TIỂU LUẬN ATHTTT - TÌM HIỂU TROJAN

I. MO DAU .......................................................................................................
3
II. NI DUNG ................................................................................................... 3
1. Trojan l g? ............................................................................................. 3
2. D}c dim trojan. ...................................................................................... 4
3. Cc dng Trojan co ban .......................................................................... 7
a. Remote Access Trofans ( RAT ) Cho k tan cong kim soat toan b h
thng t xa ..................................................................................................... 8
b. Data-Sending Trofans Gi nhng thong tin nhy cam cho k tan cong 8
c. KeyLoggers ............................................................................................ 9
d. Destructive - Trofan pha hoi ...............................................................10
e. Denial Of Service (DoS) Attack Trofans T chi dch vu ....................10
f. Proxy / Wingate Trofans ........................................................................11
g. FTP Trofans ..........................................................................................11
h. Software Detection Killers .....................................................................11
i. Trofan chim quyn diu khin leo thang dc quyn ..............................12
4. Tuong lai cua Windows Trojan .............................................................12
5. My tnh b| nhim Trojan nhu th no .................................................13
a. Yahoo Messenger va cac phan mm chat trc tuyn khac ......................13
b. Qua file dinh kem...................................................................................13
c. Truy cp vt ly .......................................................................................14
d. Xam nhp qua cac lo hong trinh duyt Web va Email ............................16
e. Netbios(File Sharing) ............................................................................16
6. Ke tn cng dng Trojan tm kim nhng g? ......................................16
7. Cc cng duc su dng boi cc Trojan ph bin ..................................18
8. Lm th no d bit my tnh d b| nhim Trojan ...............................18
9. Cch pht hin cc chuong trnh Trojan ..............................................20
a) Phat hin Port s dung bi Trofans .......................................................20
b) Cach phat hin cac chuong trinh dang chy ..........................................22
c) Tim mt chuong trinh chy luc khi dng ..............................................23
10. Su dng mt s loi Trojan ....................................................................24
a) Trofan Tini ............................................................................................24
b) iCmd Trofan ..........................................................................................25
c) Netcat Trofan. ........................................................................................27
11. Cch n mt ho}c nhiu Trojan vo mt file .exe hay file chy bnh
thung ..............................................................................................................28
12. Cch phng chng Trojan ......................................................................31
III. KET LUAN ................................................................................................32
IV. TI LIJU THAM KHAO .........................................................................33

I. MO DAU
Trojan la mt chuong trinh gy hai cho may tinh . No duoc su dung vao rt
nhiu muc dich nhu n cp thng tin ca nhn, pha hoai may tinh, .. Gn dy,
Trojan con duoc phat trin trong linh vuc tinh bao.
Bai tim hiu nay la mt bai vit tim hiu v trojan, cach no lam vic, su thay
di cua no va di nhin, chin luoc d giam thiu nguy co nhim no.
Trojan chi la 1 khia canh nho cua Window security nhung chung ta s som
nhn ra su nguy him va kha nng pha hoai cua no lon nhu th nao sau khi doc
nhung diu ma chung ti trinh bay sau dy

II. NI DUNG
1. Trojan l g?
Truoc tin chung ta cn phai bit Trojan la gi? Trojan la:
- Mt chuong trinh trai phep duoc chua trong 1 chuong trinh hop phap . Cac
chuong trinh nay s thuc hin cac chuc nng n voi nguoi dung (khng
mong mun)
- Do cng co th la 1 chuong trinh hop phap nhung d duoc thay di boi su
b tri cua cac doan m tri phep. Khi chuong trinh khoi chay, cac doan m
trai phep nay s thuc hin cac chuc nng n voi nguoi dung va nhiu khi la
cac chuc nng khng mong mun
- Bt cu 1 chuong trinh nao xut hin nhm thuc hin 1 chuc nng cn thit
cua nguoi su dung nhung no lai thuc hin cac chuc nng n voi nguoi dung
va thuong la khng mong mun vi ban thn code cua chuong trinh sinh ra
nhm thuc hin 1 muc dich nao do cua nguoi vit( thuong la muc dich xu).
Nhu vy Trojan la mt chuong trinh n, xm nhp vao h thng va pha hoai tu
bn trong. No tuong tu nhu cu chuyn thn thoai v con ngua thanh troy trong
thn thoai Hy Lap. Va cai tn trojan bt ngun tu y tuong nay. Ln du tin Trojan
duoc bit dn la khi Cult oI the Dead Cow tao ra Back OriIice, mt Trojan ni
ting tn cng vao cng 31337.

2. D}c dim trojan.
Khng nhu Virus, Trojan khng tu nhn ban. Trojan co 2 phn, Client va
Server. Ke tn cng s gui phn Server dn nan nhn, khi Server duoc khoi chay
trn may tinh nan nhn, ke tn cng s su dung cac Client d kt ni voi Server
trong may nan nhn va bt du su dung cac Trojan.

