Trng i Hc Cng Ngh Thng Tin

g My
y Tnh v Truyn
y Thng
g
Khoa Mng

AN TON
MNG

MY TNH
ThS. T Nguyn Nht Quang

NI DUNG MN HC
1.
2.
3.
4.
5.
6.
7.
8.
9.

Tng
gq
quan v an ninh mng
g
Cc phn mm gy hi
Cc g
gii thut
m ho d liu

M ho kho cng khai v qun l kho

Chng thc d liu
Mt s giao thc bo mt mng
Bo mt mng khng dy
Bo mt mng vnh ai
Tm kim pht hin xm nhp
ATMMT - TNNQ

BI 2

CC PHN MM GY HI

A. TROJAN V BACKDOOR

Ni dung
1
1.

Lch s hnh thnh Trojan

2.

Khi nim v Trojan

3.

Ph lloii T
Phn
Trojan
j

4.

Mt s Trojan ph bin

5.

Phng chng Trojan

6
6.

Mt s cng i cng cc Trojan thng dng

7.

Bi tp
ATMMT - TNNQ

1
1. Lch s hnh thnh Trojan
Nga Trojan trong
truyn thuyt Hy Lp c
i th k 17
17.
Trojan trn my tnh

c
to
t ra u
tin
ti l
Back Orifice, c cng
xm
nhp
h l 31337
31337.

ATMMT - TNNQ

2
2. Khi nim v Trojan
Trojan l chng trnh gy tn hi n ngi
dng my tnh
tnh, phc v cho mc ch ring no
ca hacker.
Thng hot ng b mt v ngi dng khng
nhn
h ra s h
hott
ng ny.

Cng dng hay gp nht ca trojan l thit lp

q
quyn
y iu khin t xa cho hacker trn my
y b
nhim trojan.

ATMMT - TNNQ

2 Khi nim v Trojan

2.

ATMMT - TNNQ

2
2. Khi nim v Trojan
Trojan khng t nhn bn nh virus my
tnh m ch chy ngm trong my b
nhim.
nhim
Trojan thng lm chm tc my tnh,
cm chnh sa registry
registry

ATMMT - TNNQ

2. Khi nim v Trojan

Trojan xm nhp vo h thng

Cc con ng
ng d
dng
ng
Messenger.
File nh km
km.
Truy cp vt l.
D
Duyt
t W
Web
b v
E
Email.
il
Chia s file.
Ph mm
Phn
min
i ph.
h
Download tp tin, tr
chi,
h i screensaver t
internet
ATMMT - TNNQ

10

2. Khi nim v Trojan

Cc con ng
Trojan xm nhp vo h thng

Graffiti.exe
One file
exe maker
k

ATMMT - TNNQ

11

2. Khi nim v Trojan

Cc con ng
Trojan xm nhp vo h thng

ATMMT - TNNQ

12

2. Khi nim v Trojan

Cc con ng
Trojan xm nhp vo h thng

ATMMT - TNNQ

13

3
3. Phn loi Trojan
Loi iu khin t xa (RAT)
Keyloggers
Trojan ly cp password
FTP trojans
Trojan ph hoi
Trojan chim quyn kiu leo thang
ATMMT - TNNQ

14

3.
3 Phn loi Trojan

ATMMT - TNNQ

15

3
1 Trojan iu khin t xa (RAT)
3.1.
RAT bin my tnh b nhim trojan thnh
mt server my tnh client ca hacker
truy cp vo v nm quyn iu khin
khin.
T ng kch hot mi khi my tnh hot
ng.
ng
Gm 2 file, mt cho server, mt cho client.
Thng c ngy trang di mt kiu
file bnh thng no giu kiu exe.
ATMMT - TNNQ

16

3
1 Trojan iu khin t xa (RAT)
3.1.
Mi RAT thng chy server di mt cng
ring bit cho php hacker thm nhp vo my
b nhim trojan v tin hnh iu khin t xa.
Thng v hiu ho vic chnh sa registry nn
kh xo trojan
j ny.
y
i khi c th s dng trong vic qun l my
ttnh t xa.
a
Ph bin c Back Orifice, Girlfriend, Netbus

ATMMT - TNNQ

17

3
2 Keyloggers
3.2.
Keylogger bao gm hai loi,
mt loi keylogger phn cng
v mt loi l phn mm.
Nh gn, s dng t b nh
nn kh p
pht hin.

