de tai tim hieu virus-trojan-worm
TRANSCRIPT
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
1/37
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
2/37
TI TM HIU BO MT
VIRUS-TROJAN-WORM
ATHENA BASIC NETWORKMANAGEMENT
GING VIN PH TRCH:.NHM HC VIN: V H Duy.
Khc Nguyn PhngDuy
Nguyn Thchn
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
3/37
Cu trc:
A, CC NG DNG NGUYHIMI-Chng trnh ac h)i
1.Virus v su
2.Trojan
3.Cng c c hi
II-Chng trnh tm 1n khng mong muYn khc
1.Adware
2.Pornware
3.Riskware
B, CC MI E DAKHCI-Th rc hay th nh5n khng mong muYn
II-Lsa +oIII-T-ng cng hO thYng m)ng
IV-Banner qu+ng co
C, PHNG TRNH V X LVIRUSI-S
dng ph/n mIm diOt virus (Antivirus)
II-S dng tng la
III-C5p nh5t cc b+n sa l_i ca hO iIu hnh
IV-V5n dng kinh nghiOm s dng my tnh
V-B+o vO d liOu my tnh
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
4/37
A, CC NG DNG NGUYHIMChng trnh mang m c (Malware) c to ra vi nhiu mc ch chnghnly trm , xa hoc chnh sa thng tin, kim sot hnh vi my tnh ca bnhaythm ch l chim quyn kim sot h thng mng mytnhChng trnh tim tng cc mi nguy him L cc chng trnh cha nguy cgyhi cho my tnh, n c th gip cc chng trnh khc xm nhp vo my tnhcabn v t gy hi cho my tnh ca
bnT in v virus cha m t chi tit cc chng trnh
nyI-CHNG TRNH `C H(I
Chng trnh c hi c to ra gy hi cho my tnh v ngi dng: ncp,kha, iu chnh hoc xa thng tin hoc lm gin on hot ng ca mytnh,ca h thngmng.Chng trnh c hi c chia thnh 3 nhm chnh: viruses v worms, Trojansvphn mm chi.Viruses v worms c th to ra cc bn sao ca chnh mnh v sao chp li
chng.Mt s trong chng hot ng m ngi dng khng bit, mt s khc yucuphi c tc ng t ngi dng. Chng trnh thc thi cc hnh ng c hican.
Chng trnh Trojan khng to ra cc bn sao ca n, khng nh worms vvirus.N len vo my tnh thng qua email hoc khi ngi dng truy cp vo mttrangweb b nhim. N kch hot khi c tc ng ca ngi dng v bt u cchnhng gyhi.Phn mm c hi c to ra c bit gy hi. Tuy nhin, khng gingnhnhng phn mm c hi khc, n khng thc thi cc hnh ng ghi hi khichy,m n c lu tr an ton trong my tnh. N gip to ra cc virus, worms, vccTrojan sp xp cuc tn cng qua mng t mt my ch xa, hack hoclmcc hnh ng gy hikhc.1-VIRUS VSUChuyn mc con : virus v su mytnh
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
5/37
Mc nguy him:caoVirus my tnh v su my tnh thc hin nhng hnh vi tri php trn hthngmy tnh b nhim, ngay chnh bn thn chng c kh nng nhn bn v lantruynlm tng nguy c ly
lan.Virus cinSau khi virus xm nhp h thng ca bn, n s bm vo h thng file ca bn,tn s kch hot cc hnh vi thit lp trc v ly lan sang cc file khc tronghthng.Virus truyn thng khi xm nhp h thng ca bn n s li dng vic chp dliut my tnh ny sang my tnh khc m di chuyn theo. Cc con ng c thlchp d liu, gi/nhn e-
mail...Virus c th thm nhp vo cc vng khc nhau ca my tnh, c th l cc filehthng ca h iu hnh hay cc ng dng. C s khc bit gia cc file, vng
boot,cc on m script, v cc macro
Virus c th nhim vo cc file bng nhiu hnh thc khc nhau. Virus bn thnnc c ch ghi (overiting) s thay th ni dung on d liu trong cc file
bnhim. Cc file b nhim virus ny s b ngng khng lm vic c. Virus ksnhthay i ton b file hoc thay i mt phn. Virus Companion khng safilenhng li thay th chng, v th khi file b nhim virus c m ra, n s nhn
bnv s chy. Cc kiu virus khc bao gm cc lin kt virus, virus m nhim
theom un i tng, virus lin quan n cc th vin ca cc trnh bin dch vvirusly qua cc chng trnh chuyn filetext.Mt s loi virus c th t to ra cc bin th khc nhau gy kh khn choqutrnh pht hin v tiu dit chng. Mt s bin th khc xut hin do sau khivirusb nhn dng ca cc phn mm dit virus, chnh tc gi hoc cc tin tc khc(bitc m ca chng) vit li, nng cp hoc ci tin chng tip tc phttn.Mt s virus khc tinh vi hn c kh nng v hiu ho hoc can thip vo hiuhnh lm t lit (mt s) phn mm dit virus. Sau hnh ng ny chng mi
tinhnh ly nhim v tip tc pht tn. Mt s khc ly nhim chnh vo phnmmdit virus (tuy kh khn hn) hoc ngn cn s cp nht ca cc phn mmditvirus.Cc cch thc ny khng qu kh nu nh chng nm r c c ch hotngca cc phn mm dit virus v c ly nhim hoc pht tc trc khi hthngkhi ng cc phn mm ny. Chng cng c th sa i file host ca hiu
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
6/37
hnh Windows ngi s dng khng th truy cp vo cc website v phnmmdit virus khng th lin lc vi server ca mnh cpnht.
Su mytnhSu my tnh sau khi xm nhp vo my tnh, su s hot ng v thc thiccchng trnh cha m c. Su mng l tn gi cho cc loi su ly lan trongmngt my tnh ny sang my khc. Bn thn n c kh nng ly lan theo bngnhiucon ng khcnhau.Bn thn su c kh nng nhn bn. Di y l danh mc mt s loi sumytnh.Danh mc su my tnh v c tnh
Kiu Tn M t
Email-Worm
Su e-mail Su e-mail ly nhim qua ng e-mail.