Giao thuc TCP/IP thuong duoc su dung cho truyn thng, nhung mt s
chuc nng cua Trojan su dung giao thuc UDP. Khi Server khoi chay trn may tinh
nan nhn, no thuong n o mt noi nao do trong may tinh, bt du lng nghe trn
mt s cng ( Listening), bt du cho phep ke tn cng chinh sua registry va tu
khoi dng mt s phuong thuc tn cng khac.
Mt diu rt quan trong trong tn cng mang la ke tn cng phai bit IP cua
nan nhn. Vi th Trojan duoc thit k co tinh nng tu dng gui thu co ni dung la
IP cua nan nhn nhu mt tin nhn cua ke tn cng. Diu nay s duoc su dung khi
may tinh nan nhn su dung IP dng. Nu nguoi su dung ADSL dung IP tinh s d
dang bi tn cng hon vi IP nay d bi cac ke tn cng loi dung,
Hu ht cac Trojan su dung phuong thuc tu dng khoi dng (Auto-Starting
), do do ngay ca khi ban tt may vn co kha nng bi ke tn cng su dung Trojan
khoi dng lai va truy cp vao may tinh cua ban. Kha nng tu khoi dng va mt s
thu doan khac hoat dng o moi thoi dim. Trojan bt du xm nhp may tinh bng
cach gn minh vao 1 s cac ung dung thuc thi thuong dung nhu explorer.exe, va di
dn cac phuong thuc thay di Iile h thng hoc Window Registry. Tp tin h
thng dt trong thu muc Windows va dy la noi ma ke tn cng tn cng vao h
thng. Cac thu muc ke tn cng co th loi dung:
Thu muc khoi dng (Autostart Folder ):
Thu muc khoi dng nm o C:\Windows\Start Menu\Programs\startup, va
nhu tn goi cua no , cac thanh phn trong thu muc nay s duoc tu dng khoi
dng khi Windows khoi dng
Win.ini
File h thng cua Window duoc tai ~ Iile Trojan.exe duoc khoi chay ~
Trojan bt du hoat dng
System.ini
Wininit.ini
Winstart.bat
Autoexec.bat
La mt Iile DOS tu dng khoi dng va no duoc su dung nhu 1 phuong thuc
tu dng khoi dng nhu sau: C;\Trojan.exe
ConIig.sys
Duoc su dung nhu mt phuong thuc tu dng khoi chay cho Trojan
xplorer Startup
Registry thuong duoc su dung cho nhiu phuong thuc tu dng khoi dng khac
nhau. Co th k dn 1 s cach sau:
|HK*LOCAL*MACHIN\SoItware\MicrosoIt\Windows\CurrentVersion\Run|
"InIo""c:\directory\Trojan.exe"
|HK*LOCAL*MACHIN\SoItware\MicrosoIt\Windows\CurrentVersion\Run
Once| "InIo""c:\directory\Trojan.exe"
|HK*LOCAL*MACHIN\SoItware\MicrosoIt\Windows\CurrentVersion\RunS
ervices| "InIo""c:\directory\Trojan.exe"
|HK*LOCAL*MACHIN\SoItware\MicrosoIt\Windows\CurrentVersion\RunS
ervicesOnce| "InIo"c:\directory\Trojan.exe"
|HK*CURRNT*USR\SoItware\MicrosoIt\Windows\CurrentVersion\Run|
"InIo""c:\directory\Trojan.exe"
|HK*CURRNT*USR\SoItware\MicrosoIt\Windows\CurrentVersion\RunOn
ce| "InIo""c:\directory\Trojan.exe"
#egistry Shell Open
|HK*CLASSS*ROOT\exeIile\shell\open\command|
|HK*LOCAL*MACHIN\SOFTWAR\Classes\exeIile\shell\open\command|
Mt khoa co gia tri '1 duoc dt vao do va nu co 1 s tp tin thuc thi dt o
do thi no s duuoc thuc hin mi khi ban mo mt Iile nhi phn. No duoc su dung
nhu sau: Trojan.exe '1, va no s khoi dng trojan
ICQ Net Detect Method
|HK*CURRNT*USR\SoItware\Mirabilis\ICQ\Agent\Apps\|
Khoa nay gm tt ca cac Iile s duoc thuc hin nu ICQ phat hin kt ni
Internet. Ban co th hiu rng,tinh nng nay rt tin dung nhung lai d bi lam dung
boi cac ke tn cng
ActiveX Component
|HK*LOCAL*MACHIN\SoItware\MicrosoIt\Active Setup\Installed
Components\KeyName| StubPathC:\directory\Trojan.exe
Dy la nhung phuong thuc tu dng khoi dng ph bin nht su dung Iile h
thng va Windows registry