Hot ng n gin, ch yu l
g
ghi li
d
din
b
bin
ca b
bn p
phm
ri lu li trn my hoc gi v
cho hacker qua email.
ATMMT - TNNQ

18

3
2 Keyloggers
3.2.
Nu dng gim st con ci, ngi thn xem
h lm g vi PC, vi internet, khi chat vi ngi
l th keylogger l tt.
Khi s dng keylogger nhm nh cp cc
thng
g tin c nhn ((ti khon c nhn,, mt
khu,,
th tn dng) th keylogger l xu.

ATMMT - TNNQ

19

3
2 Keyloggers
3.2.
Mt
keylogger
y gg thng
gg
gm ba phn
p
chnh:
Chng trnh iu khin: iu phi hot ng, tinh
chnh cc thit lp, xem cc tp tin nht k. Thng
thng ch c th gi bng t hp phm tt
tt.
Tp tin hook, hoc l mt chng trnh monitor dng
ghi nhn li cc thao tc bn phm, capture screen.
Tp tin nht k (log), ni cha ng ton b nhng g
hook ghi nhn c.
Ngoi ra, ty theo loi c th c thm phn chng
trnh bo v (protect), chng trnh thng bo
(report)
(report)
ATMMT - TNNQ

20

3.2.
3 2 Keyloggers

ATMMT - TNNQ

21

3.2.
3 2 Keyloggers

ATMMT - TNNQ

22

3
3 Trojan n trm password
3.3.
n cp cc loi mt khu lu trn my b
nhim nh mt khu ca ICQ, IRC,
Hotmail Yahoo
Hotmail,
Yahoo ri gi v cho hacker
qua email.
Cc loi trojan ph
bin l Barri,
Kuang, Barok.

ATMMT - TNNQ

23

3
4 FTP Trojan
3.4.
Loi ny m cng 21 trn my b nhim
nn mi ngi u c th truy cp my
ny ti d liu.
liu

ATMMT - TNNQ

24

3
5 Trojan ph hoi
3.5.
Mc ch chnh l ph hoi
Ph hu a cng, m ho cc file
Rt nguy him, kh kim sot

ATMMT - TNNQ

25

3.6. Trojan chim quyn

ki

kiu lleo th
thang
c quyn
Thng c gn vo mt ng dng h
thng no v s cho hacker quyn cao
hn quyn c trong h thng khi ng
dng ny chy.

ATMMT - TNNQ

26

4. Mt s Trojan ph bin
G S
KGB
SPY
L loi trojan mnh, c s dng rng ri.
Version c cp nht lin tc.
C th theo di cc p
phm nhn,, mn hnh
C cc tab trong chng trnh:
- General options
p
- Password
- Email Delivery
- Filters
- Invisibility

- Advanced options
p
- Screenshot
- FPT Delivery
- Alert Notifications

ATMMT - TNNQ

27

4. Mt s Trojan ph bin
KGB
G SPY
S

ATMMT - TNNQ

28

4. Mt s Trojan ph bin
KGB SPY

ATMMT - TNNQ

29

4. Mt s Trojan ph bin
Blazing Tool Perfect
f
Keylogger
L mt trojan mnh, c s dng rng
ri trn internet
internet.
Cho php nhn thng tin t my b nhim
trojan t email hoc fpt server.
server
C th lu li cc phm nhn, cc link
web,
b ni
i d
dung chat
h t

ATMMT - TNNQ

30

4. Mt s Trojan ph bin
Blazing Tool Perfect Keylogger

ATMMT - TNNQ

31

4. Mt s Trojan ph bin
007 Spy Software

ATMMT - TNNQ

32

4. Mt s Trojan ph bin
007 Spy Software

ATMMT - TNNQ

33

4. Mt s Trojan ph bin
St lth Keylogger
Stealth
K l

ATMMT - TNNQ

34

4. Mt s Trojan ph bin
DJI RAT

ATMMT - TNNQ

35

4. Mt s Trojan ph bin
NET BUS
S

ATMMT - TNNQ

36

4. Mt s Trojan ph bin
HackerzRAT

ATMMT - TNNQ

37

4 Mt s Trojan ph bin
4.

ATMMT - TNNQ

38

5. Phng chng Trojan

ATMMT - TNNQ

39

5
5. Phng chng Trojan
Hn ch s dng chung my tnh
tnh, ci t
mt khu bo v.
Khng m cc tp tin l khng r ngun
gc, ch cc file c phn m rng l
exe com
exe,
com, bat
bat, scr,
scr swf
swf, zip
zip, rar
rar, gif
gif
Khng vo cc trang web l.
Khng click vo cc ng link l.
Khng
g ci t
cc p
phn mm l.

