Research on Trojan Horse Detection under Windows Platform
|Course||Applied Computer Technology|
|Keywords||TrojWare Buffer overflow RootKit DKOM SSDT|
With the wide spread of Internet, Mailware became more and more rampancy. The number of law case that uses TrojWare is increasing. Criminal plant TrojWare into the couputer of user’s to steal more valuable information, for example, Security Accounty, password, etc. All above has bring a large scale of loss to many net citizens, and threaten the security of internet.Further more,the techinology that the TrojWare used has become deeply imerse into operating system’s internal. So they were very difficult to find them.This article first analysis the common skill of TrojWare used to plant,for example,file bind,buffer flow,and web TrojHorse,etc.Second,it uncover the techonology that TrojWare used to hide themselves after they invade the user’s computer successfully.This technology involved many data struct in the windows operating system. That is common undocumented, so many conclusions is conclused by disassembling the code of operate systems and the symbol file by Microsoft provided.At last, the auther of this article develop a utility to detect the existing of Trojware. We use this software’analysis for the key palace in operating system, can decide whether the TrojWare has been planted into our computer, and restore the data struct that be modified by TrojWare.