The Design and Implementation of Trojan Horses Base on Process Hiding and Communications Hiding
Abstract
In recent years, malicious codes including Trojan have threatened network information security, and more and more countries paid attention to take active measures to protect the network, and spent a lot in research to develop network information security technology mentally and materially. This paper firstly analyses the basic principle, entry technology, load technology and hiding technology of traditional Trojan horse. With the development of network technology, Trojan horse technology is upgrading constantly. Modern Trojan horse is changed in process hiding and communication hiding.
The process hiding and communications hiding are important technology being explored by Trojan horse programmers all long. Adopting the measure of dynamic link storage, and Remote Thread technology, and hiding Trojan horse behind the other processes as a thread program, it is easy to hide. Choosing the port correspondence which is permitted by almost all the ordinary security policy, likes 80port, may easily penetrate the firewall and avoid the examine of security systems as invasion-checking mechanisms and so on. Thus, it has a very strong covered.
This paper is implemented the injection of Trojan horse by combining the technology of DLL (dynamic linking library) and of remote thread injection on the Windows platform. In this paper, modularization of Trojan horse process is proposed to create an independent Trojan horse injection process, thus, to inject Trojan horse DLL module to the host process. Experimental results show that the program could realize the Trojan injected with good covered and flexibility.