3. Cc dng Trojan co ban
Co rt nhiu bin th cua Trojan duoc tao ra va tht kho d k tn va m ta
ht chung. Nhung chung quy lai no du duoc tao ra d thuc hin mt s chuc nng
lit k sau, va mt s chuc nng con chua duoc hoc khng bao gio duoc cng
khai.
a. Remote Access Trofans ( RAT ) Cho k tan cong kim soat toan b h
thng t xa
Dy co l la loai Trojan duoc su dung nhiu nht. Khi Trojan nay duoc kich
hoat, no s cung cp cho ke tn cng suc manh lam vic trn may tinh cua nan
nhn hon so voi chinh ban thn nan nhn khi dung truoc thit bi cua ho. Hu ht
cac Trojan loai nay thuong duoc kt hop voi cac loai khac duoc trinh bay bn
duoi. Y tuong cua nhung Trojan nay la cung cp cho ke tn cng truy nhp thanh
cng vao may tinh cua mt ai do, qua do truy cp vao cac tp tin quan trong, thng
tin , du liu ca nhn, thng tin cac tai khoan cua chu nhn may tinh luu trong thit
bi...Cac tinh nng cua RAT phat trin hang ngay va to ra nguy him hon.
Mt vi du don gian cua Trojan loa nay la trojan GirlIriend, trojan nay khi duoc
kich hoat trong may nan nhn s khng cho nan nhn shutdow, hin thi 1 doan text
trn man hinh, nhiu khi chung con chat voi nan nhn nua. Cac Hacker thwuognI
nguy trang chung duoi dang Iile anh va giu dui .exe di.
Cach thuc lam vic cua Trojan RAT cng tuong tu nhu cac Trojan khac. Chung
thuong n nau trong cac chuong trinh lon, khi ban chay chuong trinh nay thi chung
cng duoc kich hoat. Mi RAT thuong chay server voi mt cng ring bit ma o
do hacker co th duoc "moi vao !". Cac trojan khi vao may thuong tao ra mt Iile
thuc thi nao do hoc ghi thm dong lnh tu kich hoat vao trong Iile win.in. Co
nhiu luc ban bit no la trojan nhung cng khng th v hiu no bng nhung cach
thng thuong, vi chung thuong la mt chuc nng "regedit" cua Windows. Co nhiu
trojan kich hoat nhung Iile ma ta thuong nghi chung la cua h diu hanh.
Din hinh cua Trojan RAT la Back OriIice, Net Bus, Remote Anything.
b. Data-Sending Trofans Gi nhng thong tin nhy cam cho k tan cong
Muc dich cua nhung Trojan nay khi duoc kich hoat la trich xut tt ca mt khu
luu tru va cung co th tim kim cac mt khu khac ma ban dang nhp sau do gui
chung vao 1 tai khoan e-mail cua ke tn cng ma nan nhn la ban khng h nhn
thy diu gi. Mt khu cho ICQ,IRC,FTP,HTTP hoc bt ky mt ung dung nao
khac ma yu cu nguoi dung phai nhp tn dng nhp va mt khu s duoc gui dn
dia chi thu din tu cua ke tn cng, ma hu ht cac truong hop la cac dia chi mail
min phi. Hu ht trong s chung khng khoi dng lai khi Windows duoc nap, va
nhu tn goi cua no, Trojan loai nay s thu thp tht nhiu thng tin trong thit bi
cua nan nhn nhu Password, nht ky mIRC, cac cuc hi thoai ICQ va thu din tu
cua ho. Tuy nhin no cng phu thuc vao nhu cu cua ke tn cng cng nhu tinh
hinh cu th.
Din hinh cho Trojan loai nay co th k dn Bari, Barok .
c. KeyLoggers
Trojan loai nay rt don gian. Khi duoc khoi chay trong may cua nan nhn,
trojan nay co nhim vu tao mt nht ky luu lai tt ca cac thao tac nan nhn thao tac
trn ban phim, di nhin khng th thiu cac thng tin nhay cam v account va
password cua nan nhn, sau do gui v mt dia chi mail cua ke tn cng. File nht
ky (log) nay cho phep ke tn cng tim kim cac thng tin ca nhn nhay cam cua
nan nhn nhm muc dich chim doat cac tai khoan ca nhn cua nan nhn.
Keyloggers thuong hoat dng rt m, su dung rt it b nho, chay nhu mt chuong
trinh nn, nn rt kho nhn ra. Hu ht cac Trojan loai nay du duoc thit lp d
hoat dng truc tuyn va ngoai tuyn (Online va oIIline). Va tt nhin chung s
duoc thit lp d gui cac thng tin thu thp duoc gui v mail cua ke tn cng theo
k hoach.
Din hinh cua loai trojan nay la Kuang Keylogger.
d. Destructive - Trofan pha hoi
