【作者】 黄树；

【导师】 徐汀荣；

【作者基本信息】 苏州大学 ， 计算机技术， 2007， 硕士

【摘要】 目前计算机病毒可以渗透到信息社会的各个领域,给计算机系统带来了巨大的破坏和潜在的威胁。为了确保信息的安全与畅通,提高计算机用户的木马病毒防范意识,因此,研究计算机病毒,尤其是木马病毒的防范措施已迫在眉睫。本文从计算机病毒及木马的起源及现状的分析开始着手,对上百种流行木马的常见攻击手段进行追踪分析,从中寻求其相似性。经过不断地实验和分析,总结并提炼出了木马病毒的攻击类型:修改系统注册表、修改文件打开关联、远程屏幕抓取、远程关机和重新启动、键盘与鼠标的控制、远程文件管理等。为了进一步揭示这些常用攻击类型的原理和危害性,本文利用Windows API函数和MFC开发语言等工具实现了对这些手段的过程模拟,并在此基础上,完成了基于进程的木马查杀模块的开发实现。本文在木马误杀问题及常见的木马类病毒的通用防治方法等方面也进行了一些原理和技术上的分析和探讨。本文给出的查杀模块的木马病毒专杀工具,经过数家单位实践检验,取得了良好的效果,在遇到新的木马病毒时,可以在很多杀毒软件生产商病毒库升级以前,通过该工具进行有效的查杀,已经为相关单位节省了数万元的投入,取得了良好的经济效益和社会效益。本文提出的木马查杀设计思想在该领域是具有一定的指导意义,为计算机网络安全提供了一种全新的探索方法。更多还原

【Abstract】 Presently, computer viruses are penetrating every area of information communities and have imposed substantial threats and risks on the computer system. To ensure the availability and security of the information and raise the computer users’awareness of Trojan virus prevention, intensive research on preventing the computer viruses, especially Trojan viruses, is imminent.This paper begins with the analysis of the origin and status of the Trojan viruses, then tracks and analyzes hundreds of popular Trojan common attack means to seek their similarity. After constantly experiments and analysis, the author has finally summarized up some of the most common attack means: revised system registry, modify documents open association, remote screen capture, remote shutdown and restart, keyboard and mouse control, the remote file management. In order to further reveal the principle and danger of these commonly used attack means, the author makes use of Windows API function and MFC language development to achieve the simulation of attack process. On basis of this, the author has finished developing Trojan detected modules which is working in process.This paper has also discussed the problem of Trojan wrongly detected and common prevention methods for the Trojan-like virus in the view of some principles and technical analysis. The author’s Trojan killing tool for Trojan virus module has already applied in several institutions, with good results. Facing of the new Trojan viruses, the Trojan killing tool is able to work effectively before many antivirus software maker improves his product. This has saved a few million dollars, and has brought good economic and social benefits.The design idea of detecting Trojan which presents in this paper has a guiding significance in the concerned field. This paper introduces a new exploration method for the computer network’s security.更多还原