 Chuyen gia bao mat ky cuu Joe Stewart tuong rang minh da thong tuong moi nhe ve malware, cho toi khi ong bat gap SpamThru Trojan- mot chuong trinh pha hoai duoc thiet ke de phat tan thu rac tu may tinh bi nhiem.
Su dung cong nghe P2P de gui lenh toi cho cac PC bi hijack, Trojan nay duoc trang bi han mot ... may quet virus rieng, voi muc do phuc tap va tinh vi ngang ngua voi cac phan mem quet virus chinh thong. "Day la lan dau tien toi bat gap hien tuong nay", Stewart thot len. Ong hien dang lam chuyen gia bao mat cao cap cua SecureWorks. "Muc dich cua may quet virus nay, don gian la de tu bao ve moi "nguon luc" cua Trojan. Trong truong hop no phai canh tranh voi mot virus gui mail hang loat chang han, no se loai bo duoc doi thu dang ghet". Dai da so cac virus va Trojan hien nay chi tim cach chan cac phan mem diet virus tai cac phien ban update nhung chien dau voi ca cac malware doi thu kieu nay thi dung la "hiem co kho tim", neu chua muon noi la truong hop dau tien. SpamThru da nang cuoc choi len mot tam moi - su dung nguyen mot cong cu diet virus de tieu diet "dong dang".
Tuy nhien, dong co cua no thi chang kho hieu chut nao. May tinh thi chi co mot ma hacker nao cung muon gianh lay quyen kiem soat. Le tat yeu, cac hacker se dau da voi nhau, tim moi cach tieu diet cac malware khac bang cach xoa bo registry key hoac lua cho malware khac nghi rang ... chung da dang chay roi.
Thong minh va tao ton
Ban dau, Trojan nay se tai mot DLL tu may chu trung uong dieu khien cua hacker. Sau do, no se tai ve may tinh bi nhiem mot ban lau cua Kaspersky Antivirus. 10 phut sau khi download DLL, no bat dau scan he thong de lung diet cac malware khac va bo qua nhung file "nha minh".
"Bat cu malware nao bi phat hien cung se bi Windows xoa het trong lan khoi dong lai sau do", Stewart giai thich. Ngay ban than ong luc dau cung bi boi roi voi muc dich cua hacker khi cai dat phan mem scan virus Kaspersky.
"Toi chi nghi don gian la no dang nguy trang motc ach thong minh. Nhung phai den khi phan tich ky hon, toi moi nhan ra mot co che hoat dong vo cung tinh vi ma hacker da nghi ra de co the chiem tron bang thong cho thu rac cua han".
Chua het, SpamThru con su dung mot co cau ra lenh va kiem soat cuc ky kheo leo de tranh bi shutdown. No su dung mot giao thuc P2P tuy bien de chia se thong tin voi cac peer khac, bao gom dia chi IP, cac cong va phien ban phan mem cua may chu dieu khien.
Trong truong hop may chu dieu khien bi tat, spammer se co the cap nhat toan bo cac thong tin nay len mot may chu dieu khien moi trong mang peer.
Cac thu rac ma SpamThru phat tan di deu dua tren template co san nhung voi cac cum tu ngau nhien trong noi dung, ten nguoi gui ngau nhien. Nhung template nay deu duoc ma hoa va su dung mot phuong phap xac thuc dac biet, ngan khong cho ke khac download ke.
Chua het, no con co the thay doi ca chieu rong va chieu cao cua hinh anh GIF nham qua mat cac bo loc. Theo EWeek Article source http://w4rum.com/221.t
| 