| Along with the development and popularization of the Internet technology, people's daily life gets more and more attached to the virtual network. In spite of the great convenience the Internet contributes, it also exposes people in certain security problems. For instance, online game account, QQ number or more importantly, online banking account might be cracked or attacked by "Trojans", which are specifically designed to steal password. Password Stealing (PWS) Trojan is one of the most special tools among the "Trojans".PWS is very different from virus, the later is good at spreading and destroying; the former, however, focuses on concealment and stealing of data from users targeted. Due to the prominent concealment, remote implantation and controllability of PWS, it has become one of the indispensible instruments for hackers and criminals to intrude or control people's network or computers. Recently, when things are more and more financially involved, PWS is even advertised in online market. On the other hand, the traditional anti-virus technology, which is mainly built on the signature-based extractions and comparisons, seems very hard to detect or clean the new and variant Trojans. The novel concepts of the detection of PWS are, therefore, highly expected and the precaution design against the Trojan is also extremely necessary.The main work of this article are as follows:1. The working principle, the classification, the history, the implantation and the development of Trojans are systematically studied first in the current work; the concealment, the self-booting, the auto recovery, the initiative, the function specificity and the communication of Trojans are then probed step by step.2. A detect-and-kill method is proposed based on the observing of the origin principles and techniques of two Trojans. The traditional way to scan Trojans has very obvious defects:the anti-virus tools can only be built after the Trojans are invented and commit certain damages.3. In the present work, the classic monitoring techniques are improved and the password stealing function of Trojans is terminated completely by preventing the auto-booting process, the password-stealing action initiation and the creation of the files of Trojans。Particularly, the monitor of the key API is highly sensitive to the attack of most of unknown Trojans. This method has high efficiency, low "miss-report" efficiency and good commonality..4. The monitoring process provide open the rule library. Users can, therefore, freely assign any files and their processes to be monitored, which authentically achieved the goal to protect from well-defined objectives. The attack of password stealing Trojans on sensitive files can thus be stopped effectively, which shows an ideal remedy for those "abnormity detection" applications. Due to the defined objectives to avoid, the current method only take a very small portion of the system resource when perform, so has little effect on the system operation itself. Due to the open-source of the rule library, the made of it is very flexible and easily to be upgraded and maintained. The only limitation of the method is it is kind of difficult for people who do not possess certain knowledge of computers.5. Give a solution of smart upgrade by manually killing. Any software is not everything..Some Trojans are not clear by software. The rule library can smart upgrade by manual killing Trojans. |
PDF Full Text Request