B CNG THNG

TRNG I HC CNG NGHIP TP. HCM

KHOA QUN TR KINH DOANH

BI TP C NHN
MN AN TON THNG TIN

NGHIN CU WORM
COMPUTER

H v tn : Nguyn Thi Thnh t

Lp: DKTPM10ATT
MSSV:14111191
 MC LC BI TP C NHN

I. Khi nim Worm Computer ?.......................................... 3

II. Lch s Worm Computer ?............................................... 4
III. Phn loi cc loi Worm Computer.................................5
IV. Gii thiu 1 s Worm Computer........................................7
1. Morris Worm 1988 ........................................................7
2. IloveYou 2000 ................................................................8
3. Anna Kounikova .........................................................10
4. Code Red 2001 ............................................................11
5. Slammer 2001 .............................................................13
6. Sobig v Blaster 2003 .................................................15
7. Sasser 2004 .................................................................16
8. Conficker .....................................................................18
V. Phng chng v tng kt...................................................21
I. Khi nim
- Su my tnh (computer worm), c gi vn tt trong chuyn ny l su (con su) hoc
worm, l mt chng trnh phn mm my tnh c kh nng c lp t sao chp chnh bn thn
mnh ly lan sang cc my tnh khc .Thng thng, worm s dng mt mng my tnh
ly lan bn thn, da vo nhng l hng (vulnerability) bo mt trn cc h iu hnh c ci
t trn my tnh mc tiu truy cp v ly lan. Khng ging nh mt virus my tnh, n
khng cn phi t gn vo mt chng trnh c kch hot. Worm gn nh lun lun gy ra
lun gy hi ti mng my tnh, thm ch ch l tiu tn bng thng dn ti lm chm ton
mng, trong khi cc virus hu nh lun gy hi hoc thay i ti cc tp tin trn my tnh.
II. Lch s
- Thc t, khi nim worm my tnh ln u tin c nhc ti vo nm 1975 trong cun tiu
thuyt John Brunner, The Shockwave Rider. Trong cun tiu thuyt ny, tc gi Nichlas
Haflinger m t thit k v t ra mt worm c chc nng thu thp d liu (data-gathering)
trong mt hnh ng tr th chng li nhng ngi n ng quyn th, nhng ngi m vn
hnh mt trang web thng tin in t quc gia. Bn c worm ln nht tng hnh trn mng,
v n s t ng ph hoi mi n lc thu thp, gim st n
- Vo ngy 02 thng 11 nm 1988, ng Robert Tappan Morris, trng i hc khoa hc my
tnh Cornell, tung ra worm u tin v c gi l su Morris. N thm nhp ly lan trn
mt s lng ln cc my tnh sau trn Internet, on vo thi im l mt phn mi tt
c nhng kt ni. Khi Morris b kin ra ta n, ta phc thm chnh ph Hoa K c tnh chi ph
ca vic loi b worm ny khong $ 200-53,000 cho mi ln ci t v lm sch trn mi my
tnh. iu ny thc y s hnh thnh v ra i ca Trung tm iu phi CERT v danh sch
tin Phage (new listing) phc v trong cc trng hp khn cp. Morris tr thnh ngi u
tin b kt n theo theo lut Lm dng v Gian ln my tnh 1986.
- Cc giai on pht trin chnh:
- Th h th nht: (nm 1979 n u nhng nm 1990).
- Th h th hai: (u nhng nm 1990 n 1998)
- Th h th ba: (t 1999 n 2000)
- Th h th t: (t 2001 n nay)
III. Phn loi
a. Phn loi theo mc tiu khm ph:
K thut qut ch ng
Su Internet c th t ng tm kim cc nn nhn bng vic qut cc a ch c to ra mt cch
ngu nhin hay c c to ra t trc.
K thut qut th ng
Mt con su kiu th ng khng t ng tm kim cc nn nhn. Thay vo hoc l chng ch cho
cc nn nhn tim nng lin lc vi chng hoc li dng hnh vi ca ngi s dng tm n cc mc
tiu mi.
b. Phn loi theo phng tin lan truyn v c ch phn phi:
Nhng phng tin ly nhim cng c th nh hng ti tc v k thut tng hnh ca mt con su.
Mt con su c th ch ng ly lan t my ny sang my khc, hoc c th c mang theo nh l
mt phn ca nhng giao tip bnh thng.
T thc hin
Knh th hai
Nhng
c. Phn loi theo i tng kch hot:
Phng tin kch hot su trn mt host lu tr nh hng ng k ti vic ly nhim
ca su. Mt vi su c th c kch hot ly nhim ngay lp tc, nhng cng c nhng
su c th phi ch vi ngy hoc vi tun c kch hot.
Kch hot bi con ngi
Kch hot da vo hot ng ca con ngi
Quy trnh kch hot theo lch
T kch hot
d. Phn loi theo chc nng
Ngoi mc ch lan truyn trn Internet su cn c th thc hin cc mc ch khc nhau ph thuc vo
mc tiu ca cuc tn cng hay nh ca k vit ra su. Cc loi su khc nhau s thc hin nhim v
khc nhau ca nhng k tn cng.
To lu lng gi
iu khin t xa qua mng Internet
Pht tn th rc
Chuyn hng trang web thng qua HTML-Proxies
Tn cng t chi dch v DOS qua Internet
Thu thp thng tin
Ph hy d liu
iu khin thit b vt l t xa
Tn cng lp vt l
Duy tr v cp nht phin bn mi

Phn bit worm v cc loi m c khc:

 Ngy nay cc m c c thit k t mang c im ring bit mt loi c th m thng c nhiu
kh nng, c im ca nhiu loi khc nhau. V d bin th worm c th c kh nng nh cp d liu
ging nh spyware hoc m cng hu nh backdoorCng chnh v vy ngi s dng thng kh
phn bit hoc nhm ln gia cc loi m c. Mt s c im chnh sau y phn bit gia cc
loi m c:
Virus thng ph hoi tp tin: chiu theo khi nim virus, mt loi virus l mt chng trnh t
nhn bn v ly nhim mt my tnh, ly lan t mt tp tin khc, v sau t mt my tnh khc khi
cc tp tin c sao chp hoc chia s. V vy virus thng mang c ch mnh ly nhim file trong
h thng v chng ph hoi, hng tp tin b nhim.
Spyware nh cp thng tin: Spyware l bt k phn mm ci t trn my tnh ca ngi s dng
thu thp thng tin m ngi s dng khng bit, v gi thng tin li ti mc tiu xc nh trc
c th s dng thng tin c nhn theo mt cch bt chnh. iu ny c th bao gm keylogging (ghi li
thao tc g bn phm) tm mt khu, xem thi quen tm kim, thay i a ch trang ch ca trnh
duyt v tm kim lch s cc trang web, hoc nh cp mt khu v s th tn dng
Trojan dng ci t, m ca sau(backdoor): m c thuc loi trojan l nhng phn mm ng
dng m c hnh vi b mt ti v v ci t m c hi khc m khng h hay bit. Trong nhiu trng
hp, trojan s to ra mt backdoor, cho php my tnh ca b kim sot t xa, hoc l trc tip hoc l
mt phn ca mng botnet l mt mng li cc my tnh cng b nhim mt trojan hoc phn mm
c hi khc. S khc bit ln gia mt vi rt v mt trojan c rng trojan khng t nhn bn, h
phi c ci t bi mt ngi dng v tnh.
Worm ly lan qua mng: Su my tnh s dng mng nhn bn ca chnh mnh n cc my tnh
khc, thng khai thc s dng mt l hng bo mt no nhn bn ti mt my khc, s nhn
bn ny mang tnh t ng m khng cn s can thip ca ngi dng. Bi v chng c th ly lan rt
nhanh trn mng, ly nhim vo cc my tnh vo trn con ng m chng nhm ti, chng c xu
hng tr thnh loi m c ni ting nht, mc d nhiu ngi dng vn nhm ln gi chng l virus.
Ransomware m ha d liu, tng tin: l loi malware s dng mt h thng mt m m ha d
liu thuc v mt c nhn v i tin chuc th mi khi phc li. y l loi malware s dng mt h
thng mt m m ha d liu thuc v mt c nhn v i tin chuc th mi khi phc li. Mt
trong nhng i din ni ting nht ca loi malware ny c tn l CryptoLocker, n s tin hnh bt
cc d liu trn my b nhim ca ngi dng, v s dng d liu b m ha lm con tin v yu cu
ngi s dng chi tr hng trm USD chuc li d liu.
IV. Gii thiu 1 s loi worm
1/ Morris Worm Su u tin 1988
a. Thng tin chung
- Su Morris i khi c gi l Great Worm (Su khng l)
- Su Morris l su my tnh u tin c pht tn qua mng; y cng l con su u tin thu ht
c s ch ng k ca cc phng tin thng tin i chng. Tc gi ca n l Robert Tappan
Morris, mt sinh vin ti i hc Cornell. Su Morris c pht tn ln mng vo ngy 2 thng 11 nm
1988 t hc vin MIT, n c pht tn t MIT che giu thc t l con su c bt ngun t
Cornell. (Tnh c, Robert Tappan Morris hin l mt gio s ti MIT).
Theo tc gi, su Morris khng c vit vi mc ch gy thit hi m ch o kch thc ca
Internet. Tuy nhin, mt hu qu ngoi mun lm cho n tr nn gy hi: mt my tnh c th b
nhim nhiu ln v mi mt tin trnh b sung s gp phn lm chm my n mc khng th s dng
c.
b. Khai thc l hng, pht tn ly lan
- Su Morris hot ng bng cch li dng mt s im yu bit trong cc chng trnh sendmail,
Finger, rsh/rexec v cc mt khu yu trong Unix. Thn chng trnh chnh ca su Morris ch c th
nhim cc my VAX ca DEC ang chy h iu hnh BSD 4 v Sun 3.
- Mt thnh phn mc (grappling hook) kh chuyn vit bng C theo c ch trn b m c s
dng ch thn chng trnh chnh, v thnh phn mc c th chy trn cc h thng khc, sinh ti
lm chm h thng v bin h thng thnh nn nhn.
- Sai lm nghim trng bin con su t ch mt th nghim tr thc c tim nng v hi thnh mt
tn cng t chi dch v y ph hoi l ti c ch ly lan. Con su xc nh xem c xm nhp mt
my tnh mi hay khng bng cch hi xem hin c mt bn sao no ang chy hay cha.
- Nhng nu ch lm iu ny th vic xa b n li qu d dng, bt c ai cng ch phi chy mt tin
trnh tr li rng c khi c hi xem c bn sao no cha, v con su s trnh. trnh chuyn
ny, Morris thit k con su t nhn i vi xc sut 40%, bt k kt qu ca vic kim tra ly
nhim l g. Thc t cho thy t l nhn i ny l qu cao v con su ly lan nhanh chng, lm nhim
mt s my tnh nhiu ln.
c. Mc nh hng.
- Ngi ta thng k rng c khong 6.000 my tnh chy Unix b nhim su Morris. Paul Graham
ni rng: Ti chng kin ngi ta xo xo ra con s ny, cng thc nu n nh sau: ai on rng
c khong 60.000 my tnh ni vi Internet v con su c th nhim 10% trong s . M c
tnh thit hi vo khong t 10 n 100 triu la.
- Robert Morris b x v buc ti vi phm iu lut nm 1986 v lm dng v gian ln my tnh
(Computer Fraud and Abuse Act). Sau khi chng n, anh ta b pht 3 nm n treo, 400 gi lao ng
cng ch v khon tin pht 10.050 la M.
- Su Morris i khi c gi l Great Worm (Su khng l) do hu qu nng n m n gy ra
trn Internet khi , c v tng thi gian h thng khng s dng c, ln v nh hng tm l i
vi nhn thc v an ninh v tin cy ca Internet.
2/ IloveYou nm 2000
a. Thng tin chung
- ILOVEYOU l worm mang c tnh nng ca virus. ILOVEYOU nhn bn thng qua mng v ph
hy cc file v t nhn bn trong h thng my tinhskhi ngi dng thao tc vi tp tin. Cc thit hi
do cc worm lai (hybrid) c bit ny trong bao gm cc h thng e-mail b trn ngp (flood) v b
mt tp tin khi th mc cha th ch c gii hn khng gian lu tr ca h iu hnh Microsoft
Windows.
b. Th on ly lan, ph hoi
- Su ILOVEYOU thng biu hin l tp tin c nh km trong cc thng ip e-mail t mt ngi
no , ngi nhn s c nhn tp tin mt nh km c tn LOVE-LETTER- FOR-YOU.TXT.VBS.