Mt thng ip cha su hoc lin kt cha su cgnvo trong email s i theo thng ip c gi i.Trangweb ny thng l web ca cc tay hacker hoc bhackerkhai thc. Khi ngi dng nhn file v m ra th su
btu c iu kin pht tn. Sau su tip tc sao chpbn thn n sang cc e-mail khc.
IM-Worm
SuIM
Nhng su ny nhn bn thng qua cc chng trnhtraoi thng ip ti cc my trm, nh cc chngtrnhchat, ICQ,MSN Messenger, AOL, Yahoo,Skype....Thng th cc su ny dng danh sch trongchnhchng trnh ca nn nhn gi cc th cha cclinkt n cc trang web khng mong mun. Khi
ngidng download hoc m file su s c kch hot.IRC-Worms
SuIRC Kiu su ny xm nhp vo my tnh thng qua
ccchng trnh chat trung gian nm cc my trm.Ccmy ny thng giao tip vi nhng ngi dngkhcthng qua Internet ngay thi im .
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
7/37
Loi su ny nhn bn da trn mi trng internet,khingi dng download hoc m file su s ckchhot.
Net-Worms
Su mng Nhng loi su ny nhn bn thng qua mng mytnh Nhng kiu su ny khng ging vi cc loi su
thngthng, chng c kh nng t ly lan m khng cnlidng thng qua ngi dng. Chng d tm cc mytnhtrong h thng mng ni b v khai thc ccchngtrnh trn cc my tnh c nhiu l hng. lmiuny chng pht tn mt gi c bit c cha mcachnh chng hay cc m cho mi my tnh. Nu
khmph ra cc my tnh khng phng b trong mng chngslan sang. Mt khi su vo my tnh ca bn. Nsc kch hot.
P2P-Worm
Su trao ifile Su trao i file ly lan trong mng ngang hng (peer-
to-peer), nh Kazaa, Grokster, EDonkey, FastTrackhocGnutella.Su loi ny t sao chp n vo trong cc th mcchafile v theo con ng trao i file m lan ra. Chng
cc ch ring d tm cc yu cu trong mng vchophp ti bn sao chp chng v. Bin tng ca sunytr nn phc tp khi lan ra trong mng.
Worm Cc loi sukhc
Cc loi su mngkhc::
Su ly qua mi trng mng khai thc cc chcnngca h iu hnh, khi chng xm nhp vo cccth mc chung ca mng, l th mc chia s dliuca nhm ngi dng hoc cng ty, su ny s ktnin cc my trm. Khng ging nh su mng,ngidng khi m file cha bn su ny v tnh s kchhotn.
Su dng cc phng php khc nhn bn, cnhiuloi khc nhau, v d su ly lan qua in thoi.
2-TROJANS
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
8/37
Chuyn mc con: Trojans (Chng trnhTrojan)Mc nguy him:caoKhng ging nh su my tnh hoc virus, chng trnh Trojan khng t sao
chp.Chng ln vo vo my tnh ca bn, qua ng e-mail hoc lc duyt web,khingi dng truy cp vo cc website cha cc chng trnh ny. ChngtrnhTrojan chy v thc thi cc on m c vit trc theo mc ch canhngngi vit rachng.Cc chng trnh Trojan kh a dng, chc nng chnh l ngn cc thao tctrnmy tnh hoc chnh sa, xa cc d liu, ngt cc quyn kim sot my tnhhocc h thng mng. Mt khc, chng trnh Trojan c th gi v nhn file, chyccfile ny, hin th thng ip, truy cp website hay thm ch ti v ci ccchngtrnh khc v khi ng li my
tnh...Nhng v khch khng mi ny c rt nhiu "hnh dng" v bao gm nhiuloichng trnhTrojanMt s kiu chng trnh Trojan v cim:Phn loi cc kiu chng trnh Trojan theo hnh vi /c im
Kiu Tn M t
Trojan-ArcBomb
ChngtrnhTrojan "di
bom"
L chng trnh tng kch thc lm ydunglng my tnh cng nh lm chm vic x ltrongmy tnh khin my tnh chy ch. Loi trojannyc bit nguy him i vi h thng file v mychmail. Khi b di bom c th c h thng s bnghnkhin cc hot ng tr nn ngng tr
Backdoor ChngtrnhTrojan kim
sott xa
Cc chng trnh ny c xem l c mc nguyhim cao nht trong s cc chng trnh
Trojan.Bn thn n c chc nng tng t nh ccchngtrnh thc hin cc hnh vi t xa(remote).Ccchng trnh ny mt khi ln vo my tnhvc kch hot s khin my tnh ca bn bkimsot t xa bi ai
Trojans Trojans Trojans bao gm cc loi chng trnh mang m
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
9/37
c:
Chng trnh Trojan truyn thng: Chngchc nhim v chnh l kha, thay i hoc xadliu, ngt cc tc v iu khin ca my tnh
hoch thng mng my tnh; chng khng c ccchnng cng thm nh cc loi Trojan m ttrongbngny.
Cc chng trnh Trojan "a mc ch" :ngoi cc chc nng c trng ca chngtrnhTrojan truyn thng cn c cc kiu chngtrnhTrojan c xy dng theo mc ch khc nhau
Trojan-Ransoms
ChngtrnhTrojan bt cc
Loi Trojan ny "bt cc" my tnh ngidng,chnh sa hoc kha, ngt cc tin trnh ca
mytnh khin ngi dng khng th truy xut dliu.T chng to ra cc yu cu tr gip bng cchtruy cp vo cc website no hoc cung cp ccthng tin cho chng khi phc li h thng.
Trojan-Clickers
Trojan-Clickers Cc chng trnh Trojan ny ln vo my tnhca ngi dng qua con ng web, chng gi cc yu
cu n trnh duyt web hay th cc a chlutrfileDng nhng chng trnh ny tn cng
vomng v to ra rt nhiu cc banner qung co
Trojan-Downloaders
Trojan yu cuti dliu,chngtrnh
Chng trnh ny cha cc quyn truy xutvoweb, truy cp vo ti cc chng trnhmangm c v ci t ln my tnh.