Chuc nng duy nht cua Trojan nay la tiu dit va xoa cac tp tin. Diu nay
khin chung rt don gian va d su dung. Khi duoc kich hoat chung co th tu dng
xoa tt ca cac tp tin h thng quan trong trong may tinh nan nhn ( Nhu cac Iile
*.dll, *.ini hoc cac tp tin *.exe, va mt s Iile khac ). Trojan duoc kich hoat boi
ke tn cng hoc di khi no hoat dng nhu 1 chic dng h hen gio, tu kich hoat
vao 1 thoi gian nht dinh theo chu ky thit lp boi ke tn cng. Tuy don gian
nhung dy lai la 1 loai Trojan v cung nguy him va rt kho kim soat.
Vi du v Trojan lao nay la Goner worm. No duoc phat hin nm 2001 voi muc
dich xoa di cac phn mm anti-virus va cac Iile trn may nhan nhn
e. Denial Of Service (DoS) Attack Trofans T chi dch vu
Trojan loai nay dang dn tro nn ph bin. Chung dem lai suc manh cho ke tn
cng khi tp hop du s nan nhn. Y tuong chinh cua Trojan loai nay la nu ban co
200 nguoi dung ADSL bi nhim va bt du cung tn cng nan nhn dng thoi, diu
nay s tao nn nhiu luot truy nhp dn nan nhn ( thuong la vuot qua bng thng
cua nan nhn ) lam cho cac truy nhp Internet cua nan nhn bi sp (dong bng).
WinTrinoo la 1 cng cu tn cng DDoS dang ph bin hin nay, va nu ke tn
cng lam nhiu nguoi su dung Internet nhim Trojan nay thi vic cac website lon
bi danh sp theo chu dich cua ke tn cng la mt kt qua tt yu, nhu chung ta d
thy no din ra trong thoi gian qua (Mt s trang Web lon cua Vit Nam cng bi
tn cng dang nay nhu tinh trang tu chi dich vu cua trang http://vietnamnet.vn/
thoi gian qua)
Mt bin th khac cua DoS trojan la mail-bomb trojan. Muc dich cua trojan nay
la ly lan cang nhiu may tinh cang tt va dng thoi tn cng cac dia chi email cu
th.
f. Proxy / Wingate Trofans
Mt tinh nng thu vi cua nhiu loai trojan la bin may tinh cua nan nhn thanh 1
may chu proxy/wingate mo cho toan th gioi hoc chi cho cac ke tn cng. No
duoc su dung voi cac Telnet, ICQ,IRC,. n danh hay cng co th dng ky tn
min voi cac the tin dung bi danh cp va nhiu hoat dng bt hop phap khac. Diu
nay cho phep giu thng tin ke tn cng, ke tn cng co th lam moi thu tu may
tinh cua nan nhn va nu bi phat hin thi moi du vt s luu lai trn may cua ban.
S rt nguy him cho nguoi dung Internet thuong xuyn nu bi nhim loai trojan
nay. Ke tn cng s dung cac may nay lam tram trung gian d thuc hin cac hoat
dng pham phap ma tranh duoc cac bin phap ln theo du vt cua cac co quan
chuc nng.
g. FTP Trofans
Loai trojan nay co l la loai don gian nht va la 1 loai li thoi. Diu duy nht no
thuc hin la mo cng 21 ( cng dung cho vic truyn thng FTP ) va cho phep tt
ca moi nguoi hoc chi minh ke tn cng kt ni voi may tinh cua ban.Khi nhim
Trojan nay, may tinh nan nhn nhu ngi nha khng cua d cac ke tn cng xm
nhp may tinh cua nan nhn va tai cac tai liu tu may cua nan nhn
h. Software Detection Killers
Chuc nng nay co th duoc xy dung trong 1 trojan hoc tao thanh 1 chuong
trinh ring bit. No s tim va tiu dit cac chuong trinh bao v may tinh nhu phn
mm dit virus, tuong lua, .. Va khi chung bi tiu dit, ke tn cng co th tn
cng vao may tinh cua ban d thuc hin 1 s hoat dng bt hop phap, su dung may
tinh cua ban d tn cng nguoi khac.
i. Trofan chim quyn diu khin leo thang dc quyn
Thuong duoc su dung di voi cac admin kem coi . Chung co th duoc 'gn
vao trong mt ung dung h thng . Mt khi nguoi quan tri h thng chay chung ,
chung s tao cho hacker quyn cao hon trong h thng va cho ho quyn xm nhp
h thng .
Con co 1 s loai trojan nua trong do bao gm ca nhung chuong trinh tao ra
chi d choc gheo , chung co th ra mt thng bao dai loai nhu may tinh cua ban d
dinh virus va cung cua ban s bi Iormat , password cua ban d bi mt .. nhung ki
thuc dy co khi chi la tro dua v hai cua nhom lp trinh vin chuong trinh do .

