May 25, 2009, CCTV2 reported the "Big Miss" Trojan case investigation, another people surprised that its well-organized, clear division of labor, Technology and business "perfect" combination, the formation of the Trojan economic network, it marked the "Trojan Economy industry chain" has matured, has become a social problem can not be ignored.
Trojan technology from the network remote management tools, hackers to use, whether it is a zombie network console, or the collection of secret information tools, people feel that the technology "terrible." If the technology is to promote the development of a number of technology enthusiasts, enthusiastic experience, may not be very harmful to the society, but with the formation of "industrial chain", research Trojan, the promotion of Trojan Horse became the starting point of the industrial chain, is the pillar of economic development later, the development of Trojan technology into the "active, rapid" development stage , driven by economic and political interests, to provide a large amount of money for Trojan research and development, with funds, you can get a first-class working environment, first-class technical personnel, first-class after-sales service, as well as the latest theoretical support ...
The following figure is the composition of the Trojan economy industry chain:
The so-called industrial chain, is the commercialization of the application has formed a complete causal chain, from the development of Trojans to dissemination, from information collection to the Trojan home, from virtual assets to real money, the industry chain in all aspects of the "professional" managers, a clear division of labor, with tacit understanding, high efficiency, in with the safety of the killing and evasion of the gambling, Slightly prevailed. At present, the story of the Trojan Horse is less, not because the security of the technology is high, but not because the Trojan disappeared, but the goal of the Trojan is clear, the way of making money ... The so-called know less people better, no longer publicity.
The Trojan Horse industry chain is divided into three parts: business process, communication process and working process according to the focus of its work.
1) Business Process
The core of the business process is the Trojan Horse manager, the "master" of the Trojan Horse. Its task is to organize Trojan horse development, the promotion of Trojan Horse, virtual assets, etc., is the beginning and end of the Trojan economy chain.
First, "master" hired Trojan designers, custom, development of their own special use of Trojans, and like the management of new technology products, maintain the continuous upgrading of products, version of the constantly updated to keep their own Trojan can avoid the market security manufacturers of the killing.
Second, "Master" hired Trojan agents to promote the "sowing" its Trojan, Trojan to play a role in the premise is to enter the attacker's computer, the Trojan to have a variety of security protection measures to protect the user's computer, is not an easy thing. Therefore, the Trojan agent career was born, agents are mainly the task is to promote the management of the channel, and the real push is the majority of professional hackers, they are responsible for attacking other people's computers and public websites, access to the user computer Trojan. This is not only a technical life, but also "definitely work", "master" the target is a Trojan "sowing" the number, in the first cost of IT industry, the use of layers of outsourcing business is more common.
Finally, "master" the ultimate goal of the realization of the Trojan is implanted in the public computer, will take the initiative to contact their owners, reporting their current status and authority. Owners can "operate" two kinds of business: one is to control the Trojan computer as their "zombie troops", in the Grand DDoS attacks, you can order these "troops" to attack their own destruction of any target, this way is familiar with the "network Triad." The second is to let the Trojan collect "valuable" information in the computer, such as bank card password, game password, QQ account, etc., can be sold directly online, to achieve profits; Of course, can also collect personal photos, corporate documents, business documents, secret information and so on, in short, all can buy and sell transactions, make money of the valuable information, are collected by the Trojan object.
The business process is the key link of the Trojan Horse industry chain, is the link of the horse business value, but the Trojan's "master" is often not the technology owner, but is the pure "businessman", the Trojan Horse technology content high link is through hires the Trojan Horse designer, the Trojan horse promoter to complete.
