| 针对Ghost还原的木马隐蔽驻留技术研究 |
| |
| 引用本文: | 郑成,王轶骏,薛质. 针对Ghost还原的木马隐蔽驻留技术研究[J]. 信息安全与通信保密, 2012, 0(1): 84-86 |
| |
| 作者姓名: | 郑成 王轶骏 薛质 |
| |
| 作者单位: | 上海交通大学信息安全工程学院,上海,200240 |
| |
| 摘 要: | Ghost还原系统已经被广泛应用于计算机的系统还原,该技术在使用方便的同时,也存在着安全隐患。文中首先介绍了Ghost映像文件的格式,并阐述其解析的过程和原理。然后在此基础上引出针对Ghost还原系统映像的木马隐蔽驻留技术,并剖析了所实现的Ghost映像文件穿越的命令行工具。该工具读取解析Ghost映像文件,然后往其中写入后门文件来实现木马的隐蔽驻留。最后提出了如何预防和检测利用该方法隐蔽驻留的木马,确保系统还原后的完整和安全。
|
| 关 键 词: | Ghost映像文件 读取分析 木马隐蔽 木马驻留 预防与检测 |
Research on Trojan Horse Hiding and Residence Technology According to Ghost Restoration |
| |
| ZHENG Cheng,WANG Yi-jun,XUE Zhi. Research on Trojan Horse Hiding and Residence Technology According to Ghost Restoration[J]. China Information Security, 2012, 0(1): 84-86 |
| |
| Authors: | ZHENG Cheng WANG Yi-jun XUE Zhi |
| |
| Affiliation: | (Institute of Information Security Engineering, Shanghai Jiaotong University, Shanghai 200240, China) |
| |
| Abstract: | Ghost reduction system is widely used in the computer system restoration, this technology is easy to use while contains certain safety hidden trouble. This paper first describes Ghost image file format, and tells of its analytical process and principles. And on this basis, this paper draws out the Trojan hiding and residence technology of the Ghost image reduction system, and analyzes the realization of command line tool which can penetrate the Ghost image file. This tool reads and analyzes Ghost image file, and then writes in the back door to their files, thus to realize the Trojan horse hiding and residence. This paper finally puts forth how to prevent and detect the hiding and residing Trojan by this method, and thus to ensure the integrity and safety of restored system. |
| |
| Keywords: | Ghost image file read and analyze Trojan hiding Trojan residence prevention and detection |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