4. Tuong lai cua Windows Trojan
Nguoi dung windows s lun la muc tiu cua nhung ke tn cng nguy him
boi vi hu ht trong s ho du khng bit y nghia thy su cua tu bao mt, va nghi
rng tuong lua la giai phap duy nht ma ho cn d bao v may tinh cua ho nhung
khng h hiu lam th nao d no hoat dng va cu hinh no nhu th nao d no chay
dung cach. Trojan Windows s la mt vn d bao mt lon trong tuong lai va chung
ti tin chc rng nhiu chuc nng dc dao hon s duoc cac Hacker dua vao Trojan
cua chung va chu yu cac chuc nng y s duoc su dung voi cac muc dich ca nhn
cua ke tn cng. Kha nng lp trinh duoc va chuc nng tu dng tn cng s duoc
su dung d thuc hin cac muc dich cua ke tn cng bt du tu 1 cng v danh,
kim tra va di dn tn cng tu chi dich vu.

5. My tnh b| nhim Trojan nhu th no
Nhiu nguoi nghi may tinh cua ho khng th nhim Virus vi ho nghi chi co
th ly nhim khi ho chay Iile Server.exe va ho khng bao gio lam nhu vy. Nhung
ho lai khng bit rng co rt nhiu cach d may tinh cua ban bi ly nhim cac phn
mm dc hai. Va sau dy la mt s con duong ma Trojan co th ly nhim vao
may tinh cua ban
a. Yahoo Messenger va cac phan mm chat trc tuyn khac
Nhiu nguoi vn khng hiu tai sao minh lai bi ly nhim cac phn mm dc
hai khi noi chuyn qua M hoc bt ky ung dung chat truc tuyn khac. Do la khi
ban tip nhn nhung Iile khng r ngun gc va khng bit nguoi gui, nhu vy ban
d tu mo cua cho m dc di vao may tinh cua ban.
Khi ban noi chuyn voi mt nguoi ban, ban khng bao gio co th chc chn
100 nguoi phia bn kia la ban cua ban. Va khi bn phia bn kia la 1 hacker thi
diu do tht nguy him. Ban s tin tuong khi nhn 1 tp tin tu nguoi ban cua ban
b. Qua file dinh kem
Dy cng la mt con duong ly nhim Trojan kha ph bin . Tht su ngac
nhin khi co nhung nguoi vn hn nhin tai va chay cac Iile dinh kem khng r
ngun gc duoc dinh kem trong thu din tu gui vao hom thu cua ho. Hu ht
nhung nguoi nay du la nhung nguoi moi su dung Internet va con kha han ch v
hiu bit an ninh mang. Khi nhn duoc 1 email, co chua Iile dinh kem, noi rng ho
s nhn duoc 1 n phm khiu dm min phi, truy cp internet min phi hay trung
thuong trong 1 chuong trinh ma ho chua bao gio tham gia., ho tai v va chay no
ma hoan toan khng hiu him hoa rui ro cho may tinh cua minh. Va thuc su
khng chi co nhung nguoi moi su dung Internet moi bi nhim Trojan loai nay. K
ca nhung nguoi co hiu bit v tm quan trong cua an ninh mang cng rt co th bi
ly nhim theo dang nay. Ta thu ly 1 vi du 1 kich ban tn cng sau. Ban va 1
nhom nguoi( ban cua ban) dang thuc hin mt du an lp trinh. Du an sp hoan
thanh va ban dang mong doi cac phn con lai cua du an s duoc gui cho ban. Va
Hacker bit duoc diu nay. Tht d dang khi ho co th co dia chi mail cua ban va
ban cua ban. Va by gio moi vic tht don gian, ke tn cng s su dung mt s
phn mm min phi va may chu mail chuyn tip d gia email trng co ve ging
cua 1 nguoi ban cua ban, tt nhin trong dy co dinh kem 1 con Trojan. Ban kim
tra mail va tht vui mung khi thanh qua cua minh sp duoc hoang thanh. Ban s
tai v va chay no boi vi nghi do la Iile gui tu nguoi ban cua ban va no la an toan.
Kt qua hin nhin la may tinh cua ban bi nhim Trojan
Nhu cac ban thy, 'Thng tin la suc manh. Chi vi ke tn cng bit ban dang
cho doi 1 tp tin cu th, va chon thoi dim tn cng vao dung luc gia dinh la rt
quan trong nay. Va tt ca chi la su mt canh giac cua ban.!
Mt kich ban nua cng rt d xay ra. Dy la khi ban nhn duoc thu din tu
cua 1 t chuc lon nhu FBI, CIA hay gia du nhu thu din tu tu MicrosoIt. Mt ngay
ban nhn duoc mt la thu co d tn nguoi gui la 'MicrosoIt support voi ni dung
ban s nhn duoc ban update moi nht tu MicrosoIt khi chay ban cai dinh kem.
Nu la mt nguoi co rt it kin thuc v Internet s tht vui mung khi duoc la nhung
nguoi du tin su dung cac ban cp nht hay goi phn mm moi nay. Co mt diu
chc chn MicrosoIt khng bao gio gui cho ban ban cp nht phn mm qua mail
ma 100 trong cac ban dinh kem co chua m dc.
c. Truy cp vt ly
Hy tuong tuong 1 hacker co th lam nhung gi khi co th truy nhp vt ly
vao may tinh cua ban. Duoi dy s la mt s kich ban thuong duoc nhung hacker
su dung d ly nhim cho may tinh cua ban khi chim duoc quyn truy nhp vt ly
vao may tinh cua ban.
Truong hop nay kho xay ra va chung ta thuong thy trong phim anh hon
nhung khng phai khng th xay ra. Vao mt ngay dep troi nao dy, ban co mt
nguoi ban dn choi va 2 nguoi dang su dung may tinh trong phong cua ban. Ban
cua ban yu cu 1 ly nuoc va ban s ra khoi phong trong vong 2-3 phut. Nhu th la
qua du d 1 chuong trinh Trojan duoc cai dt vao may cua ban ma ban khng h
nghi ngo gi. Hay don gian hon khi chic Laptop cua ban duoc mang dn mt noi
cng cng va co mt nguoi la dn nho ban cho su dung d check mail. Mt tp tin
Trojan.exe duoc tai xung va may cua ban bi ly nhim. Nhu chung ta thy, tht
qua don gian d bi ly nhim Trojan.
Mt cach khac d Trojan co th ly nhim vt ly la tu nhung chic dia
CD(hay USB ) voi chuc nng auto-run cua Windows. Khi ban dt CD vao CD-
ROM, no s tu dng khoi chay . VD cho tp tin Autorun.inI duoc dt trn dia
[autorunj
opensetup.exe
iconsetup.exe
Va ban co th tuong tuong rng khi dt dia CD vao dia hay kt ni voi
USB ban cng d dang bi ly nhim Trojan
Trn dy chi la nhung vi du vui va nhu chung ta du thy, tht su rt don
gian d co th co 1 cuc tn cng vt ly vao may tinh cua ban. Vi vy chung ta
phai nhin nhn lai v vn d an ninh thng tin cho may tinh cua minh va nng cao
canh giac.
d. Xam nhp qua cac lo hong trinh duyt Web va Email
Dy cng la mt con duong khin may tinh cua ban bi ly nhim Trojan.
Khi nguoi su dung khng thuong xuyn update cac ban va li cac trinh duyt cua
minh. Gia dinh ban dang su dung Internet xplorer va ban ghe thm 1 trang web
dc hai, no s tu dng kim tra cac li(bug ) cua trinh duyt va tu dng ly nhim
vao may ban ma ban khng cn phai tai bt cu cai gi v may tinh cua ban.
e. Netbios(File Sharing)
Nu cng 139 trn may tinh cua ban duoc mo ra ban co th chia se tp tin va
dy la mt cach khac d mt nguoi nao do co th truy nhp may tinh cua ban, cai
dt Trojan va sua di mt s tp tin h thng, do do, no s chay ln sau khi ban
khoi dng lai may tinh. Di khi nhung ke tn cng co th su dung DoS (tu chi tn
cng dich vu) d tt may cua ban buc ban phai khoi dng lai va Trojan co th tu
khoi dng ngay lp tuc