2) Propagation Process
Trojan Agent General Hire Trojan promoter, for its transmission trojan, generally are professional hackers, because it is a "definitely work", is usually a primary hacker, of course, there are some experts, mainly to see the price level. Trojan transmission also needs "special" thinking, in the battle with the security company, this is indeed the first "siege" war. Trojan is a small software, when you do not pay attention to the time, installed in your computer, hacker attack is a more direct way to gain control of your computer, just as convenient as its own computer, but such an attack, high cost, long time, so the design can be large-scale, automatic intrusion mode is inevitable. The first is through the worm, the virus's self propagation technology, like water infiltration to the various corners of the network, through mobile media, can also enter the private network confidential, but the virus and worms are the focus of computer protection, how much effect is not very certain, at the same time, Trojans into the private network, can not "go home", Also does not work. Interoperability, equality, open the Internet, quickly become the best venue for the transmission of Trojans. First hacker attacks the website, modifies the webpage, the Trojan hanging up, in the vast number of netizens "surfing the Internet", the Trojan implanted in your computer; the way of disguise is a variety of, through the mail, beautiful pictures, beautiful video, etc., tempted you to click, or execute a "malicious" link, and later through MSN, QQ, blog, Forum, such as sharing upload information, the Trojan quietly sent to the "joy" of surfers.
The technology development in the communication way is very astonishing, and it has developed from the system loophole, the application loophole, the social behavior direction, from the active attack to the temptation and the fishing direction. In particular, SQL injection, Web page hanging horse, XSS, etc. through the spread of the site into a mainstream communication channels.
3) Working process
Trojan is to enter the computer "Spy", of course, you will be strictly defensive, try to kill it in the cradle. Therefore, the Trojan can not only avoid, always to work, if the Trojan can not "smooth work", the entire chain of the Trojan economy will break, the late benefits can not continue, the industrial chain will collapse.
Trojan into the computer work is divided into four stages:
This column more highlights: http://www.bianceng.cnhttp://www.bianceng.cn/Network/Security/
Implant: Install yourself without being found, this process is to be completed in the later part of the communication process, otherwise it will be undone. This stage is the focus of safety manufacturers to killing, in order not to be found, a variety of encryption, fragmented, trailing follow-up, posing as "leadership" and other technology to avoid emerging.
Start: After entering the computer, must find the right opportunity to start their own, get the "work" right, simple can be added to the registry, complex can be followed in the system process. Start their own to avoid a variety of host monitoring measures, to their legitimate identity card, of course, after the start, for their own "work" of convenience, shielding security to their own monitoring, get some "special" permissions and identity, eliminate the relevant log behavior records ... are necessary to prepare for the work.
Collection: Information collection is the actual working stage of the Trojan horse, avoid the installation of the inspection, avoided the start of the monitoring, generally speaking, Trojan has become a computer "legitimate citizens", but the Trojan to do things will not necessarily conform to the routine, such as monitoring your keyboard, steal your screen, monitor your communications, etc. Do these things also need to evade detection system, otherwise did not "do bad things" was caught, the efforts of the front are also lost.
Home: Trojans and viruses, worms are the difference is to go home, to find their own "organization." The goal of the Trojan Horse is to obey the call of "organization", control your computer or monitor your computer or steal information, and then contact "organization". How can you not be found in the time, contact the Trojan "master", this process is an attack and defense game, the process of life and death added. Home technology is also diverse, not only direct, indirect communication links, information upload, may also be a common e-mail, may also be parasitic in some system software upgrade process ...
Trojan Horse and "master" get contact, on the basic realization of the entire Trojan work process, if the purpose of control, your computer will officially "join" Trojan Horse owner of the zombie force.
Trojan in the spread and work in the process of each link, may be found to die, therefore, the prevention of Trojan technology is also diverse, but because of the business interests of Trojans driven, Trojans in the avoidance of technical development, especially in the start-up, home process. Trojan designers are often very familiar with the system, not only familiar with the operation of the operating system, but also familiar with the various loopholes in security measures, familiar with the application of loopholes ...
At present, the market has a lot of popular Trojans making tools, the use of these tools, ordinary people can also create a large number of new Trojans. However, due to the limitations of the tools, these Trojans although in the "long like physical appearance" on is somewhat different, but its working principle and way basic, that is, they have the same family of DNA, through the "Behavior detection" technology, many manufacturers in the implementation of "active" Trojan defense technology.
A man's crime is not terrible, but it is an organized and planned crime. "Trojan Economy industry chain" is a successful case of hacker technology industrialization, hope this case can arouse enough attention of the society concerned, because this is not only the computer security technology can solve the problem.
This article is from the "Jack Zhai" blog, please be sure to keep this source http://zhaisj.blog.51cto.com/219066/187647