Hoc l cc tp tin nh km l mt Basic Script (VBS).
Nu nh ngi nhn khng chy cc tp tin nh km, h thng ca h s khng c nh hng v h
ch cn xa cc e-mail v file nh km ca mnh. Khi no m v cho php chy, tuy nhin, worm
ILOVEYOU gi bn sao ca mnh bng cch t nh km qua phn mm Microsoft Outlook (mt
chng trnh duyt th in t) v gi cho tt c cc a ch nhn c trong danh sch Outlook ca my
tnh b nhim. N c gng ly nhim vo chng trnh Internet Relay Chat chng trnh (IRC), do
khi ngi s dng bt u Chat trn mng Internet, su ny c th ly lan n tt c nhng ngi kt
ni cc my ch tr chuyn IRC. N t tm kim cc hnh nh, video, v cc tp tin m nhc trong
my v c gng ghi ln hoc thay th chng vi mt bn sao ca chnh n. Ngoi ra ILOVEYOU
cn n lc hn na ci t mt chng trnh nh cp mt khu khi m ngi nhn m Internet
Explorer 3 v khi ng li my tnh. Tuy nhin, cc thit lp ti khon Internet thu thp mt
khu b nh cp c bo co v b v hiu ha.
ILOVEYOU cng xut hin trong v bc khc nhau trong cc s kin khc l Mothers Day,
Joke,Very Funny. Nhng bin th ca ILOVEYOU b ngn chn bi chng d dng b lc b qua
thit lp trc chn ILOVEYOU. t nht 14 phin bn khc nhau ca ILOVEYOU c c xc
nh. Theo B (B Quc phng) Hoa K, nhm Quc phng Task Force-Computer Network Defense,
mt bin th ca ILOVEYOU vi nhan VIRUS ALERT !!!, c nh gi thm ch cn nguy
him hn nhiu so vi bn gc bi v n cng c th ghi ln tp tin h thng quan trng.
Theo nh sn xut phn mm chng virus ni ting McAfee, virus ILOVEYOU c mt phm vi tn
cng rt ln:
N t copy nhiu ln v n cc copy trong nhiu th mc trn cng ca nn nhn.
Thm cc file mi vo cc kha registry ca nn nhn.
Thay th mt vi kiu file bng cc copy ca n.
T gi qua cc my khch Internet Relay Chat cng nh email.
Download mt file c tn WIN-BUGSFIX.EXE t Internet v chy file ny. Khng phi l chng
trnh sa m l mt ng dng nh cp mt khu v cc thng tin b mt ny s c gi n cc
a ch email ca hacker.
Mt bo co tc ly lan ca ILOVEYOU
c. Mc nh hng
Cc c quan c thm quyn Philippin iu tra de Guzman v ti trm cp thi gian Philippin
cha c gin ip my tnh hoc lut v vic ph hoi trong tin hc. Do thiu chng c nn cc nh
chc trch Philippin hy n chng li de Guzman, ngi khng xc nhn cng nh khng t
chi trch nhim ca mnh vi loi virus ny. Theo mt s c tnh, virus ILOVEYOU gy ra thit
hi ln ti con s 10 t USD.
Tc ly lan ca ILOVEYOU c nh gi l rt cao so vi cc m c cng thi nh
MELISSA. Sau bo co u tin v m c ny vo ngy 4 thng 5 nm 2000 ti chu (Philipin), n
nhanh chng ly lan ra ton th gii. Trung tm iu phi Carnegie Mellon nhn c 400 cc
bo co yu cu x l vi trn 420.000 my tnh trn mng Internet. Mt l do m ILOVEYOU ly lan
nhanh hn MELISSA l xy ra trong tun lm vic ch khng phi ngy cui tun. Ngoi ra
ILOVEYOU t nhn bn bng cch gi ti cc a ch th c trong danh sch ca Outlook.
3/ Anna Kounikova nm 2011
Su my tnh Anna Kournikova l mt loi su my tnh c vit bi mt lp trnh vin ngi H Lan
c tn l Jan de Wit vo ngy 11 thng 2 nm 2001. N c thit k la ngi s dng email m
mt tin nhn qua th, th cha nh km hnh nh ca n ngi sao qun vt xinh p l Anna
Kournikova, nhng thc s n mt chng trnh c hi.
Su Anna Kournikova khng c tinh t trong thit k. y cng l mt su ly lan nh h thng
email thng thng c vit bng Visual Basic Script (VBS) nh nhiu su khc. N cng nhn bn
bng cch nh km chnh n thng qua email nu ngi s dng kch vo th xem chi tit ni
dung, n cng thu thp cc a ch th trong danh b s a ch ca Microsoft Outlook ca my nn
nhn.
Su my tnh ny c hng Sophos nh danh l VBS/SST-A (nhng trn cc phng tin truyn
thng n c t tn l Anna Kournikova), ci tn thm ch khng lin quan n tc gi. Tc gi
ch n gin l ti v t Internet mt b xy dng m c c tn gi l VBSWG to ra phn mm
c hi cho mnh anh ta.
Vn ci thc s tinh t v xut sc ca su ny khng phi l cc vn k thut hay m ha m
l k thut x hi (social enginerring) ca n.
Hnh nh di y l khi ngi dng m mt th c nh km su Anna Kournikova:
N thc s l mt la chn tng rt tt khi m dng hnh nh n ngi sao qun vt xinh p ngi
Nga Anna Kournikova nh l by mi. Chnh s thng minh ny, gip cc con su ly lan trn ton
th gii v cng nhanh chng.
Bi v Kournikova l mt ngi sao khng ch lnh vc th thao m con trong lnh vc m nhc, ngi
mu Mc hp dn c ta khng gii hn. Th i mt vi tnh hung ngy cn rt mi l c
ngi nh Anna gi th v nhn nh iu g ? V cng c nhiu t m bi rt ngi n ng lun
ngng m Anna, cng c ngi t m m email bi ngi gi l ngi quen hoc ng nghip. V
bc nh c th mt hnh nh c chp li trong mt tnh hung hi hc no ca Anna
Kournikova.
Tc gi l Jan de Wit, b chnh quyn th x H Lan Sneek vo ngy 14 thng hai nm 2001, sau
khi tha nhn vi cha m ca mnh rng ng chu trch nhim cho cc phn mm c hi nh hng
n my tnh v lm tc nghn h thng email trn ton th gii .
Ti phin ta tip theo de Wit vo thng Chn nm 2001, mc d cc cng ty chng virus cho rng hng
triu my tnh b nh hng, cc nh iu tra M ch c th lit k 55 s c ly nhim, vi tr gi
thit hi $166,827. Khng nghi ng g nhiu doanh nghip rt lo lng trong thi gian tip theo b su
Anna Kournikova ly nhim.
4/ Code Red 2001
a. Thng tin chung
Code Red l mt con su my tnh c pht hin trn Internet vo ngy 15 thng 7 nm 2001. N tn
cng cc my tnh ang chy my ch web IIS khi l cc phin bn IIS 4.0 ca Microsoft.
Su Code Red ln u tin c pht hin v nghin cu bi cc nhn vin thuc hng eEye Digital
Security l Marc Maiffret v Ryan Permeh. H t tn cho n l Code Red v ung Code Red
Mountain Dew l nhng g h ung vo thi im pht hin.

