| Digital Watermark, which was proposed in recent years, is a very important study in research of information security. Its potential value of economy and science attracted a great many of scholars and companies in international. In this paper, author proposed a new attacking scheme through combining the digital watermarking technology with conventional computer virus and Trojan horse. The combination of both make a great difference between the new invading scheme and traditional one, which are presented as the following:Communication method: With the help of digital watermark, sever and client of Trojan horse can communicate with each other through transfer files which carried watermark information. The new mode promotes the development of custom Trojan horse scheme by free it from the dependence of communication protocol. This important improvement also give invaders powerful technical support and make them can easily exchange information through current firewalls, bringing a turn in the course of events to the progress of invading technology.Existing form: In order to prevent be noticed by users of invaded machine, the size of traditional invading programs are always very small. This limitation, however, makes many complex functions cannot be provided by sever. Now, with the help of digital watermark, a Trojan horse can divide itself into many fractions, then embedded them to different files as watermark. When some function mode are needed, the program can extract corresponding watermarks and reform them. Since the embedding of watermark will not cause change of the size of carrier. Thecontradiction between the size and the capability of program can be solute in this way. Invader need only a few free hard disk space to perform embedding and extracting of watermarking as well as the reform of binary code to install a complex Trojan horse of very large size. The new Trojan horse/virus is so strong that cannot be eliminated easily.Concealment: Traditional Trojan horse/virus has a lot of important functions that depend on the realization of operation system. The code perform key system calling can be used as the mark of the kind of Trojan horse to help people find out it. Since the digital watermark algorithm has the character of individuation, as it say, same kind of algorithm can have different realizations, so, it hard for people to find out its mark. The code perform key system calling can be embedded into files as watermark, and extracted out when it is needed. Thereby, people can hardly find it out.The way of activation: Limited by the communication mode, the server of traditional Trojan horse need listens particular port or scans a given net address list to set up connection with corresponding client. Both of them are hard to escape from the surveillance of firewall, once been noticed, the server will be eliminated. In this paper, author proposed a novel mode of activation using digital watermark technology and provided some new ideas for future research of Trojan horse.The features of digital watermark have been mentioned inspire a series of possibility of new technique means realizes.Hiding control: Hiding control realizes the control of target hosts by the way of transmitting carrier files with watermark control information. It has protocol independence, so the existing firewall system that bases on protocol analyze can hardly keep it away. This means not only improves the survival ability of Trojan horse greatly, but also the secrete degree of controlling on target hosts.Hiding monitor: Hiding monitor records users' behavior on target hosts and embeds correlative information in usable carrier files on local machine. The log information recorded by this means can be saved on hostssafely. Because the log information has been embedded in the carrier files. It is hard to erase the former records even user finds out that he is being monitored and clears the relative monitor programs. By this means, it is more stable and more reliable than the traditional log information. And it is hard to be found for th...
|
PDF Full Text Request