Abstract: Communication technologies of Trojan horses are studied, and a communication model using WebMail system as a broker is proposed. With the model, the controlled end of the Trojan horse accesses WebMail systems in Internet by HTTP and can easily pass through the firewall of LAN. The controller does not need public or fixed IP addresses, so it can work well in places like cybercafe. To validate the model and evaluate its hazard, a prototype Trojan horse is designed. Some advices on protection against this kind of Trogan horse.

Key words: network security, Trojan horse, WebMail system, HTTP, E-mail

摘要： 研究特洛伊木马在网络通信方面所采用的技术方法，提出一种利用WebMail系统作为“中转站”的木马通信模型。在该模型中，木马被控端使用HTTP协议访问互联网中的WebMail系统，可轻易突破局域网防火墙，且不要求公网的或固定IP地址，能在网吧等环境中实施控制。通过实现一个原型木马验证该模型的有效性和危害性，并针对此类木马的特点提出防御建议。

关键词: 网络安全, 特洛伊木马, WebMail系统, HTTP协议, 电子邮件

CLC Number: 

• N945.12