6. Ke tn cng dng Trojan tm kim nhng g?
Co l nhiu nguoi chi nghi don gian Trojan chi co th gy hai cho h thng may
tinh cua ho. Dung la nhu th nhung khng phai la tt ca. Trojan con duoc su dung
voi nhiu muc dich khac nua, vi du hoat dng nhu 1 gian dip trong may tinh cua
ban, theo di thu thp cac thng tin nhay cam gui lai cho ke tn cng. Cac muc tiu
cua ke tn cng co th lit k ra mt s y nhu sau:
Thong tin th tin dung (Credit Card): thuong duoc su dung d giao dich truc
tuyn, mua sm,.
Thong tin v cac tai khoan (accounting data): -mail password,
WebServices password.
la ch Email: co th duoc su dung d gui thu rac nhu d duoc trinh bay o
trn
Cac d liu ca nhan: hinh anh ring tu, cac du an trong cng vic cua ban,
thng tin v gia dinh, cac giy to tuy thn cua ban (nhm muc tiu gia mao
nan nhn)
Ngoai ra, cng co mt s loai Trojan chi duoc tao ra voi muc dich dua
nghich voi nan nhn nhu tu dng dong mo khay dia CD, hin ln thng bao
trn may cua ban hay dua nghich voi con chut cua ban. Diu nay khng gy
thit hai cho ban nhung cng dem lai khng it phin toai
Mt muc dich khac cua Trojan dang rt phat trin hin nay do la dung trong
cng tac tinh bao. Tht d dang d cac t chuc ti pham hay ca chinh quyn cac
quc gia co th theo di va tim kim cac thng tin tinh bao tu nguoi su dung
Internet.( Vi du nhu su kin Chinh quyn Duc vung Bavaria cung mt s bang
khac cua nuoc nay su dung Trojan R2D2 d do tham nguoi dn qua phn mm
Skype). Hy thu tu nhm lai xem trong 1 ngay ban su dung bao nhiu thoi gian
bn chic may vi tinh va moi hoat dng cua ban du bi theo di trong 1 thoi gian
dai. Ho co th doc duoc thu din tu cua ban, theo di cac dia chi lin lac, cac trang
web ban hay truy nhp hay doc cac du liu ca nhn cua ban, theo di thu thp moi
thu v ban. Diu nay tht su khung khip. Hy thu tuong tuong mt ngay nao do
cac thng tin ca nhn cua ban duoc cng khai trn Internet hay bi su dung vao cac
muc dich bt hop phap khac. Chc chn diu nay s ngoai mong mun cua ban va
dem lai cho ban nhung su phin toai hay thit hai nht dinh.

7. Cc cng duc su dng boi cc Trojan ph bin
Trojan su dung cac cng cu th d giao tip voi Client. Truoc dy, cac
Trojan ni ting su dung cac cng nht dinh, nhung ngay nay voi su phat trin
vuot bc, cac Trojan co th thay di cac cng hoat dng mi ln duoc khoi dng
lai. Mt s cng ma cac Trojan ni ting d su dung:
Back OriIice Su dung UDP protocol Su dung Port 31337 va 31338
Deep Throat Su dung UDP protocol Su dung Port 2140 va 3150
NetBus Su dung TCP Protocol Su dung Port 12345 va 12346
Whack-a-mole Su dung TCP Qua Port 12361 va 12362
Netbus 2 Pro Su dung TCP Qua Port 20034
GrilFriend - Su dung Protocol TCP Qua Port 21544
Masters Paradise - Su dung TCP Protocol qua Port 3129, 40421,40422,
40423 va 40426.
Ngoai ra con rt nhiu cng khac duoc cac Trojan su dung. Chung ta co th
tham khao thm o dia chi :
http://www.simovits.com/trojans/trojans.html