Trojan-Droppers
Trojan bo v m L chng trnh cha cc chng trnh Trojankhcc khc v sau kch hot ci t
chng
Nhng k xm nhp c th dng kiu Trojanny ci chng trnh mang m c m ngi
dngko bit, Trojan ny khng hin th bt k thngbono v li hay cnh bo khc ...m ch mthmthc hin hnh vi camnh
Bo v cc chng trnh m c khc khiccchng trnh chng virus
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
10/37
Trojan-Notifiers
Trojan-notifiers
Trojan ny thng bo rng my tnh ca bnc kt ni ti t chc hay web no , v yucubn chp nhn cung cp cc thng IP, port memailang m. Chng s phn tch cc email v giao
thctruyn tp tin khai thc vi cc mc chringTrojan-notifier thng kt hp nhiu loichngtrnh Trojan.
Trojan-Proxy
Trojans-proxies Cho php k xm nhp nc danh cc trang web,tchc t gi mail ng lot(spam) ...
Trojan-PSW Chngtrnhtrojan lycpthng tin mt
m
Trojan nh cp mt khu: chng nh cptikhon thng qua cc chng trnh gi i bnngk thng tin, chng lc li trong cc file h thng
vregistry ca my tnh thng tin v email, ccfiletruyn ti v gi n nhng k to rachngThng thng cc Trojan ny nh vo ccitng qun l cc ti khon ngn hng , ...vthng thanh ton qua mng( Trojan-Bankers),nhcp ti thng tin c nhn ( Trojans-IMs), nhcpd liu ca game th chi game online(Trojans-GameThieves)
Trojan-Spies ChngtrnhTrojan ginip
Loi chng trnh ny l cc chng trnh ginip,chng thu thp thng tin ca ngi dng, lu liccthng tin g bn phm, thng tin chp li cnhmnhnh hoc cc ng dng c kch hot. Sau khiccc thng tin ny, chng chuyn cc thng tin nyrangoi qua ng e-mail, truyn file qua giaothcFTP hoc cc trang web.
Trojan-DDoS Trojan tncngmn
g
Chng trnh ny khai thc cch tn cng tchidch v, gi lin tc cc yu cu t my tnh
tiserver ngoi mng. My ch ngoi ny s trnnqu ti vi vic x l lin tc cc tin trnh caccyu cu gi n. Kiu Trojan ny c th ccitrn nhiu my tnh tn cng vo cc my ch.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
11/37
S m t nhDdos:
S phn loi Ddos:
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
12/37
Trojan-IMs
Trojan tncngqua ng
truynkt
Nhng chng trnh ny ly cp mt khu camytrm thng qua cc chng trnh chuyn k t
timy trm nh cc chn trnh Chat, chng hnICQ,MSN, AOL, Yahoo hay Skypy. Chngchuynthng tin ti k xm nhp theo mt trong ccconng e-mail, web, FTP...nh mt s Trojan khc.
Rootkits Rootkits Nhng chng trnh ny che giu cho ccchng trnh mang m c v hnh vi ca cc chng
trnhny. Chng n cc file v cc tin trnh trong bnhca my tnh b ly nhim, chng cng n cckhachy bi chng trnh mang m c ny hoc
giudim vic chuyn file gia cc ng dng ccit trn my tnh ca ngi dng hay cc mytnhkhc trong mng.
Trojan-SMS
Trojan tncngquaSMS
Nhng chng trnh ny ly lan trn h thnginthoi cm tay thng qua vic chuyn tin nhngiangi dng.
Trojan-GameThieves
Trojan nh cpthng tin
tikhon ca ccgame th
Cc chng trnh ny ly cp thng tin tikhonca cc tay game th, chng chuyn thng tin
nyti k nh cp qua cc con ng e-mail, FTP,hayqua web...
Trojan-Bankers
Trojan nh cpthng tintikhon ngnhng
L cc chng trnh ly cp thng tin tikhonngn hng hoc thng tin tin bc qua cc giaodchtrn mng gi ti k nh cp thng qua ccconng e-mail, FTP, web..
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
13/37
Trojan-Mailfinders
Trojan thuthpa ch e-mail
Cc chng trnh ny thu thp a ch e-mailtrnmy tnh v chuyn cc e-mail ny ti k nhcpqua e-mail, qua FTP, web. Nhng k nh cpnys dng cc e-mail thu thp c xy dng
cc spam e-mail.3-CNG C CHIChuyn mc con: Cng c to ramalwareMc nguy him: Trung
bnhC nhiu cng c to ra cc chng trnh ph hi nguy him. Tuy nhinkhngging nh cc chng trnh m c khc, chng khng thc thi cc hnhngging m c, chng c th lu tr an ton v chy trn my tnh ca ngi
dng.Chng trnh ny gip to virus, su v chng trnh Trojan khc, sp xpmtcuc tn cng mng trn my ch hoc chim my tnh ca bn hoc cchnhngkhc.C nhiu kiu mailware vi cc c im khc nhau. Di y l mt sloithnggpPhn loi mailware theo kh nng ca chng
Kiu Tn M t
Constructor Malwaretora m c
C kh nng to ra cc loi virus mi, su hayccchng trnh Trojan. Mt s malware ny c giaodinging window, cho php hacker c th la chnkiuchng trnh m c m to ra
DoS Tn cng
mng
Tn cng t chi dch v l chng trnh gi nhiu
yucu t my trm ti my ch. My ch s tr nn qutiv khng th p ng ni cc yu cu ny v t lit
Exploit
Malwarekhaithc lhngca chngtrnh
Malware ny l mt on ca d liu hoc mt phnmca chng trnh li dng cc ng dng c l hng
bomt thc thi cc on m c trn my tnh.Chnghn chng c th ghi hoc c file hoc truy cp vo cc
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
14/37
trang web tim n nhng nguy c gyhi.Cc malware loi ny thng li dng cc l hngcang dng hoc dch v mng khc nhau. Malwarenyly lan qua mng sang nhiu my tnh tn cng vo
ccdch v mng khng bo mt, chng hn malwarechacc file dng .doc khi ngi dng m file cmalwaredng ny th s kch hot cho malware ny chy.Trnghp malware cha trong mt e-mail th chng litncng vo s h ca chng trnh mail cc mytrm.Chng cng c kch hot khi nn nhn m e-mail.Cc malware loi ny thng pht tn loi sumng(Net-Worm). Exploit-Nukers l cc gi lm cho mytnhngng hot ng.