ATMMT - TNNQ

40

5
5. Phng chng Trojan
Khng download chng trnh t cc
ngun khng tin cy.
Lun lun t bo v mnh bng cc
chng chnh chuyn dng chng virus,
chng spyware v dng tng la khi
ng nhp Internet.
Th
Thng
xuyn
cp
nht
ht
y cc
b
bn
cp nht bo mt ca h iu hnh.
ATMMT - TNNQ

41

5
5. Phng chng Trojan
Qut cc port ang m vi cc cng c nh
Netstat, Fport, TCPView
Q
Qut cc tin trnh ang
g chy
y vi Process
Viewer, Whats on my computer, Insider
Qut nhng
g thay
y i trong
g Registry
g y vi
MsConfig, Whats running on my computer
Qut nhng hot ng mng vi Ethereal,
WireShark
Chy cc phn mm dit Trojan.
ATMMT - TNNQ

42

5
5. Phng chng Trojan

ATMMT - TNNQ

43

5. Phng chng Trojan

Trojan Hunter

ATMMT - TNNQ

44

5. Phng chng Trojan

S
Spyware
pyware Doctor

ATMMT - TNNQ

45

5. Phng chng Trojan

TCPView
C

ATMMT - TNNQ

46

5. Phng chng Trojan

CurrPorts Tool

ATMMT - TNNQ

47

5. Phng chng Trojan

Process Viewer

ATMMT - TNNQ

48

5. Phng chng Trojan

Whatss running
What

ATMMT - TNNQ

49

5. Phng chng Trojan

Capsa Network Analyzer

ATMMT - TNNQ

50

5. Phng chng Trojan

Pen Testing

ATMMT - TNNQ

51

5. Phng chng Trojan

Pen Testing

ATMMT - TNNQ

52

5. Phng chng Trojan

Pen Testing

ATMMT - TNNQ

53

6. Mt s cng
i cng
cc
Trojan thng
dng

ATMMT - TNNQ

54

6. Mt s cng
i cng
cc
Trojan thng
dng
Satanz Backdoor|666

FTP99CMP|1492

WinCrash|4092

DeepThroat|6771

Silencer|1001

BackDoor|1999

ICQTrojan|4590

GateCrasher|6969

Shivka--Burka|1600
Shivka
|

Trojan
j Cow|2001
|

Sockets de Troie|5000
|

Priority|6969
y|

SpySender|1807

Ripper|2023

Sockets de Troie
1.x|5001

Remote Grab|7000

Shockrave|1981

Bugs|2115

NetMonitor|7300
Firehotcker|5321

WebEx|1001

NetMonitor 1.x|7301

Deep Throat|2140
Blade Runner|5400

Doly Trojan|1011

NetMonitor 2.x|7306

The Invasor|2140
Blade Runner 1.x|5401

Psyber Stream
Server|1170
Ultors Trojan|1234

NetMonitor 3.x|7307

Phineas Phucker|2801
Blade Runner 2.x|5402

NetMonitor 4.x|7308

Masters
Paradise|30129

Robo--Hack|5569
Robo
ICKiller|7789

VooDoo Doll|1245

Portal of Doom|3700

DeepThroat|6670

ATMMT - TNNQ

55

6. Mt s cng
i cng
cc
Trojan thng
dng
Portal of Doom|9872
Portal of Doom
1.x|9873
Portal of Doom
2.x|9874
Portal of Doom
3.x|9875
Portal of Doom
4.x|10067
Portal of Doom
5 |10167
5.x|10167
iNi--Killer|9989
iNi
Senna Spy|11000
py|

