盗号木马攻击与防范技术的研究实施.pdf

山东大学硕士学位论文并且由于监控有具体的目标,相对于现有的行为监控软件而言,只占用了少数的系统资源,对计算机的运行速度影响很小。因为规则库是开放的,所以规则库的制定比较灵活,也较容易升级和维护,缺点是对一般用户而言有一定的难度,设定规则库需要其具备一定的计算机知识。5、提出了手动查杀智能升级的方案。任何防木马软件也不是万能的,对于不能系统查杀的木马,通过手动方式查杀后可智能添加到规则库,再碰到此类木马就可系统查杀。关键词:盗号木马;注册表;API函数;挂钩API山东大学硕士学位论文ABSTRACTAlong、析ththedevelopmentandpopularizationoftheIntemettechnology,people’,,ount,QQnumberormoreimportantly,ountmightbecrackedorattackedby“TrojaDS”,'ws)Trojanisoneofthemostspecialtoolsamongthe‘‘TrojPWSisverydifferentfromvirus,thelaterisgoodatspreadinganddestroying;theformer,however,,remoteimplantationandcontrollabilityofPWS,eoneoftheindispensibleinstrumentsforhackersandcriminalstointrudeorcontrolpeople’,whenthingsaremoreandmorefinanciallyinvolved,,thetraditionalanti·-virustechnology,whichismainlybuiltonthesignature-·parisons,,therefore,:,theclassification,thehistory,theimplantationandthedevelopmentofTrojansaresystematicallystudiedfirstinthecurrentwork;theconcealment,theself-booting,theautorecovery,theinitiative,-and-:theanti-,pletelybypreventingthe山东大学硕士学位论文amo-b00tingprocess,thepassword-stealingactioninitiationandthecreationofthefilesofTrojans。Particularly,themonitorofthekeyAPIishighlysens“,low“”mo