FileCryptors Malwaremha file
Malware m ha file l mt dng chng trnh mckhc, chng n mnh trc cc chng trnh chng virus.
Flooders Malwarelmnghnmng
Nhng chng trnh ny gi hng lot cc thng iptikhin mng tr nn b trn ngp cc thng ip vtrnn nghn, chng hn nh cc thng ipchat...Tuy nhin, loi malware ny khng tnh cc chng
trnhgi mail hng lot v gi tin nhn hng loi IM vSMS,chng c phn loi nh cc kiu ring trong
bngpha di (Email-Flooder v SMS-Flooder).
HackTools Cng c hack Cng c ny ci ln my tnh m mun hack, hoc tn cng vo my tnh khc. Cng c tn cng ny c th
baogm cc chc nng sau: thm ngi dng vi quynhnvo h thng, xa cc lu tr h thng giu ccduvt ca ngi dng mi trn h thng. Chng cng
baogm chc nng nghe ln chn ly password.Chngtrnh nghe ln gip chng c th xem v thng klulng mng.
not-virus:Hoax
Hoax Nhng chng trnh ny da ngi dng vi cc tinnhn v virus: d thy virus v lm sch, hoc hin th
tinnhn v khng nh dng c a.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
15/37
Spoofers Malwarelao
Nhng chng trnh ny gi tin lm gi cc thng tinvngi gi. Mo nhn thng tin ngi gi.
VirTools Cng c to
hocchnhcc chngtrnh mc
Chng c th sa cc chng trnh m c khc
nchng khi cc chng trnh virus.
Email-Flooders
Chngtrnhgi mailtrnlan
Gi ng lot s lng ln cc e-mail khin trn lancce-mail. V c s lng qu ln lu lng e-mail nymngi dng khng th xem cc e-mai hp l.
IM-Flooders
Chngtrnhgi tinnhntrnlan.
Nhng chng trnh ny gi s lng ln cc tinnhncng lc ti cc chng trnh nhn tin nhn nhICQ,MSN, AOL, Yahoo hay Skype. V lung tin nhnqunhiu ny m ngi dng khng th nhn c cctinnhn khc.
SMS-Flooders
Chngtrnhgi tinnhnti inthoi
Nhng chng trnh ny gi s lng ln cc tinnhnti in thoi di ng.
II-CHNG TRNH TIHM 0N KHNG MONG MUXN
Chng trnh nguy him tim n, khng ging nh chng trnh gy hi, nkhngduy nht gy thit hi. Nhng n c th s dng phm vi bo mt ca mytnh.Chng trnh khng mong mun tim n gm adware, pornware v chngtrnhkhng mong mun timn.Adware hin th thng tin qung co n ngidng.Pornware hin th thng tin i try n ngidng.
Nhng chng trnh tim n khc (Riskware) c s dng rng ri. Tuynhin,nu mt k no t nhp c vo cc chng trnh ny hoc t chngvomy tnh ca ngi dng, h c th xm phm vo bo mt ca mytnh.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
16/37
Mt chng trnh khng mong mun c ci t theo mt trong cc cchsau: c ci t bi ngi dng, c nhn hoc cng vi mt chng trnh
khc.V d, phn mm pht trin bao gm chng trnh qung co min phhocchng trnh chia
s. c ci t bi tin tc v nhng k xm nhp, v d, c th bao gmccchng trnh trong gi phn mm c hi vi cc chng trnh v s dng "ri
ro"ca trnh duyt web hoc Trojan downloaders v Droppers, khi ngi dngduytmt trang web b nhimvirus.
1-ADWAREChuyn mc con:AdwareMc nguy him: Trung
bnhCc chng rnh ny hin th cc thng tin qun co trn my tnh ca ngidng.Chng hin th cc banner qun co hoc giao din cc chng trnh khc vyucu kt ni ti cc trang web qung co. Mt s Adware thu thp v gi tinhngngi pht trin chng, cc thng tin tip th chng hn khi ai gh thm
mttrang web, n s yu cu ngi li thng tin. Khn ging trogian ginip,thng tin ny s l quyn kim sot ca ngi dng khi truy cp li vo cctrangny.
2-PORNWAREChuyn mc con :
PornwareMc nguy him: trungbnhNgi dng s dng chnh chng khi tm kim cc thng tin i try hocccthng tin khiudmK tn cng c th ci nhng chng trnh ngy trn my tnh ca nn nhnhin th cc thng tin qung co cc trang web khiu dm bt chp s ng ca
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
17/37
h. ci t chng khai thc nhng im yu ca h iu hanh hoc trnhduytweb v thng tin v iu ny chng nhn t cc Trojan ti chng trnh vTrojanbo v cc loi mcC ba kiu chng trnh khiu dm c
trngPhn loi cc kiu chng trnh
Type Name Description
Porn-Dialers Quay s tng
Nhng chng trnh ny t ng quay s n ccsin thoi ca dch v khiu dm, chng lu cc snynh mt dch v ca chng; khng ging ccTrojanquay s, chng cnh bo cho ngi dng v hnh vicachng
Porn-Downloaders
Chngtrnhti filetinternet
Chng trnh ny ti cc ni dung khiu dm vmytnh ngi dng, khng ging Trojan, chng cthngbo cho ngi dng v hnh vi ca chng
Porn-Tools Cc cng c Chng thng tm kim cc thng tin v hin th ccnidung khiu dm; nhng kiu cng c ny bao gmccthanh cng c hoc cc chng trnh xem phim
3-
RISKWAREChuyn mc con: cc mi nguy himkhcMc nguy him: trung
bnhNhng loi chng trnh kiu ny c s dung kh ph bin. Chng bao gmccmy trm IRC, chng trnh quay s t ng, cc chong trnh qun ldowload,cc hot ng qun l h thng my tnh, cc tin ch qun l password, vFPT,HTTP hoc cc my chTelnetTuy nhin, nu k l mt mun khai thc cc chng trnh ny hoc ci chng
trnmy tnh ngi dng, nhng chc nng ny c dng xuyn thng tngbomt ca mytnh.Cc chng trnh riskware c phn loi theo chc nng. C mt s loi cmt theo bng bndiPhn chia riskware theo chcnng
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
18/37
Type Name Description
Client-IRC
Chngtrnhchat
mykhch
Ngi dng ci t cc chng trnh ny giaotipvi cc knh Internet trung gian. K l mt
dngchng chy chng trnh mang m c.Dialers Chng
trnhquay s t ngNhng chng trnh ny to cc kt ni n quay srangoi thng qua modem.
