| In a world where Internet is advancing rapidly, the information and content control on the Internet is more and more important. In recent years, however, there has been one type of Internet penetration software, which uses dynamic proxy server to send encrypted information. Thus it can pass through the network monitoring and blocking. The aim of this thesis is to analyze this kind of software using reverse engineering techniques, understand the software structure and communication process, and take countermeasures accordingly.We analyze various versions of the Internet penetration software—Garden. We design one fast method to analyze the executables in Windows platform, make use of the method to learn the internal working process of Garden, understand its ways to obtain secure proxies, and reveal the hidden information inside the executable. Based on that, we design control schemes to block the Internet communication requests by Garden without interfering other network communications, and implement the schemes on both Linux servers and embedded devices.We use reversing techniques to analyze the software protection schemes of Skype, and propose countermeasures. We then analyze the cryptographic schemes in logging and communication process. Besides, we study the methodologies and tools in locating and detecting the malicious software, as well as the schemes of automatic malware analysis. We compare the advantages and disadvantages of these schemes, thus provide new directions of accurate and thorough malware analysis. |
PDF Full Text Request