b. Khai thc l hng

Su code red li dng l hng ca phn mm web server IIS. L hng ny c m t trong bn tin
bo mt MS01-033 Microsoft Security Bulletin c cung cp trc mt thng.
Su ny ly lan bng cch s dng mt loi ph bin ca l hng, y l mt l hng khi khai thc dn
ti li trn b m. N lm iu ny bng cch s dng mt chui di ca k t lp i lp li N lm
trn b m, cho php cc con su thc thi m ty v ly nhim sang my tnh. Kenneth D.
Eichman l ngi u tin khm ph lm th no ngn chn n, v c mi ti Nh Trng cho
khm ph ca mnh.

Website b thay i giao din khi nhim su code red

c. Hnh vi
Su c gng kt ni ti cng 80 ca my tnh c chn ngu nhin m c chy dch web trn .
Mt khi c kt ni thnh cng, su code red gi cc yu cu theo phng thc HTTP GET ti
website . Cc truy vn ny cha cc m khai thc s dn ti trn b m cho php su thc thi cc
m thi hnh sau . Su khng ghi file trn a cng, nhng thc thi trc tip trn b nh ca my
ch nn nhn. Gi tin tn cng c gi i c dng:
GET /default.ida?NNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNNN
NNNNNNNNNNNNNNNNNNN
%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801
%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3
%u0003%u8b00%u531b%u53ff%u0078%u0000%u00=a HTTP/1.0
Sau khi thc hin thnh cng, su kim tra xem c file C:\notworm. Nu file ny c tn ti, tin trnh
s tm thi v trng thi ng. Ngc li n s khi to tin trnh. Mi tin trnh c th sinh thm cc
tin trnh con, c tip tc khi vic to tin trnh t ti s lng 100.
99 tin trnh tip tc khai thc cc h thng khc bng cch sinh ngu nhin a ch IP nu thi im
trc ngy 20 ca thng
Tin trnh th 100 s thay i giao din trang ch ngm nh ca website.
Nu ngy nm gia ngy 20 v 28 ca thng, cc tin trnh ang chy s tn cng t chi dch v vo
trang ch ca Nh Trng ca Chnh ph Hoa K (a ch http://www.whiltehouse.gov) bng cch gi
mt s lng ln d liu rc.
Bin th ca Code Red l Code Red II c pht hin vo ngy 4 thng 8 nm 2001 vn s dng li
trn b m nhng s dng m khai thc khc vi m ban u. Khi tn cng chng c hnh vi:
To mt file ca hu trn my tnh b khai thc bng cch sao chp cmd.exe ti mt th mc c th
truy cp c.
Chng to mt trojan explorer.exe trn th mc gc ca website.
Tc ly lan khng khip hn. Nu my ch IIS ti Trung Quc chng to ra ti 600 tin trnh
tip tc khai thc my ch khc trong vng 48 gi. Nu my ch khng phi t ti Trung Quc chng
khi to 300 tin trnh v ly nhim trong vng 24 gi. Sau mt khong thi gian ly nhim, h thng
b p buc khi ng li, khi khi ng li s xa sch du vt ca su trn b nh my tnh b nhim,
ch cn li trojan explorer.exe.
d. Mc nh hng
Bn ly nhim ca Code Red
Trong vng cha y 14 gi, 359.104 host b tn hi. Cc cng ng Internet ton cu dng nh
trnh c c sc vi su Code-Red. Nhng con su khng gy thit hi ng k cho my b nhi.
N ch sp t mt thi gian nh sn tn cng t chi dch v. Mc d n c gng khi ng
mt tn cng t chi dch v (DoS) tn cng chng li http://www.whitehouse.gov, n lp k hoch cc
cuc tn cng chng li cc a ch IP ca my ch, ch khng phi l tn min, v kim tra chc chn
rng c cng 80 vo a ch IP ca whitehouse.gov trc khi tung ra tn cng t chi dch v. Nhng
tnh nng ny lm cho n d dng trivially v hiu ha t chi dch v.
5/ Slammer nm 2001
Mt loi su c kh nng tn cng vo phn mm c s d liu ca Microsoft ly lan rng trn
Internet vo ngy 25 thng 1 nm 2003, khin mt s loi my rt tin ngng hot ng, khin hu ht
mng Internet ca Hn Quc tc nghn v lm chm giao thng mng ti M cng nh mng Internet
ton cu ni chung
Loi su ny, c tn l SQL Slammer, li dng mt li va c pht hin trong phn mm CSDL
SQL Server ca Microsoft vo thng 7/2002 pht tn. Mc d mt bn phn mm sa li (patch)
c cung cp sau khi l hng ny c pht hin, vn c rt nhiu ngi qun tr mng khng th ci
c bn sa li ny v my ch ca h trong tnh trng nguy him.
Ngn hng Bank of America ca M cho bit 13.000 my rt tin ATM t chi cho rt tin. Ti Hn
Quc, nh cung cp dch v Internet ln nht KT cho bit hu nh tt c khch hng ca hng ny b
ngt kt ni Internet trong khi cuc tn cng xy ra. Nhng ngi s dng my tnh ti Trung Quc
cho bit cc website trn mng b cht cng v tc download gim xung rt thp. l lc cc
my ch nh danh DNS ca nc ny (cc my ch chuyn chuyn i cc a ch trang web sang cc
a ch s theo giao thc Internet (IP) b su SQL Slammer tn cng. V ch vn vn vi 376 byte m
dng lnh, su SQL Slammer c sc mnh gh gm v gy ra mt nn dch trn quy m ton cu.
Hng phn mm chng virus F-Secure cho bit hu qu ca nn dch ny l rt ng k v loi su ny
to ra mt lng rt ln cc gi tin lu chuyn trn mng, lm qu ti cc my ch v router, gim tc
giao thng mng. F-Secure cho bit 5 trong s 13 my ch nh danh ct li ca mng Internet
ton cu b treo trong nn dch ny.
Theo F-Secure, phn m lnh ca SQL Slammer ch th cho phn mm CSDL ca Microsoft SQL
Server chy vo mt vng lp v tn, lin tc gi d liu n cc my tnh khc, qua thc hin hnh
thc tn cng t chi dch v DOS (denial of service). Sc ph hoi ca loi su ny c th snh vi
tn hi lm giao thng Internet khp toa cu ngng hot ng vo ma h nm 2001 m virus Code
Red gy ra.
Mc d SQL Slammer khng c mc ch ph hu cc d liu trn my tnh b nhim, loi su ny
c cc hng chng virus v Microsoft nh gi mc nguy kch vi nhng tn tht m n gy ra.
Theo cc chuyn gia, loi su ny khng ly lan qua e-mail v khng nh hng trc tip n cc my
tnh gia nh. Tuy nhin, cc my PC s dng Microsoft SQL Server 2000 Desktop Engine, chng hn
nh Visual Studio .Net v phin bn Office XP Developer Edition cng c nguy c b ph hoi rt cao.
Tng t nh su CodRed trc y, su Slammer ch tn ti trong b nh ca my ch b ly nhim,
khng to mi, thay i bt k tp tin no trn h thng. Do vy, ch cn tt tin trnh sqlserver.exe hay
khi ng li my l c th loi b c su ny. Tuy nhin, nu my ch cha c ci t bn cp
nht th khi c khi ng li cng s nhanh chng b su Slammer thm nhp li. Nu cha kp ci
t bn sa li, chn tt c cc gi tin UDP n cng 1434 trn my ch hay mng. loi b hon
ton nguy c b nhim su Slammer, ci t ngay bn sa li ca Microsoft hoc ci t MSSQL 2000
Service Pack 3
Theo hng chng virus Messagelabs, nhng cuc tn cng u tin ca SQLSlammer c pht hin
vo khong 05:30 GMT th by (12:30 theo gi H Ni), v sau lin tc c thng bo ti nhiu
nc trn ton cu.
Cng theo Messagelabs, khng nh cc loi su t gi th vi s lng ln (mass-mailing), SQL
Slammer khng ghi cc file ln cng my tnh, m nm trong b nh RAM. Mc d do c tnh ny,
SQL Slammer rt d tiu dit ch cn khi ng li my tnh n li khin cc phn mm chng
virus rt kh pht hin ra. Ngay khi my tnh khi ng li v tip tc kt ni vo Internet, n s li b
nhim SQL Slammer, tr khi c sa li m loi su ny s dng.
Cc nh qun tr h thng cng hnh ng nhanh chng ngn chn loi ssau ny tip tc pht
trin thm. n cui ngy th 7, loi su ny c xu hng qua mc nh im v gim tc ly
nhim. Tuy nhin, y vn c ghi nhn l loi su gy nh hng nhiu nht trong vng 18 thng
gn nht, mc thit hi c th ln n nhiu triu USD. Hn Quc l nc b su ny tn cng mnh
nht.

