2014.10.01
The Attack and Defense of Computers 141001
Dr. Fu-Hau Hsu (許富皓)

Trojan Horse
Internet Worms, Buffer Overflow Attacks, and Heap Overflow Attacks
 
Start from ch.1-62 
 
Trojan Horse Example
Example2. Trojan Horse Exploits Image Flaw => 透過圖片播放程式的Bug入侵
Example 3: Comprise a Web Server and Add Hidden Download Instructions in Web Pages (網站掛馬) => 打Browser => 熱門網頁 => attack traffic…(參照MS IE Crash on JavaScript)
           *Create Frame with size 0 -------看不見
.通常被利用:弱點、SQL Injection等 手法被掛馬後會在該網頁 第一行/最後一行 出現相關掛馬語法。
.Iframe、Jscript…(參照投影片&參考網址)
 
.OutLook和IE的程式碼有許多相同的部分,因此漏洞重疊的部分亦不少。(允許郵件夾帶HTML/圖片)
.Downloaded File
-Precautions against Trojan Horses(1-71)
           *不去感染則不稱為病毒
*email偽造寄件者->可用telnet 模擬client…
           *經過port->加Jscript(阻斷式攻擊)
 
#Spyware秘密安裝在電腦裡的軟體,可在未經允許的狀況下監控使用者與電腦的互動。
-Function:見投影片1-82(*KeyLogging在Spyware的比率中偏低,但那是以間諜軟體而言,其單獨存在的比率高)
           -Types of Information Collected by Spyware(市調、pop-ads、商業競爭…分析消費者的使用習慣)
           -OSes v.s. spyware(以Win的比率最高,與市占率有關)
-Adware(advertising-supported software)=>harmless, but however, some adware may come with integrated spyware such as keyloggers and other privacy-invasive software.
           -Pop-up Ads/Pop-under Ads
           -Spyware不會主動攻擊,通常採用偽造訊息的手法吸引user執行。
 
 
Start form ch.2-1
#Attacking program Bugs
           -Attack Types
                     .Buffer Overflow Attacks => 變形多
                                Easy to launch(成功送Stream即攻下)
                                Plenty of targets
                                Cause great damage(經常針對有route權限的program)
                                Internet worms(指數性成長)
 
                     .Format string attacks
                     .Integer overflow and integer sign attacks
#Stack Smashing Attacks
Q:如何改變program的執行流程?=>下一個指令的位址存於記憶體中,改位址,指向增改的machine code,參照2-7~2-9圖表解說

 
comment 0 trackback 0
引用 URL
http://icebreak310.blog.fc2.com/tb.php/194-a1e362e2
引用:
留言:
只對管理員顯示