8. Lm th no d bit my tnh d b| nhim Trojan
Di khi ban nghi cac hoat dng cua may tinh cua ban binh thuong khi HDD cua
ban bi mt di vai tram MB hay thm chi hang GB, boi vi ban nghi mt s phn
mm dang dung no, hoc ban d cai mt phn mm nao do ma ban qun. Hay khi
may tinh cua ban co nhung hin tuong la nhung cac phn mm Anti Virus trn
may ban du bao khng co nguy him. Ban hy cn thn vi co th may tinh cua
ban d nhim Trojan. Duoi dy s la mt s triu chung ma may tin cua ban co th
gp phai. Khi co nhung triu chung nay, hy cn thn va xem xet k lai bng cac
phuong phap khac hay cac phn mm chuyn dung khac d loai bo mt cach tt
nht m dc ra khoi may cua ban nhm bao v may tinh cua ban
Binh thuong khi ban truy cp vao 1 website, s co nhiu duong dn d ban
dn thm nhung dia chi khac. Tuy nhin trong truong hop ban khng lam gi
ca nhung trinh duyt Web lai tu dng dua ban dn 1 trang web ban hoan
toan khng bit.Hy cn thn voi truong hop nay vi rt d cac trang web kia
s chua m dc va ly nhim cho may tinh cua ban
May tinh cua ban dang hoat dng binh thuong bng nhin xut hin mt hp
thoai ky la hoi ban mt s thng tin ca nhn
Windows tu dng thay di cac thit lp cua ban, con chut cua ban tu dng
dich chuyn hay khay dia CD ROM tu dng dong mo
Tuy nhin ban cng nn luu y, nhung biu hin trn chi la nhung hanh dng cua
nhung m dc duoc vit ra d dua nghich. Da phn cac ke tn cng co muc dich
xu, chung s cho phn mm dc hai, cu th o dy s la Trojan tn cng may tinh
cua ban 1 cach bi mt khng gy ra mt hoat dng dang ngo nao khin ban khng
th nhn ra su hin din cua no. Diu nay khin no cang nguy him hon.
Mt cach thu cng nua d xac dinh Trojan nua do la kim tra cac cng duoc su
dung trn may cua ban. D nhn bit nhung Port nao trn may tinh dang Active
chung ta dung cu lnh: Netstat -an

Sau do kim tra cac cng duoc cac Trojan su dung (Xem lai phn 7) Cc
cng duc su dng boi cc Trojan ph bin). Nu cac cng y dang duoc su
dung nhiu kha nng may cua ban d bi nhim Trojan.
Ngoai ra ban cng co th su dung cac phn mm Scan Trojan d phat hin
Trojan trong thit bi cua minh.
9. Cch pht hin cc chuong trnh Trojan
Co ba nguyn ly cua bt ky chuong trinh Trojan nao:
Mt trojan mun hoat dng phai lng nghe cac request trn mt cng nao do
Mt chuong trinh dang chay s phai co TN trong Process List
Mt chuong trinh Trojan s lun chay cung luc khi may tinh khoi dng.
a) Phat hin Port s dung bi Trofans
- Dung cu lnh Netstat an trong windows d bit ht thng dang lng nghe
trn cac port nao
Hinh duoi ta thy co port 7777 a thi ra la port cua Tini Trojan
May cua ti du co su port nao la 8800 sao lai dang d ch d nghe va co may
dang kt ni dn nhi do chc la cua Trojans

- Dung phn mm Fport
- Dung phn mm TCPView
Tht may la chung ta co th xem toan b cac port dang su dung va chuong
trinh gi dang su dung port nao, tu dy ti co th kim tra cac dich vu mang cua ti
voi nhung Port nghi ngo ti co th dung Firewall dong lai.

b) Cach phat hin cac chuong trinh dang chy
- Dung phn mm Process Viewer tt ca cac Process s duoc hin thi du co
dang chay ch d n va khng hin trn Task Manager cua Windows.

c) Tim mt chuong trinh chy luc khi dng
- Trong Satup
- Trong Registry: Da s s nm tai dy: Chung ta su dung cu lnh MsconIig
trong Table Starup chuong trinh nao mun chay tu dng s phai nm tai dy.
Trong vi du nay ti thy co Iile nc.exe chay luc khoi dng vi tri cua no la tai
Iolder c:\vnexperts.net

10.Su dng mt s loi Trojan
Voi muc dich cua bai vit d chung ta hiu v Trojan, su dung Trojan la mt
trong nhung ni dung co ban cua nghin cuu v bao mt. Khi bit cach su dung va
cach hoat dng cua cac loai Trojan ban co th tu do dua ra cac giai phap an ninh
mang cho doanh nghip cua minh cng nhu nhung du liu quan trong cua chung
ta. Trong phn nay ti gioi thiu voi cac ban nhung loai Trojan sau:
- Tini
- iCmd
- Netcat
- HTTP RAT
a) Trofan Tini
Bt ky mt may tinh nao nu bi nhim Trojan nay du cho phep Telnet qua
Port 7777 khng cn bt ky thng tin xac thuc nao.
- D Trojan nay nhim vao h thng thi chi cn chay mt ln hoc nter Iile
do la OK moi thu d hoan tt va doi nhung thng tin Telnet toi port 7777.
- Trn may 192.168.1.33 d chay Iile tini.exe gio ti dung trn bt ky may
nao cng co th dung lnh: Telnet 192.168.1.33 7777 la co th console vao duoc
may do.