6/ Sobig v Blaster nm 2003

Nm 2003, mt su Internet mi c tn l Sobig v nhng bin th ca n, thay i chiu thc tn cng
to nn mt cn bo mi. Thay v nh km file thc thi dng .EXE nh cc su khc, m c ca
Sobig li c nh km trong email vi file c ui .PIF hoc .SCR tng nh v hi. Nhng ch cn
click chut vo l my tnh lp tc b nhim, Sobig t kch hot dch v gi mail SMTP ca n, ly a
ch trong danh b v li tip tc pht tn th gi mo.
May mn l Sobig v bin th qu ph thuc vo cc website chy cc kch bn lin quan. V th
chng sm b loi b. Tuy nhin, thng k sau thm ha, Sobig cng kp x l 500.000 my tnh
trn ton cu vi tn tht ln ti 1 t USD.
Vo ma h nm 2003 l thi gian kh khn i vi mng my tnh ca cc doanh nghip do s xut
hin gn nh ni tip nhau trong thi gian kh ngn ca su Sobig v tip tc l su Blaster. Su
Blaster cn c bit n vi ci tn Lovsan hay MSBlast, l qu bom tn n ra trc. M c ny
c pht hin vo ngy 11/8 v nhanh chng ly nhim trn quy m ton cu ch trong 2 ngy.
c pht tn qua mng Internet, Blaster khai thc mt l hng trong Windows 2000 v Windows XP;
v khi c kch hot, su s cho hin th mt hp thng bo cht ngi rng my tnh s b tt sau t
pht.
c che giu trong m ngun tp tin MSBLAST.EXE l dng thng ip tc gi: Bill Gates, ti sao
ng li khin cho iu ny xy ra. Hy ngng kim tin v sa cha phn mm ca ng i.
Khi ly nhim, MSBlast t ng ci t mt my ch vi giao thc TFTP (Trivial File Transfer
Protocol Giao thc truyn file tm thng) v ti m c xung my ny.
Ch trong vng vi gi, khong 7.000 my tnh b ly nhim v su MSBlast cng b pht hin.
Microsoft th lm vic ngy m a ra b g b su MSBlast (Windows Blaster Worm Removal
Tool) vo thng 1/2004. n khi , khong 25 triu my tnh ton cu c thng bo dnh su
MSBlast.
Blaster cn cha on m kch hot tn cng DoS vo website windowsupdate.com ca Microsoft.
Sobig gy thit hi c tnh: 2-10 t USD, hng trm nghn my tnh b ly nhim.
Blaster gy thit hi c tnh: 5-10 t USD; hn 25 triu my tnh b ly nhim.
Ngy 10/9/2003, Sobig t hu v khng cn l mi e do na. Microsoft treo gii thng
250.000USD cho nhng ai cung cp thng tin dn ti vic bt gi tc gi su Sobig, th nhng cho ti
nay, vn cha c ai lm c iu ny.