Downloaders Tifile
Nhng chng trnh ny ti file mt cch b mttcc website.
Monitors Chngtrnhkimsot
Nhng chng trnh ny gim st cc hot ngcamy tnh m chng c ci t ln, bao gmgimst tnh thc thi ca ng dng, ca cc thao tc traoi d liu vi cc ng dng cc my tnh khc.
PSWTools Cc cng cphc himtm
Cng c ny dng xem hoc phc hi mt mbqun. K xm nhp thng ci chng vi mcch khi ci ln my tnh ca ngi dng.
RemoteAdmin
Chngtrnhqun l txa
Nhng chng trnh ny c s dng bingiqun tr h thng; cng c ny cho php truy cpticc my tnh xa gim st v qun l. Kxmnhp dng cc cng c ny cng vi mc ch khici ln my tnh ngi dng gim st v qunlmy ca ngidng.Cc mi nguy him t cc chng trnh qun tr txakhng ging cc chng trnh Trojan (hoc
backdor).Trojan c chc nng cho php chng t ly lantrongh thng v t ci chng; nhng chng trnhchnhthng khng c chc nng ny.
Server-FTP FTP servers Cung cp cc chyc nng ca FTP server. K
xmnhp ci chng trn my ca ngi dng cthtruy cp qua giao thc FTP.
Server-Proxy Proxy servers Cung cp cc chc nng ca proxy server. Kxmnhp ci chng trn my tnh ngi dng gispamt my ca nn nhn.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
19/37
Server-Telnet Telnet servers Cung cp chc nng telnet. K xm nhp cichngln my tnh ca ngi dng ginh ly quyntruycp t xa qua giao thc Telnet.
Server-Web Web servers Cung cp chc nng ca web server. K xmnhpci chng ln my ngi dng ginh lyquyntruy cp qua giao thc HTTP.
RiskTool Cng c qun l Cng c ny cung cp thm cc chc nng qunlmy tnh my tnh ngi dng. Chng hn, cho php hacker
ncc file, n cc ng dng ang chy, tt cc tintrnhang chy.
NetTool Networktools
Cho php my tnh ny qun l my tnh khctrnmng, v d khi ng li my, tm cc portangm, chy cc chng trnh ci t trn ccmytnh khc.
Client-P2P
chngtrnhpeer-to-peer
Chng trnh c dng trong mng ngang hng.Kxm nhp c th khai thc pht tn ccchngtrnh mang m c.
Client-SMTP
SMTPtrnhkhch
Gi e-mail m thm. K xm nhp ci chng lnmytnh nn nhn gi spam mail ti cc mytnhkhc.
WebToolbar
Web toolbars Thm cc thanh cng c vo cc thanh trnhduytkhc.
FraudTool Chngtrnhgianln
Ngy trang nh cc chng trnh chun ma khc.Vd nh cc chng trnh chng virus gi hin thcctin nhn v vic tm thy cc chng trnh ccham c, nhng chng khng thy hoc khnghngn chn nhng th m chng thng bo.
B, NHNG MI E DAKHC
I-TH RC HAY TH NH4N KHNG MONG MUXN
Spam l cc mail n khng mong mun v thng i km vi cc qungco.Spam c ti thm trn cc knh v trn cc my ch email ca nh cungcp.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
20/37
Ngi nhn phi tr tin cho vic s dng lu lng ng truyn cho ccspamemail ny lm cho vic nhn cc mail khng phi l spam b chm li. do ,trnrt nhiu quc gia, s dng v gi spam email l khng hp
php.ng dng ca cc Antivirus thng qut cc mail n trong Microsoft
OfficeOutlook, Microsoft Outlook Express, The Bat! v Thunderbird v nu n phihinra bt c spam mail no, cc email ny s b x l bng vic s dng hnhngno do ngi dng quyt nh, v d: di chuyn hoc ch nh li th mccaemail hoc xa chng i. ng dng cng c th qut lu lng mail truyn quaccgiao thc
POP3 hay IMAP da trn cc tag (th) tng ng v cc ch camailng dng ca Antivirus tt phi pht hin cc spam vi nguy him cao. Nsp dng mt vi k thut lc spam ti cng mt thi im: pht hin spam da
trna ch ca ngi gi hoc mt t, mt cm t no trong ch hoc trongnidung ca email, pht hin spam ha v s dng cc thut ton t thu thppht hin ra cc spam da trn phn ni dung caemailC s d liu chng spam (Anti-Spam) thng bao gm cc danh sch "en"v"trng" ca a ch ngi gi, danh sch cc t v cm t lin quan n mtviloi spam nh qung co , thuc v sc khe, c
bc ...Lng ngp v spam:
II-LrA *O
La o l mt loi hnh hot ng gian ln trn internet nhm mc ch nhcpthng tin c nhn t ngi s dng my tnh, chng hn nh s th tn dng vmPIN, n cp tin cah.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
21/37
La o thngng lin quan n ngn hng trc tuyn. K xm nhp to 1 bnsaochnh xc ca trang web ngn hng v sau gi tin nhn n cc khch hngcangn hng. Khch hng s c thng bo rng do thay i hay h hng hthngtrang web ca ngn hng, ngi s dng ti khon b mt thng tin v vy
thnhvin phi xc nhn hoc thay i cc thng tin trn trang web ca ngnhng.Ngi dng truy cp cc trang web ca k la o v nhp vo cc d liucanhn cah.Cng ngh Chng La o ca mt Antivirus c th bao gm mt danh schcctrang web c bit n nh l trang web lao.Antivirus phn tch nhng email c gi n phn mm kim tra th int(Microsoft Office Outlook v Microsoft Outlook Express), v nu n tm thy1lin kt n website la o c lit k sn trong danh sch ca n vcxem l th rc. Nu ngi dng m thng bo v c gng lin kt nnhngwebsite trn, th v kt ni s b chnli.