b) iCmd Trofan
Tuong tu nhu Tini Trojan nhung khac mt diu do la cho phep lua chon port
d telnet va Password truy cp vao may bi nhim trojan nay.
VD: May bi nhim Trojan chay Iile iCmd.exe voi cu lnh
- iCmd.exe vne 8080
Co nghia may nay enable telnet trn port 8080 va password la "vne". Trong
vi du nay ti d Iile: iCmd.exe tai thu muc vnexperts.net trn C:\

- Trn may khac ti co th telnet toi may nay voi cu lnh:
- Telnet port
- Nhu vi du trn ti g: telnet 192.168.1.33 8080
- H thng bt ti nhp password ti g vne vao va nter

Va kt qua

c) Netcat Trofan.
Trojan nay cho phep chung ta lua chon kha nhiu Options nhu Port, chay
ch d n, cho phep telnet ...D chay Trojan nay ta g cu lnh: Nc.exe L p -t
e
-L la hoat dng o ch d nghe
-p la Port su dung d nghe.
-t cho phep su dung Telnet
-e chay mt chuong trinh nao do.
Trn vi du nay chung ta chay voi cu lnh : Nc.exe L p 8800 t e
cmd.exe

Gio thi ta co th dung bt ky trn may nao co th telnet toi may nay qua
cng 8800, va hoan toan co th kim soat duoc may tinh do qua giao din
command line.

11.Cch n mt ho}c nhiu Trojan vo mt file .exe hay file chy
bnh thung
Phn bn trn la cach su dung Trojan co ban.By Gio mt cu hoi dt ra la
ban mun su dung con trojan la iCmd.exe ban phai lam th nao? Copy Iile do vao
may va chay voi cu lnh iCmd.exe vne 8800? Diu nay khng th thuc hin boi ai
cho ban ngi trn may do.Vy lam th nao d ly nhim Trojan nay vao may cua
nan nhn? Tht khng may nhung ke tn cng d khn ngoan n mt hay nhiu
Trojan vao mt Iile xe binh thuong, nhu mt chuong trinh co, mt Iile exe b cai
windows, Iile chay cua cac phn mm min phi ma co khi n lun vao b cai cac
chuong trinh dit virus.
Cach n Trojan vao Iile .exe do la cng ngh Wrapper. Cac phn mm
thuong dung:
- One Iile X Maker
- et Another Binder
- Pretator Wrapper.
Chung ta s thu su dung One Iile X Maker du va chay Iile iCmd.exe
Download b cai cua phn mm nay cai ra may sau do la chay d ghep cac
Iile
File X ma ti lua chon la mt chuong trinh co Caro rt ph bin
Fiver6*8.exe.
- File co caro ti d chay binh thuong
- Iile iCmd.exe ti d chay n va copy vao h thng
- Cu lnh thm trn Iile iCmd.exe ti chon la vne 8800 cho phep telnet
vao port 8800 va password la vne.

Nhn Save d hoan thanh qua trinh.
- Ti save ra voi tn la caro.exe
Nhin dung luong cua Iile ti thy:
- iCmd.exe dung luong 36KB
- Fiver6*8*en.exe dung luong 310K
- Caro.exe duoc tao tu hai Iile trn dung luong 353KB

Gio ti thu chay Iile Caro.exe. Chi co cua s danh co caro duoc bt ra nhung d co
mt Iile iCmd.exe duoc hoat dng, kim tra trong Task Manager:

Dung trn bt ky may nao ti cng co th remote toi may nay qua port 8800
va password la vne

12.Cch phng chng Trojan
- Khng su dung cac phn mm khng tin tuong (Di khi tin tuong vn bi
dinh Trojans). Hy chc chn khi tai cac tp tin dinh kem hay cac tp tin duoc gui
qua cac phn mm chat truc tuyn
- Khng vao cac trang web nguy him, khng cai cac ActiveX va JavaScript
trn cac trang web do boi co th s dinh kem Trojans
- Ti quan trong la phai update OS thuong xuyn
- Cai phn mm dit virus uy tin: Kaspersky Internet Security, Norton
Internet Security, va McaIee Total Security,. va con rt nhiu phn mm dit
Virus va chng Trojan hay khac. Sau khi cai cac phn mm nay ban hy update no
thuong xuyn.

III. KET LUAN
Qua bai tiu lun nay, nhom thuc hin hy vong d dem lai nhung kin thuc
quan trong v Trojan, tac hai va cach phong chng chung. Trojan dang phat trin
mi ngay. Theo bo co qu I cua PandaLabs, trong ba thng du nm 2011,
trung bnh hng ngy c 73.000 mu phn mm dc hi mi ra di, phn ln
trong s d l trojan. Nguoi su dung Internet dang phai di mt voi nguy co bi
tn cng rt lon. D khng tro thanh nan nhn cua Trojan, mi nguoi cn nhn
thuc lai v an ninh Internet, dung cac phn mm co ngun gc, thuong xuyn
update cac phn mm dit virus va h diu hanh cua minh.

IV. TI LIJU THAM KHAO

TIỂU LUẬN ATHTTT - TÌM HIỂU TROJAN

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

TIỂU LUẬN ATHTTT - TÌM HIỂU TROJAN

Uploaded by

Copyright:

Available Formats

I. MO DAU .......................................................................................................

You might also like