Hack?99
KeyLogger|12223

Evil FTP|23456

Masters Paradise
1 x|40422
1.x|40422

Ugly FTP|23456
GabanBus|1245

Delta|26274

NetBus|1245

Back Orifice|31337

Whack--a-mole|12361
Whack

Masters Paradise
2.x|40423
Masters Paradise
3.x|40426

Back Orifice|31338
Sockets de Troie|50505

Whack-a-mole
Whack1 |12362
1.x|12362

DeepBO|31338

Priority|16969

NetSpy DK|31339

Millennium|20001
|

BOWhack|31666

Remote Windows
Shutdown|53001

NetBus 2 Pro|20034

BigGluck|34324

Telecommando|61466

GirlFriend|21544

The Spy|40412

Devil|65000

Fore|50766

The tHing|6400
ATMMT - TNNQ

56

6. Mt s cng
i cng
cc
Trojan thng
dng
NetBus 1.x|12346
1 x|12346

Gatecrasher |6969

Stealth Spy |555

BladeRunner | 5400

NetBus Pro 20034

Telecommando | 61466

Pass Ripper |2023

IcqTrojan | 4950

SubSeven|1243
|

Gjamer
j
||12076

Attack FTP ||666

InIkiller | 9989

NetSphere|30100

IcqTrojen| 4950

GirlFriend | 21554

PortalOfDoom | 9872

Silencer |1001

Priotrity |16969

Fore, Schwindler|
50766

ProgenicTrojan | 11223

Millenium |20000

Vodoo | 1245

Prosiak 0.47 | 22222

Devil 1.03 |65000

Wincrash | 5742

Tiny Telnet Server|

34324

NetMonitor| 7306

Wincrash2| 2583

Kuang |30999

RemoteWindowsShutd
own | 53001
RoboHack |5569

Streaming Audio
Trojan| 1170

Netspy |1033

Senna Spy Trojans|

11000

Silencer | 1001

WhackJob | 23456

Striker | 2565

ShockRave | 1981
Socket23 |30303

ATMMT - TNNQ

57

7
7. Bi tp
1.

Di y lit k mt s Worm ph bin v port tng ng.

Tm kim ti liu lin quan v m t cch hot ng ca 5
Worm khc nhau trong danh sch.

ATMMT - TNNQ

58

7
7. Bi tp
2.

Di y lit k mt s Trojan ph bin v port tng

ng. Tm kim ti liu lin quan v m t cch hot ng
ca 5 Trojan khc nhau trong danh sch.

ATMMT - TNNQ

59

7
7. Bi tp
3.

Xy dng nhng quy tc ACL chn cc Worm v cc

Trojan
j (( nu trong
g bi 1 v 2)) xm nhp
p vo mng
g ni
b.

4.

M t chc nng qut Heuristic tm Virus.

5.

M t s ging nhau v khc nhau trong cch hot ng

gia cc phn mm McAfee VirusScan v Norton AntiVirus
AntiVirus..

6.

Tm kim t cc trang web c lin quan danh sch Virus v

Trojan mi xut hin trong 2 tun qua. Nu mt s c
im chnh ca chng.

7.

Gii th
thch
h ttii sao S
System
t
Ad i i t t kh
Administrator
khng nn
s
dng
d
mt ti khon ngi dng c mt khu super
super--user duyt
Web hoc gi v nhn E
E--Mail.
ATMMT - TNNQ

60

7
7. Bi tp
8.

Web 2.0 xut hin vo nm 2004, i din cho th h th

g ngh
g Web. Bng
g di yy m t vi k
thut

hai ca cng
tng ng gia Web 2.0 v Web 1.0 th h trc:

Web 2.0 c cng mt s vn v bo mt nh Web 1.0

v cn pht sinh thm mt s vn mi. Tm cc ti liu
lin quan v m t
5 vn

bo
mt trong Web 2.0.
ATMMT - TNNQ

61

7
7. Bi tp

9.

Vo trang http://www.microsoft.com/downloads
http://www.microsoft.com/downloads,, download
v v ci t trn my tnh cc phn mm:
1.

Windows Defender

2.

Microsoft Security Essentials

Ch Wi
Chy
Windows
d
D
Defender
f d qut
t S
Spyware, gii
ii th
thch
h c
ch hot ng ca phn mm ny.

nh gi Microsoft Security Essentials vi mt s phn

mm tng t ph bin nht hin nay v:
1.

Kh nng chng m c hi

2.

Tng la tch hp vo IE

3.

H thng gim st mng tng kh nng ngn chn tn cng

t bn ngoi

4.

Tiu tn ti nguyn, thi gian hot ng

ATMMT - TNNQ

62

5
5. Bi tp
10.

Trong h iu hnh Windows, cookies ca

ca trnh duyt IE
c lu tr trn a C trong th mc Documents and
Settings. Vo th mc l tn ngi dng, vo th mc
Cookies Chn v m ngu nhin mt tp tin cookie
Cookies.
cookie.. Gii
thch nhng g bn thy, v tr li cc cu hi:
hi:

Nu cookie c truyn ti cc my ch Web di dng

plaintext, lit k v m t cc mi e da bo mt tim tng
m ngi dng c th s gp
gp..

Nu ngi dng c php chnh sa cc tp tin cookie lu

tr trn my tnh cc b
b,, lit k v m t cc mi e da
bo mt tim
tng c th
xy ra cho cc my ch Web.
ATMMT - TNNQ

63

5
5. Bi tp
11.

Nu chc nng v cch s dng cc cng c:

Netstat
Fport
TCPView
CurrPorts Tool
Process Viewer
Whats running
One file exe maker
ATMMT - TNNQ

64