计算机工程 ›› 2008, Vol. 34 ›› Issue (10): 147-149.doi: 10.3969/j.issn.1000-3428.2008.10.053

• 安全技术 • 上一篇    下一篇

基于NDIS隐蔽通信技术的木马病毒分析

杨志程,舒 辉,董卫宇   

  1. (解放军信息工程大学信息工程学院计算机科学与技术系,郑州 450002)
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2008-05-20 发布日期:2008-05-20

Analysis of Trojan Virus Based on NDIS Covert Communication Technology

YANG Zhi-cheng, SHU Hui, DONG Wei-yu   

  1. (Dept. of Computer Science and Technology, College of Information Engineering, PLA Information Engineering University, Zhengzhou 450002)
  • Received:1900-01-01 Revised:1900-01-01 Online:2008-05-20 Published:2008-05-20

摘要: 针对当前木马病毒向核心态发展的趋势,为给反病毒研究提供技术参考和依据,该文对NDIS体系结构进行了分析,提出一种基于NDIS驱动的木马隐蔽通信方法,以该方法为依据设计和实现了木马验证模型并对其进行分析和测试。测试结果验证了模型的非接触式穿透防火墙性能。

关键词: NDIS驱动, 验证模型, 隐蔽通信, 非接触式, 防火墙

Abstract: As the development trend of trojan virus to the kernel, in order to provide anti-virus technology reference, this paper analyzes the NDIS architecture, puts forward a concealed communication method based on NDIS driver technology, designs and realizes a trojan virus model based on this method, analyzes and testes it. The result of the test proves the non-touch firewall penetration ability of the trojan model.

Key words: NDIS driver, test model, covert communication, untouched, firewall

中图分类号: