電腦病毒( computer virus )與 入侵攻擊
Post on 03-Jan-2016
90 Views
Preview:
DESCRIPTION
TRANSCRIPT
-
Computer Virus.......
-
. 1. Computer Virus 2. (3) memorylife life Email(4) file .exe (2)
-
. NOTE1NOTE2quasi-virus(1) 1987CHRISMAS(2) (a) Torojon HorseBBS(b) NOTE3Carrier computer virus LANInternet E-mail VBS_LOVELETTER
Back Orifice
-
. 3. : : symptom boot sector 41track 41gappartition recordexecomovlsyshidden filedata file exe com, boot sector, partition record, device driver, overlay file load timememory hard disk file file file
-
. 4. 1960HackerMIT 1984CohenComputer Virus 1988*Morrisworm19901000040036000shut down1097 (1.) SEND MAIL(hole; bug)(2.) finger demon (3.) (trusted host feature) (password)(4.) (program of password guessing
-
. 4. Techweb2010:
CIH(1998)Windows 95/98EXE
(Melissa,1999)Word97
I love you(2000)VBScriptE-Mail
(Code Red2001)
SQL Slammer(2003)SQL SERVER 20001434
(Blaster2003)IPWin2K@@PDCOM RPC
-
. 4.
.F(Sobig.F2003)Sobig.f Sobig.fSMTP
(Bagle2004)
MyDoom(2004)MyDoom P2PKazaa
Sasser(2004)Lsass( MS04-011)
-
. 5. internet () Internet , .EXE.COM VBA , .DOC.XLS , Taiwan NO.1 VBScript JAVAScript , .VBS.JSDOSDOS (Interrupt) boot sectorpartition tableC-BrianDisk-Killer *.COM*.EXE (Boot Sector) :(Hammer)Flipplastique
-
. 1. (1)
BIOS BIOS
POST POST
(1)
BOOT Partition
(2)
DOS BOOT
CONFIG.SYSAUTOEXEC.BAT DOS
A:\> CONFIG.SYSAUTOEXEC.BAT
C:\>
-
. 1. (2) -
INT 21H
INT 21H INT 21H
21H21H
INT 21HINT 21H
21H
-
. 1. (2) - (2) -
MIX.EXEINT 21Hfile
-
. COMEXE.COM OR .EXE(1) (2).EXE.COMCODEDATASTACKsegment64K memory.EXECOMEXEMEMORY
-
. 2. (1)COM
-
. 2. (1)COM
-
. 2. (1)COM
-
. 2. (1)COM
-
. 2. (1)COM
-
. 2. (2)EXE
-
. 1. (Binary Code) scanscan .EXE .COMBOOTpartition
-
. 1. (Check-sum) (Rule-based)
-
. 1. VICEDOSCPUVICE(Software Emulation) (Polymorphic /Mutation Virus)CPUDOS(Virtual Machine)VICE(Virus Instruction Code Emulation)
-
. 1. I/O(Realtime I/O Scan) MacroTrapTM (Rule base) OLE2 Realtime I/O Scan/Realtime I/O scan(MacroTrapTM)
-
. 2. (1) PATH COMSPECCOMMAND.COM(2)
-
. 2. (2) COM(a) 1.2.:stack
-
. 2. (2) COM(a)
-
. 2. (2) COM(a)
-
. 2. (2) COM
-
. 2. (2) EXESSSPCSIP(a): SPSSIPCS
SPSSIPCSwolf-man (b)SSSPIPCS
()
-
. 2. (2) EXE
-
. 2. (3)
BOOTpartition tablestonedDisk-KillerC-BrianclusterBOOTDOSBOOTPartition TablePT0 Head0 Track2-17 sector
-
. 3. COM
SCAN
-
. 3. COM
-
. 3. EXE
-
. 3.
-
.
1. (1)
-
.
1. MEMORYDISK MEMORYDISK (1)
-
.
1. (1)
-
.
1. (2) ?
-
.
1. (2) WHY?
-
.
1. (2) vac_size (16 bytes)((filesize+15)/16 * 16) + vac_size; (16bytes)CS()((filesize+15)/16) headersizeIPSSCSSPvac_size filesize headersizeCSIPSSSP
-
.USB
USBAutorun.infUSB()Autorun.inf
-
.
1. C:\WINDOWS\system32(sysudisk.exe)(Windows )(c:\d:\e:\) autorun.inf (udisk.exeshell.exe)recyclerecyled() USBUSBUSBWindows USBautorun.inf USBWindows USB USBUSBAutorun.infUSB()Autorun.inf
-
.
2. autorun.infUSBUSB autorun.inf autorun.inf USB
-
.
(Denial of service;DoS)(SQL Injection)
-
.
(Denial of service;DoS)2000/2/7YahooBuy.comCNNAmazonZDNETDatekE-Trade12900
-
.
(Denial of service;DoS)
-
.
(Distributed Denial of service;DDoS)
-
.
ClientC Host (;H) Broadcaster (;B) Target (T)
-
.
DDoSRouterDNSServer
-
.
2002/4/22[]SQLy (SQL Injection)
-
.
IDPasswordSQLStr=Select * From Where id = & 1 & && password=& 2 & 12If not recordset.eof then &&123456SQLStr=Select * From Where id = 123 && password=456
-
.
IDPassword12or=456SQLStr=Select * From Where id = or= && password=456
-
.
(Phreak)(Fishing)(IM) (2008)(Phishing)
-
.
(Phishing)
-
.
(Phishing)
-
.
(Phishing)1. (1) Fromservice@paypal.comonlineservice@hsbc.co.ukcustomerservice@citibank.com
-
.
(Phishing)
-
.
(Phishing)(2) E-mail (Spear Phishing)
-
.
(Phishing)2. DNS DNS 0 o 1 ln hvv wm rn (1)
-
.
(Phishing)2. (2)(i) JavaScript JavaScript
-
.
(Phishing)(i) JavaScript
-
.
(Phishing)(ii) IP (iii) URL
-
.
(Phishing)2. (3)(Pharming)DNS (DNS Cache Poisoning)(Domain Name System, DNS) DNS DNS DNS (Recursion)
-
.
(Phishing)2. (4)(Cross-Site Scripting, XSS)
XSS HTML Script HTML JAVA Script tw.yahoo.com
-
.
(Phishing)2. (5)
(6)
-
.
(Phishing)2. (7)
-
.
,
-
82 19928 http://ics.stpi.org.tw/Treatise/
Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90Wiener 90
top related