7/ Sasser nm 2004
a. Thng tin chung
Bo co u tin pht hin su my tnh sasser vo ngy 30 thng 4 nm 2004 v su ny pht trin ly
lan mnh m trn mng Internet.
Ngay t ngy u tin, theo cc chuyn gia bo mt, worm sasser ly nhim hn mt triu my tnh
v h rt nhiu cc h thng my tnh khc.
Khng ging nh cc worm khc cng giai on ny, su Sasser khng i ly nhim bng cch gi e-
mail, thay v n lm theo cch ca mnh trn Internet. Hng Microsoft xc nhn rng Su Sasser
(Sasser Worm W32.Sasser.A v cc bin th ca n) ang lan truyn trn Internet. Su ny khai thc
mt l hng Local Security Authority Subsystem Service (LSASS) c cp trong bn tin bo
mt Microsoft Security Bulletin MS04-011 c pht hnh ngy 13 thng 04 nm 2004.
b. C ch, th on ly lan, ph hoi
Li dng l hng bo mt c nh m l MS04-011 trong cc h thng Windows XP, 2000 truy
nhp h thng t xa. Su sasser khi ng 128 tin trnh qut m c gng tm thy h thng d b tn
thng vi a ch IP ngu nhin. Cc my tnh c thm d trn cng 445 l cng mc nh cho dch
v SMB ca Windows.
Cc tc v qut thm d c th dn ti lm li my tnh b thm d. Vi h thng Windows 2000,
ngi s dng c th nhn c thng bo li sau

Cn trn h thng Windows XP, li xut hin nh sau

Khi tn cng nhng con su u tin xc nh cc phin bn ca h iu hnh t xa sau s dng cc

thng s thch hp tn cng cc my ch.
Cc thng s khc nhau c s dng cho:
Windows XP.
Windows 2000.
Windows 2000 Advanced Server.
H iu hnh khc, chng hn nh Windows Me v NT khng b nhim virus ny.
Nu cc cuc tn cng thnh cng mt v c bt u trn cng 9996. Thng qua cng v Sasser ch
th cc my tnh t xa ti v chy su t my tnh tn cng bng cch s dng FTP. Cc my ch
FTP lng nghe trn cng 5554 trn tt c cc my tnh b nhim bnh vi mc ch phc v cc con su
cho cc my khc ang c nhim. Cc giao dch thng qua cc my ch FTP ng nhp
C:\win.log.
c. Mc nh hng
Cc worm Sasser xut hin ln u vo ngy 01 thng 5 nm 2004 v c nhiu c tnh rt khc nhau
ly nhim trn bao nhiu my tnh Windows.
Mt s doanh nghip bo co rng ch c khong 300.000 my c bt gp ra bi su trong khi con
s khc cho rng c ti mt triu my tnh b nhim.
Ti Hoa K su ny c bo co l nhim ti 300.000 my ti Deutsche Post lm cho n khng th
cho nhn vin giao tin. My mc ti ngn hng u t Goldman Sachs, y ban chu u v British
Airways v 19 vn phng khu vc ca Hng hi v C quan Bin Phng B Bin Anh tt c cc nn
nhn ca Sasser.
Trc s gin on ti bu in ca i Loan quc gia, c quan chnh ph Hng Kng v bnh vin,
ng st c v cc ngn hng Westpac u li cho Sasser.

8/ Conficker
a. Thng tin chung
L mt trong nhng su my tnh ni ting, c pht hin u tin vo u thng 11 nm 2008, worm
Conficker, cn c bit n vi tn Downup, Downadup v Kido, l mt loi su my tnh nhm n
h iu hnh Microsoft Windows, c pht hin ln u tin vo thng 10 nm 2008. Bin th u
tin ca su ny lan truyn qua Internet nh khai thc mt l hng trong chng mng ca Windows
2000, Windows XP, Windows Vista, Windows Server 2003, Windows Server 2008, Windows 7 Beta,
v Windows Server 2008 R2 Beta va c khm ph vo thng trc. Loi su ny gy kh khn mt
cch ng ngc nhin cho cc nh iu hnh mng v c quan thc thi lut php v n s dng phi
hp nhiu loi k thut phn mm c hi (malware) tin tin vi nhau.

Quay ngc thi gian trc vi thng. Ngy 23 Thng 10 nm 2008, Microsoft cng b bn tin bo
mt quan trng c m l MS08-067 Vulnerability in Server Service Could Allow Remote Code
Execution. Microsoft gii thch rng cc l hng trong dch v my ch c th cho php thc thi m t
xa nu mt h thng b nh hng nhn c mt cuc gi th tc t xa (RPC). iu ny c th cho
php k tn cng khai thc l hng ny m khng cn xc thc chy m nh phn trn cc h thng
Windows 2000 Service Pack (SP) 4, Windows XP SP2 v SP3, Windows Server 2003 SP1 v SP2,
Vista vng SP1, Windows Server h thng 2008 v Windows 7. Ngoi ra, Microsoft cnh bo rng
l hng ny c th c s dng trong tn cng ca mt dng su khai thc l hng. nh gi l hng
ny vi mc 10,0, l nh gi nghim trng nht ca h v ch ra mt l hng c tc ng cao v
kh nng thnh cng khai thc cao.