III-T,N CNG HN THXNG M(NG
1 cuc tn cng h thng mng l 1 cuc xm nhp t xa vo h thng mngmytnh v c gng iu khin n. iu ny c th gy ra s t lit hoc truy cpnthng tin h thngmng.Hnh ng tn cng mng ca ngi xm nhp (v d: qut cc cng ca mytnh,c gng n cp mt m), hoc nhng phn mm nguy him ang hot ng
angchy cc cu lnh ca ngi tn cng, v d: chuyn thng tin ca ngi dngmytnh n ngi lp trnh ra on m him c nhim vo my tnh cangidng. Nhng chng trnh c xem l Trojan, nhng cuc tn cng DoS,nhngon m him c v bao gm cc loi my tnh ly lan quamng.S tn cng h thng mng ni b v cc b s dng cc im yu ca hiuhnh v cc phn mm. H c th chuyn nhng gi IP ring l trong khonthigian kt nimng.Mt Antivirus tt s gip ta ngn chn cc cuc tn cng m khng lm nhhngn kt ni ca h thng mng, c th nh mt cng ngh s dng cc c sdliu c bit. Nhng c s d liu ny cha ng nhng bn ghi xc nhnhnggi d liu IP c gi bi cc chng trnh tn cng. Trnh Antivirus phntnhcc kt ni mng v kha bt k gi d liu IP nguyhim.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
22/37
Gia giao din en ngm l hnh thn cht cm li hi km thng ip much bai admin:
IV-BANNER QU*NG CO
Nhng banner hoc qung co l nhng ng dn lin kt ti website ca
ngiqung co, thng thng c th hin di dng hnh nh. S trnh bynhngbanner ti 1 website khng lm nh hng n vn bo mt ca mytnh,nhng n c xem nh lm gim hiu xut lm vic bnh thng ca mytnh.Ngi dng b sao lng vi nhng thng tin khng thch hp, v nhng bannernylm gia tng thm bng thnginternet.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
23/37
Nhiu t chc cm t nhng banner qung co nh l 1 chnh sch an ton dliuca h.
Mt Antivirus s c chc nng kha nhng banner, da vo ng dn mbanners lin kt n website. N cp nht cc banner qung co v danh sch
databasequn l vic kha cc banner b kha, danh sch ny cha ng cc 1 danhschcc URL ca th gii. Phn mm x l cc lin kt ca website c ti v,sosnh chng vi danh sch trong c s d liu v nu tm thy n s xa milinkt ti a ch web trn v tip tc ti nhng phn khc ca trangweb.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
24/37
Nhng qung co khchu:
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
25/37
C, PHNG TRNH V X L
VIRUSI-S
dng ph/n mIm diOt virus
Bo v bng cch trang b thm mt phn mm dit virus c kh nng nhnbitnhiu loi virus my tnh v lin tc cp nht d liu phn mm lunnhnbit c cc virus mi.Trn th trng hin c rt nhiu phn mm dit virus.Mts hng ni ting vit cc phn mm virus c nhiu ngi s dng c th knl: McAfee, Symantec,Kaspersky
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
26/37
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
27/37
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
28/37
II-S dng tng la
Tng la cng v mm ca cc hng th ba:
Tng la (Firewall) khng phi mt ci g qu xa vi hoc ch dnh choccnh cung cp dch v internet (ISP) m mi my tnh c nhn cng cn phisdng tng la bo v trc virus v cc phn mm c hi. Khi s dngtngla, cc thng tin vo v ra i vi my tnh c kim sot mt cch v thc
hocc ch . Nu mt phn mm c hi c ci vo my tnh c hnh ngktni ra Internet th tng la c th cnh bo gip ngi s dng loi b hocvhiu ho chng. Tng la gip ngn chn cc kt ni n khng mong mungim nguy c b kim sot my tnh ngoi mun hoc ci t vo ccchngtrnh c hi hay virus my tnh.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
29/37
S dng tng la bng phn cng nu ngi s dng kt ni vi mngInternetthng qua mt modem c chc nng ny. Thng thng ch mc nhcanh sn xut th chc nng "tng la" b tt, ngi s dng c th truy cpvomodem cho php hiu lc (bt). S dng tng la bng phn cng khng
phituyt i an ton bi chng thng ch ngn chn kt ni n tri php, do kthp s dng tng la bng cc phnmm.S dng tng la bng phn mm: Ngay cc h iu hnh h Windows ngynay c tch hp sn tnh nng tng la bng phn mm, tuy nhin thngthngcc phn mm ca hng th ba c th lm vic tt hn v tch hp nhiu cngchn so vi tng la phn mm sn c ca Windows. V d b phnmmZoneAlarm Security Suite ca hng ZoneLab l mt b cng c bo v huhiutrc virus, cc phn mm c hi, chng spam, v tngla.
