hon tt, mt chui cc bc tng t s tr v d liu cho Client Cc th tc t xa tr d liu ca n v cho Server Stub, chn 1 trong 2 loi NDR20 hoc NDR64 (trong NDR Marshalling Engines), chuyn i nhng tham s c xut ra thnh nh dng truyn ti mng n client v tr chng vo th vic chy thc RPC ca Server. Sau th vin chy thc RPC ca Server s truyn ti d liu n my tnh ca Client bng LRPC hoc qua network. Client hon tt cc th tc bng cch chp nhn d liu qua mng v tr d liu v gi hm. Th vin chy thc RPC ca Client nhn c th tc t xa tr v gi tr, chuyn i gi tr t NDR 20 hoc NDR64 v nh dng c dng bi Client, v tr chng v client stub. i vi Microsoft Windows, th vin chy thc c chia lm 2 phn: 1. Import Library: lin kt vi cc ng dng 2. Th vin chy thc RPC( RPC Runtime Library): c trin khai nh l DLL D. Cc Ports dng cho RPC Cc chng trnh RPC Server thng thng dng nhng port ng ( trnh gy xung t vi cc chng trnh v cc giao thc c ng k trong dy Well-known TCP Ports). Bng di y s lit k cc port dng cho RPC Service Name HTTP Named Pipes RPC Endpoint Mapper RPC Server Programs UDP 80, 443, 593 445 135 <Dynamically assigned> TCP 80, 443, 593 445 135 <Dynamically assigned>
19
Sau ta chy file Hkconf.ini : ta thay i cc thng s ca file ny : - host = mail.vnn.vn - mailto=a ch email ca bn (ni m trojan gi account v) - reg_desc = TaskMem - exename = MSCR56.exe Sau khi thay i xong bn save li ! ri chy file Config.bat Sau khi tin hnh xong n s to ra mt file , file ny chnh l file c han thin v c th hot ng . Lc ny chng ta ch cn gi i cho victim .
20
PHN III:TNG KT
Con ngi lun mun chinh phc khng gian, t xa xa ti gi khng gian l mt th thch ln nht m con ngi lun tm cch thng n, bn c ngh th xem cng ngy con ngi cng mun lm gim khong cch v khng gian. in hnh nht l ngi ta lun mun tm mi cch tng tc di chuyn ca cc loi hnh giao thng , v d tng vn tc ca xe hi , tu , my bay... Con ngi mun rng trong mt khong thi gian v cng ngn h s n c mt ni m h mong mun gim bt thi gian di chuyn , v thi gian l vng bc . Trong ngnh CNTT cng vy, vn thng tin , d liu v cng qu gi , nhng di chuyn d liu t mt ni ny n ni khc cng cn phi c thi gian chnh v vy m cc cng ngh lun ngy cng i thay, cc HH, cc k thut mi cng nhm mc ch p ng vn ny. Hacker a s l nhng ngi mun lm ch khng gian , h ch cn ngi mt ni ny c th vo mt my tnh mt ni no ly d liu hoc thm nhp vo m khng cn phi dng ti cc cng c di chuyn y l mt th mnh nht ca CNTT m tt c cc ngnh khc u khng c th lm c , v vy tng ca con trojan remote boot ra i c phn no gip cho bn v vn truy cp d liu mt ni rt xa . Hin nay c rt nhiu cng c cho php bn remote boot v d Pc any where , remote boot trong winxp..., trong Trojan cng l mt cng c rt tuyt vi, chng ta bt u cm thy cc cc ch Trojan ngy cng tin b theo CNTT? V trojan Hooker m chng ta va xt tr nn li thi nhng n gp phn cho s a dng ca Trojan ring v th gii virus ni chung.
21