Bn t l s lng nhim su conficker

Mc d ngun gc ca t Conficker cn cha c chc chn, cc chuyn gia Internet v nhiu ngi
khc suy on n l mt t kt hp bng ting c gia ch configure v ch ficken, mt t chi th
trong ting c. Nh phn tch Microsoft Joshua Phillips cho rng Conficker l mt cch thay i th
t t tn min trafficconverter.biz.
Triu chng my tnh b nhim conficker:
Thit lp kha ti khon b t ng ti to li.
 Mt s dch v ca Microsoft Windows nh t ng cp nht (Automatic Updates), Background
Intelligent Transfer Service (BITS), Windows Defender v Error Reporting Services b tt.
Trnh iu khin tn min phn ng rt chm khi c yu cu t my khch.
Nghn mng ni b.
Cc web site lin quan n phn mm dit virus nh Kapersky, BitDefender.. hay dch v cp nht
ca h Windows(Windows Update) u khng truy cp c.
b. Th on ly lan
Ngi ta bit n nm bin th chnh ca su Conficker v t tn cho chng l Conficker A, B, C,
D v E. Chng ln lt c pht hin vo cc ngy 21 thng 11 nm 2008, 29 thng 12 nm 2008, 20
thng 2 nm 2009, 4 thng 3 nm 2009 v 7 thng 4 nm 2009.
Cc bin th A, B, C v E khai thc l hng trong Dch v Server ca cc my tnh chy Windows,
trong mt my tnh ngun b nhim s gi yu cu c che chn k thng qua gi th tc t xa
gy ra trn b m v thc thi m dng lnh (shellcode) trn my tnh ch. Trn my tnh ngun,
su ny chy mt HTTP server trn mt cng nm trong khong 1024 n 10000; m dng lnh ch s
kt ni ngc li vi HTTP server ny ti mt bn sao ca su di dng DLL, ri sau nh n
vo svchost.exe. Cc bin th B tr v sau c th nh n vo mt tin trnh services.exe hoc Windows
Explorer.
Bin th B v C c th thc thi cc bn sao ca chng t xa thng qua ADMIN$ share trn cc my
tnh c th nhn thy nhau qua NetBIOS. Nu th mc chia s c bo v bng mt khu, chng s c
gng thc hin tn cng vt cn, c kh nng to ra lu lng mng rt ln v lm thay i quy nh
kha ti khon ngi dng.
Bin th B v C t mt bn sao dng DLL ln bt k thit b tho lp c (nh USB flash), t
chng c th ly nhim sang cc my ch mi thng qua c ch Windows AutoRun.
t kch hot khi khi ng h thng, su ny lu mt bn sao dng DLL ca n vo mt tp tin
ngu nhin trong th mc h thng Windows, sau thm vo cc kha registry
bt svchost.exe khi ng DLL nh mt dch v mng n.
Su Conficker c mt s c ch y hoc ko cc d liu thc thi c qua mng. Nhng d liu
ny c su s dng t cp nht ln bin th mi hn, v ci t thm cc phn mm c hi.
Bin th A to ra mt danh sch gm 250 tn min hng ngy vi nm Tn min cp cao nht (TLD).
Tn min oc to ra t mt b to s ngu nhin o c ly mm t ngy thng hin ti m bo
rng mt bn sao ca su u to ra cng mt tn cho mi ngy. Sau su s to ra mt kt ni HTTP
n ln lt mi tn min, i truyn v mt lng d liu k.
+ Bin th B tng s tn min cp cao nht ln 8, v thay i b to s to ra giao gia cc tn min
do A sinh ra
+ chng li vic s dng tn min ngu nhin o ca su, ICANN v mt vi c quan ng k tin
min cp cao nht bt u phi hp ngn chn cc cuc truyn ti v ng k i vi cc tn min
ny. Bin th D chng li iu ny bng cch hng ngy to ra mt kho gm 50000 tn min trn khp
110 tn min cp cao nht, t n chn ngu nhin ra 500 tn kt ni vo ngy hm . Cc tn
min to ra cng c rt ngn t 8-11 k t cn 4-9 k t kh d ra bng heuristic hn. C ch y
mi ny (b tt cho ti ngy 1 thng 4) dng nh khng truyn c d liu sang hn 1% my ch b
nhim mi ngy, m n hy vng hot ng nh mt c ch gieo mm cho mng ngang hng ca su.
Tuy nhin cc tn to ra ngn hn c cho rng hng ngy s va phi t 150-200 tn min hin c, c
kh nng gy ra tn cng DDoS trn cc site ang gi tn min .
Bin th C to ra mt ng tn, qua n c th y URL c cha d liu c th ti v sang cc my
ch b nhim khc trn mng LAN.
Bin th B, C v E thc hin mt ming v bn trong b nh vo cc DLL c lin quan n NetBIOS
ng MS08-067 v theo di cc n lc ti ly nhim thng qua cng l hng ny. Vic cho php ti
ly nhim bi cc phin bn mi hn ca Conficker bin l hng thnh mt ca hu ly nhim mt
cch hiu qu.
Bin th D v E to ra mt mng ngang hng c bit y v ko d liu trn min Internet rng
hn. Kha cnh ny ca su c xo trn k trong m ngun v cha c hiu r, nhng ngi ta
quan st thy n s dng cch qut UDP trn din rng to ra mt danh sch ngang hng gm cc
my b nhim v TCP sau truyn i cc d liu k. khin cho vic phn tch tr nn kh
khn hn, cc cng kt ni cn b bm t a ch IP ca mi my ngang hng.
c. Mc nh hng
Mt bn cp nht c ng trn ngy 01 thng 4 nm 2010 trn trang web ca Symantec trng v tnh
hnh nhim conficker:
C khong 6.5 triu h thng vn ang nhim hoc l cc .A hoc cc bin th .B.
Cc bin th .C, m s dng mt phng php pht tn ly nhim dng im-ti-im, mt dn
trong nm 2009. T mc cao ca gn 1,5 triu ngi nhim bnh vo thng T nm 2009, t l ly
nhim gim dn n gia 210.000 n 220.000. iu ny cho thy mt s ngi dng my tnh
ang sa cha vn ny v loi b cc my tnh b nhim.
Symantec cng quan st thy mt bin th, .E, pht hnh vo ngy 08 thng 4 nm 2009, nhng phin
bn ny b xa chnh n t h thng b nhim vo hoc sau ngy 03 Thng Nm 2009.
Nh vy n nay, cc my vn nhim Downadup/Conficker khng c s dng cho bt k hot
ng ti phm ng k, nhng vi mt i qun gn 6,5 triu my tnh mnh m, cc mi e da vn
cn mt kh thi.