III-C5p nh5t cc b+n sa l_i ca hO iIu hnh
H iu hnh Windows (chim a s) lun lun b pht hin cc li bo mtchnhbi s thng dng ca n, tin tc c th li dng cc li bo mt chimquyniu khin hoc pht tn virus v cc phn mm c hi. Ngi s dng luncncp nht cc bn v li ca Windows thng qua trang web Microsoft Update(chovic nng cp tt c cc phn mm ca hng Microsoft) hoc WindowsUpdate(ch cp nht ring cho Windows). Cch tt nht hy t ch nng cp(sacha) t ng (Automatic Updates) ca Windows. Tnh nng ny ch h tr
ivi cc bn Windows m Microsoft nhn thy rng chng hpphp.Khuyn khch s dng cc phn mm m m bi nh tnh cng ng m nguycv bo mt rt thp. C th k cc h iu hnh m m mnh v quen thucnhUbuntu Linux, Chrome OS c kh nng bo mt rt cao, min ph v tha hcpnht bn vli.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
30/37
Giao din ca Ubuntu, mt bn phn phi ni ting caLinux:
V-V
5n dng kinh nghiOm s dng my tnhI
c trn nhng my tnh vnc
ot ng khc thng ca my tnh: a phn ngi sdng
Cho d s dng tt c cc phn mm v phngthkh nng b ly nhim virus v cc phn mm c hi bi mu virus michac cp nht kp thi i vi phn mm dit virus. Ngi s dng my tnhcns dng trit cc chc nng, ng dng sn c trong h iu hnh v cc
kinhnghim khc bo v cho h iu hnh v d liu ca mnh. Mt s kinhnghimtham kho nhsau: Pht hin shmy tnh khng c thi quen ci t, g b phn mm hoc thng xuyn lmhiu hnh thay i - c ngha l mt s s dng n nh - s nhn bit c sthayi khc thng ca my tnh. V d n gin: Nhn thy s hot ng chmchp
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
31/37
ca my tnh, nhn thy cc kt ni ra ngoi khc thng thng qua tng lacah iu hnh hoc ca hng th ba (thng qua cc thng bo hi s cho phptruycp ra ngoi hoc s hot ng khc ca tng la). Mi s hot ngkhcthng ny nu khng phi do phn cng gy ra th cn nghi ng s xut hin
cavirus. Ngay khi c nghi ng, cn kim tra bng cch cp nht d liu mi nhtchophn mm dit virus hoc th s dng mt phn mm dit virus khc quttonhthng. Kim sot cc ng dng ang hot ng: Kim sot s hot ng cacc
t s tnh nng ca h iu hnh c th to iu kin cho sly
n virus trctuyn
phn mm trong h thng thng qua Task Manager hoc cc phn mm cahngth ba (chng hn: ProcessViewer) bit mt phin lm vic bnh thnghthng thng np cc ng dng no, chng chim lng b nh bao nhiu,chimCPU bao nhiu, tn file hot ng l g...ngay khi c iu bt thng ca hthng(d cha c biu hin ca s nhim virus) cng c th c s nghi ng v c
hnhng phng nga hp l. Tuy nhin cch ny i hi mt s am hiu nht nhcangi sdng. Loi bmnhim virus: Theo mc nh Windows thng cho php cc tnh nng autorungipngi s dng thun tin cho vic t ng ci t phn mm khi a a CDhoca USB vo h thng. Chnh cc tnh nng ny c mt s loi virus li dngly nhim ngay khi va cm USB hoc a a CD phn mm vo h thng(mtvi loi virus lan truyn rt nhanh trong thi gian gn y thng qua cc USBbng cch to cc file autorun.ini trn USB t chy cc virus ngay khi cm
USB vo my tnh). Cn loi b tnh nng ny bng cc phn mm ca hng thbanh TWEAKUI hoc sa i trongRegistry. S dng thm cc trang web cho php phthiV-
B+o vO d liOu my tnh
Nu nh khng chc chn 100% rng c th khng b ly nhim virus my tnhv
u.
i ca d liu cabn.
cc phn mm him c khc th bn nn t bo v s ton vn ca d liucamnh trc khi d liu b h hng do virus (hoc ngay c cc nguy c timtngkhc nh s h hng ca cc thit b lu tr d liu ca my tnh). Trong phm
viv bi vit v virus my tnh, bn c th tham kho cc tng chnh nhsau:Sao lu d liu theo chu k l bin php ng n nht hin nay bo v dliBn c th thng xuyn sao lu d liu theo chu k n mt ni an ton nhccthit b nh m rng ( USB, cng di ng, ghi ra a quang...), hnh thc nycth thc hin theo chu k hng tun hoc khc hn tu theo mc cp nht,thay
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
32/37
To cc d liu phc hi cho ton h thng khng dng li cc tin ch sn ccah iu hnh (v d System Restore ca Windows Me, XP...) m c th cnn
i hn ca
HM: TMHI
.Triu chng nhnbit:
cc phn mm ca hng th ba, v d bn c th to cc bn sao lu h thngbngcc phn mm ghost, cc phn mm to nh a hoc phn vng
khc.Thc cht cc hnh ng trn khng chc chn l cc d liu c sao lukhngb ly nhim virus, nhng nu c virus th cc phin bn cp nhtmphn mm dit virus trong tng lai c th loi b cchng.
Cc thit b lu tr: cng-USB-a CD
T U CONFIGKER V DNS-CHANGER:
I-CONFIGKER:1
Quy nh kha ti khon b t ng tito.
Ngi dng s thy PC bung ra rt nhiu qung co dng pop-up khc nhau.
Trnh iu th l m ngi dng cha tng thy cng nhcha
duyt web xut hin rtnhtng ti v ci t trcy.
Mt s thit lp trn h thng b thay i m ngi dng khng h hay bit. Vdtrang ch (homepage) ca trnh duyt b thay i sang trang khc v khng thili nh c cna.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
33/37
Png rt chm khi c yu cu t my khch. Nghn mng ni
b.Th n mt s dch v ca Microsoft Windows nh t ng cp nht(AutomaticUpdates), Background
C t dng chy chm hn bnh thng rt nhiu. Trnh iu khin tn minphn
Intelligent Transfer Service (BITS), Windows Defender
vError Reporting Services b tt. Conficker ngn cn khng cho ngi dng truycpn mt s th mc nht nh cng nh khng cho php truy cp n ccwebsiteca cc hng bo mt nh www.symantec.com, www.mcafee.com... Trn hthngt dng xut hin mt s tc v c lp lch chy thng xuyn (scheduletask).2.Nguynl:Conficker l mt su tinh vi, n khai thc l hng an ninh MS08-067caMicrosoft. L hng ny xut hin trn c h iu hnh Windows 32 bit v 64
bit,mi phin bn Windows Windows 2000, Windows 95, Windows 98,WindowsMe, Windows NT, Windows Server 2003, Windows Vista, v Windows XPnu m vonh ngi dng cha ci t bn sa li ca Microsoft. Conficker lynhimy tnh m khng cn c s tc ng ca ngi s dng. Phng thc lynhimch yu ca con su my tnh ny l thng qua th nh USB hoc mt PC blynhim trong mng s t ng ly nhim sang cc PC khc ngang hng.Confickerc th t nhp c vo PC do (1) ngi dng ti v nhng phn mmtnhng website khng an ton trn mng Internet, (2) ngi dng c s dngccng dng chia s tp tin ngang hng v (3) ngi dng truy cp vo mtwebsitedng pht tn su Conficker. Mc ch cui cng ca con su Conficker l giptin tc ng ng sau n nm c quyn iu khin PC ca ngi dng.Bnchng c th t xa ra lnh cho PC ca ngi dng pht tn th rc, tncngwebsite, n cp d liu hoc dng la o trc tuynT bo v chnh n: Vic u tin Configker thc hin l v hiu ha cc dchvan ninh ca my, dch v update ca Windows cng nh cc cng c v phnmmc ci t chng lin.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
34/37
T pht tn chnh n: Conficker c lp trnh t ng cp nht t cc tnminm n ngu nhin to ra. T ngy 1 thng 4 s lng tn min m n tm kimt update c th ln n 50.000 tn min mi ngy. K vit virus ch cn sdngmt trong nhng tn min ny pht tn cc phin bn mi caConficker.
