关键词:木马;线程插入;动态链接库;无进程
The Design and Implement of No-process and No-port DLL Trojan Horse
Abstract
With the development of the network technology, more and more people begin to use Internet. At the time people found the powerful function of the Internet, people have to face to more and more information security problems in the Internet. The Trojan horse program is a big challenge to the information security .It is different from computer’s virus. It could obtain the information of others’ computers and hold up, monitor, falsify others’ information which is distributed in the Internet.
The DLL Trojan horse makes use of the thread injecting technology to design and implement a dynamic link of Trojan horse after the study of Trojan horse work theory and mode. It has realized the features of no- process and no-port. The design of Trojan horse is to realize these three functions: hiding process and ports, destroying word files. The technology about long-distance injecting will be researched in the future.
The thesis introduces the work principle of Trojan horse program and the functions of realization. It also gives full descriptions of main API functions and summarizes some methods of killing DLL Trojan horse.
Key words: Trojan horse; Thread injecting; Dynamic Link library; No-process