V. Cch thc pht hin v phng chng

1/ Cc k thut pht hin worm
Cng vi s pht trin ca cc k thut trong m hnh ca su cc k thut nhm pht hin v phng
chng su Internet cng c nghin cu v p dng. Sau y l mt vi k thut pht hin worm
da vo vic phn tch lu lng truyn thng, gim st nhng cng nhy cm, nhng l hng ca
h thng v pht hin da vo nh danh. Nhng phng php ny l nhng phng php quan
trng v ct li pht hin Hacker v c bit l su Internet.
2/ Phn tch lu lng
Phng php phn tch lu lng c pht trin theo di cc Hacker, phng php ny cng
c p dng thit k v thc hin trong nhiu phn mm theo di v gim st hot ng ca su; v
vy n cng ng tin cy.
3/ Gim st nhng h en trong mng v nhng cng nhy cm
Hai phng php hiu qu xc nh su mng v theo di hnh vi ca chng l s dng h thng
gim st h en v nhng cng nhy cm. Cc h thng ny c kh nng theo di hnh vi ca su v
ghi li nhng g quan st c. Nhng phn tch d liu sau s mang li nhng manh mi c gi tr
nh tc tng trng ca su, hoc thm ch c s hin din ca nhng agent mi xm nhp vo
mng.
Honeypots
Gim st Black Hole
Phng php theo di su khng cn s dng khng gian IP c chng minh l c hiu qu trong
vic theo di v pht hin su.
3/ Pht hin da vo nh danh
M hnh pht hin worm da vo nh danh s dng c s d liu bao gm cc thng tin v nhng con
su c bit n trc i chiu vi k l mt xm nhp vo h thng t a ra cc cnh
bo v mt con su. C ba loi chnh ca h thng pht hin da vo nh danh.
M hnh truyn thng trong phn tch nh danh
Phn tch nh danh l phng php phn tch ni dung ca d liu b bt pht hin s hin
din ca nhng chui c bit n. nhng ch k c lu tr trong c s d liu v c ch
ra t ni dung ca nhng file c hi c bit n. Nhng file ny thng l nhng chng trnh thc
thi c kt hp vi su.
Phn tch nh danh ti trng mng
Bi v su tn ti thng qua cc hot ng mng, s hin din ca chng c th c pht hin bng
cc s dng b gim st mng th ng v b gim st nh danh ti trng. Worm thng c nhng
nh danh c bit khi chng tn cng cc my ch trn mng. Bng cch xy dng th vin
nhng nh danh c hi c bit n, mt b gim st mng c th cnh bo cho mt qun tr vin
bit v s xut hin ca mt hot ng bt thng v ca mt worm mng.
Phn tch nh danh logfile
Nhiu su tn cng tt c cc my ch m khng c s chn lc c th b pht hin bng vic trin
khai cc my ch c h thng an ninh tt. Khi cc con su tn cng cc my ch khng h b tn
thng; ngc li chng cn thu thp c thng tin v con su nh: ti trng, kch thc hay my
ngun ca su tt c cc thng tin ny u c lu trong file log ca my ch . Vic phn
tch nhng thng tin trong file log c th cho chng ta nhng nh danh v mt con su. T c
th cp nht cho cc my ch khc bit v chng v loi tr hay ngn chn nhng yu cu ca cc su.
Phn tch nh danh file
Kim tra ni dung ca mt h thng file chng c th c s dng pht hin s c mt ca mt con
su. Bi v hu ht cc su u thc thi nh phn v u nm trn a ca h thng. y l phng
php ph bin nht c s dng tm kim su, v cng l c s cho vic ci t cc phn mm
antivirus. kim tra s hin din ca su, mt cng c pht hin su s c thc thi qut b nh
ca h thng.
Cc khuyn ngh phng chng su:
Xy dng chnh sch bo m an ton:
Chnh sch ca cc t chc cn gii quyt c vn phng, chng v x l cc s c lin quan ti
phn mm c hi. Ni dung ca chnh sch nn c s dng lm c s cho nhng n lc phng
chng phn mm c hi mt cch nht qun v hiu qu trong ton b t chc. Chnh sch phi mang
tnh tng qut, c th linh hot trong vic thc hin chnh sch v lm gim nhu cu cp nht chnh
sch thng xuyn, nhng cng phi c th thc hin mc ch v phm vi ca chnh sch r rng.
Chnh sch lin quan n cng tc phng chng phn mm c hi ph bin bao gm:
Yu cu qut phn mm c hi trn cc phng tin thng tin t bn ngoi a vo t chc trc
khi s dng chng.
Yu cu cc tp tin nh km email phi c qut virus trc khi chng c m ra.
Cm gi hoc nhn mt s loi tp tin ging nh cc tp tin thc thi qua email.
Hn ch hoc cm s dng phn mm khng cn thit, nh cc tin nhn mang danh c nhn v dch
v chia s h s tc thi.
Hn ch vic s dng cc phng tin lu tr di ng (cc a flash), c bit l trn cc my
ch c nguy c ly nhim cao, cc trm truy cp mng cng cng.
Ch r cc loi phn mm phng nga (chng virus, lc ni dung) bt buc i vi tng loi my tnh
(my ch email, my ch web, my tnh xch tay, in thoi thng minh) v ng dng (ng dng
email, trnh duyt web), cng danh sch cc yu cu nng cao cho cu hnh v bo tr phn mm (nh
tn sut cp nht phn mm, tn sut v phm vi qut my ch).
Hn ch hoc cm s dng thit b di ng ca t chc hoc ca c nhn kt ni vi mng ca t
chc cho vic truy cp t xa.
Nng cao nhn thc ca ngi dng
+ Khng m cc email ng ng hoc file nh km email, kch chut vo siu lin kt nghi ng, hoc
truy cp cc trang web c th cha ni dung c hi.
+ Khng kch chut vo trnh duyt web, ca s popup nghi ng c hi.
+ Khng m cc tp tin vi phn m rng nh .Bat, .com, .exe, .pif, .vbs, thng c nhiu kh nng
c lin kt vi cc phn mm c hi.
+ Khng v hiu ha cc c ch kim sot an ninh, phn mm c hi (nh phn mm chng virus,
phn mm lc ni dung, tng la c nhn).
+ Cc Host bnh thng khng c s dng ti khon cp cho qun tr vin.
+ Khng ti hoc thc hin cc ng dng t cc ngun khng tin cy.
Ngi dng cng cn bit v chnh sch v th tc p dng x l s c phn mm c hi, chng
hn nh cch thc xc nh mt my ch b nhim phn mm c hi, cch bo co mt nghi ng c
s c, h tr x l s c. Ngi s dng cng cn c bit v cch thc thng bo s c phn
mm c hi chnh v a ra cch xc minh tnh xc thc ca tt c cc thng bo. Ngoi ra, ngi
s dng cn phi bit thc hin mt s thao tc khi c s c, chng hn nh ngt kt ni my ch b
nhim phn mm c hi t cc mng.
i ph vi loi tn cng s dng k ngh x hi
+ Khng bao gi tr li email yu cu thng tin ti chnh hoc c nhn. Thay vo , lin lc vi ngi
hoc t chc ti s in thoi hoc trang web hp php. Khng s dng thng tin lin h cung cp
trong email v khng bm vo bt k file nh km hoc cc siu lin kt trong email nghi ng.
+ Khng cung cp mt khu, m PIN hoc m truy cp khc p ng vi cc email t a ch l
hoc ca s mi. Ch nhp thng tin vo cc trang web hoc ng dng hp php.
+ Khng m tp tin nh km email ng ng, ngay c khi chng n t nhng ngi gi quen bit.
Nu nhn c mt tp tin nh km bt ng, cn lin h vi ngi gi (tt nht l bng mt phng
php khc ngoi email, chng hn nh in thoi) xc nhn rng tp tin nh km l hp php.
+ Khng tr li bt k email ng ng hoc t a ch l.

Kt lun
Lch s ca su my tnh cn tip tc pht trin ng hnh vi cc cng b l hng ca phn mm,
thit blin tc c a ra gn y. Ngy nay cc kt ni l tnh nng khng th thiu ca mi h
thng, vi s ra i ca cc thit b IoT (Internet of Thing), kt ni l rt quan trng. Mng, kt ni
chnh l mi trng nui dng ca su my tnh. V vy bo m an ton v gim thiu ri ro khi
c s c lin quan ti su my tnh l vn cn c cp khi thit k v pht trin mi h thng
thng tin. Cn c gii php d qut, pht hin cc im yu, cc l hng, cc li zero day kp thi
c bin php chng v gim thiu ri ro do su my tnh gy ra.