3.Cch i ph:
Microsoft v Conficker Cabal - mt y ban c bit do Microsoft lnh ochng li Conficker, c th kim sot 13% s tn min ni trn, tuy vy consny cha th bo m bt c iug.Hin ti theo c on, s lng my tnh nhim su ny tng ln khong10triu my trn ton
cu.Hin ti cc hnh ng chng li Conficker phn ln l hot ng kim sotthithi n c th gy ra. V vy, nu mi ngi bo m my tnh ca mnhkhngcha virus ny v cp nht thng xuyn cc bn v mi t Microsoft th ylcch hu hiu v chc chn nht ngn chn t bng pht mi caConficker.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
35/37
i vi su Conficker c th ngi dng nn nhanh chng ti v v ci t bncpnht
MS08-067 sm chng no hay chng . Tt nht ngi dng nn bttnh
nng t ng cp nht Automatic Updates cho Windows t ng ti v v
cit mi bn cp nht cn thit. Nu nh may mn cha b ly nhim suConfickerth ngi dng cng nn trin khai cc bin php bo v mnh trc khngchsu Conficker m c cc loi m ckhc.Bn cnh ngi dng cng nn s dng cc chng trnh chng virusdanhting nh Kaspersky, Symantec Norton bo v h thng. V hiu hahonton tnh nng AutoRun caWindows.
Ngoi ra ngi dng cng nn p dng cc bin php s dng Internet an tonnhkhng nn m cc tp tin nh km t cc email khng r ngun gc, nn tpthiquen qut cc a USB khi kt ni vo h thng, nn s dng mt khu bovWindows
II-DNSchanger
1.Lm my tnh c triu chng: khng th truy cp website ca cc cng tycungcp phn mm dit virus, cc bn v h iu hnh trong khi vn vo c boint hoc cc trang web tmkim.2.Nguynl:Sau khi ly nhim vo my tnh, virus lp tc can thip vo h thng, cn trcctruy cp n website hay my ch update ca cc phn mm dit virus. Bngcchny, chng khin ngi s dng khng th ti v phn mm dit virus hay
updatecc mu nhn din virus mi cho my tnh camnhNgoi vic cn tr ngi s dng khng th cp nht c phn mm ditvirus,cc virus s thc hin nh cp thng tin c nhn, ti khon ngn hng, tikhongame online hay ci backdoor kim sot mytnh.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
36/37
Kt qu phn tch cho thy, cc k thut virus s dng cn tr truy cpgm:sa file host ca h thng (file thc hin nh x t tn min, tn my ra a chIP);Hook (kim sot), cc hm API phc v truy vn tn min gi mo kt qutrv; thay i a ch DNS Server tr n DNS Server c do hacker kim
sot.Cc k thut ny u nhm mc ch chuyn hng truy cp ca my tnh khiktni n my ch update hay website phn mm dit virus. Do , my tnh s
bchuyn hng kt ni n mt a ch gi mo hoc mt a ch khng tnti.
3.Cchdit:Cch n gin nht remove DNSChanger
TrojanNu DNS Changer trojan tim nhim vo my tnh ca bn th rt c th bncth cng b tim nhim nhiu virus v trojan khc. Mt trong cc chngtrnha thch cho vic tm kim cc vn ny l MalwareBytes Anti-Malware. ylmt chng trnh chng spyware mi nhng l mt trong nhng chng trnhttm c bit. Trong thc t, tc gi vit ra chng trnh ny to ra cc cngcc kh nng remove cho About:Blank hijacker mt vi nm cchy.i ph vi
DNSchanger:-Tt v g b nhng dch v khng cn thit. Theo mc nh nh h iuhnh,thit t li nhng dch v m khng phi FPT server, telnet, v web
server.
- Nu c nhng li e da cng vi vic khai thc nhng dch v mng v hiuhahoc truy nhp ti nhng dch v ng dng mng th bn c mt
conDNSchanger trong myri.
- Lun lun cp nht nhng thng tin mi nht, c bit trn nhng my chcnhng dch v co th tip cn xuyn qua Firewall, th d HTTP, FPT, mail vdchv DNS. (th d: Tt c cc my tnh trn Windows cn phi c cc dch vhinthi c ci t). ng thi, hy p dng bt k nhng s cp nht an tonnom ng tin cy hoc trn nhng Website ca nh cungcp.
-
7/31/2019 De Tai Tim Hieu Virus-trojan-worm
37/37
- Bt buc phi c mt khu, nhng mt khu phc tp lm cho n khi canthipvo nhng files trn my
tnh.- Nhng email ca my ch nhim virut, ngn chn b email m chang
nhng files c s dng ui: (.vbs, .bat, .exe, .pif and.scr).C lp nhng my tnh b ly lan nhanh. Thc hin mt s phn tch khi
phcnhng my tnh s dng phng tin truy nhp thng tin c tincy.- Bn hy vo mt website downloaded nhng phn mm dit virut
trnInternet
Cc bcdit:1. V hiu ha H thng khi phc (WindowsMe/XP)2. Ci t chng trnh qut virut v cp nht phin bn minhtNorton AntiVirus 2006, Symantec AntiVirus Corporate edition 10.0 HocNortonAntiVirus 2005, Symantec AntiVirus Corporate edition9.03. Chy v qut ton b hthng.
a. Khi ng chng trnh Symatec ca bn v cho qut tt c ccfiles.
b. Chy mt h thng y vqutc. Nu c nhng files c pht hin ra th hy c theo nhng ch dn antivirustrn.4. Xa bt k nhng gi tr no thm vo ni ngk.Cc mc d liu Registry b
nhimHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.14885.255.112.223 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{806586a1 a695 45bb 9075