8/4/2014 Hong S Tng 1

NETWORK SECURITY
Virus adn Malicious Software
8/4/2014 Hong S Tng 2
Ni dung
C ch hot ng ca virus my tnh
Nhng con ng ly lan ca virus my tnh
R sot h thng b nhim virus my tnh

8/4/2014 Hong S Tng 3
C ch hot ng ca virus my tnh
Khi nim v virus my tnh
Virus my tnh: l mt chng trnh my tnh c
kh nng t sao chp t i tng ly nhim
ny sang i tng khc.
Malware (Malicious Software): l phn mm
xm nhp, hot ng trn h thng m khng
c s cho php ca ngi s dng.

8/4/2014 Hong S Tng 4
C ch hot ng ca virus my tnh
1. Xa mn hnh
2. Hin dng ch Hello
3. Kt thc
0. Nhy ti bc 4
1. Xa mn hnh
2. Hin dng ch Hello
3. Kt thc
4. Kim tra ngy thng gy
tc hi nu ng ngy?
5. Tm cc file khc, copy cc
bc 0, 4, 5, 6 vo file tm
c.
6. Quay li bc 1.
Virus
8/4/2014 Hong S Tng 5
Cc loi virus my tnh
Trojans
worms
droppers
viruses
boot viruses
File infecting viruses
Java viruses
macro viruses
script viruses
Spyware
Adware
Phishing
8/4/2014 Hong S Tng 6
New Generation Viruses
Legal Entry
Hacker's goal achieved!
8/4/2014 Hong S Tng 7
Cc loi virus my tnh
Virus trn tp (F-Virus)
Virus trn tp thng ly vo cc tp chng trnh
nh cc tp .com v .exe
Virus ny thng ly nhim sang cc tp khc khi ta
chy cc tp ly nhim trn a cng, a
mm hoc t trn mng
Chng thng nm li trn b nh, sau khi b nh
my tnh b nhim Virus, Virus ny c th ly sang
cc tp chng trnh khc

8/4/2014 Hong S Tng 8
Cc loi virus my tnh
Virus trn Boot sector (B-Virus)
Virus c th ly nhim vo cc Boot sector ca a
mm hoc Master Boot Record trn a cng, bng
FAT, bng ng k (windows registry) ca h iu
hnh Windows....
Khi ta khi ng my t a b ly nhim loi
Virus ny chng s thng tr trong b nh my
tnh v s ly nhim sang cc a cng hoc a
mm khi ta s dng
8/4/2014 Hong S Tng 9
Cc loi virus my tnh
Macro virus
y l loi virus ly trn cc tp d liu thng qua
vic xy dng mt on chng trnh macro trn
cc tp ny.
Cc on m code ca Virus trn cc m Visual
Basic trong cc tp Exel, MS word, MS Access, MS
Powerpoint c th gy ly nhim Virus ti cc tp
d liu hoc tp chng trnh khc
8/4/2014 Hong S Tng 10
Cc loi virus my tnh

Virus hn hp
L loi virus c tt c cc tnh nng ly nhim v
ph hoi trn c cc tp, hay boot record.
y l loi virus kh dit do hot ng ng thi
trn nhiu loi mi trng
8/4/2014 Hong S Tng 11
Cc loi virus my tnh
Trojans Horse (Con nga thnh T roa)
Khc vi virus, Trojan Horse l mt on m chng trnh HON
TON KHNG C TNH CHT LY LAN. (Backdoor, Botnet)
8/4/2014 Hong S Tng 12
Cc loi virus my tnh
Worms (Su mng)
Worm kt hp c sc ph hoi ca virus, c
tnh m thm ca Trojan, v hn ht l c tc
ly lan ng s
Virus ly qua email
Virus ly qua l hng phn mm (windows, IE)
Virus ly qua chat
Virus ly qua mng LAN
8/4/2014 Hong S Tng 13
Cc loi virus my tnh
Spyware, Adware: n trm thng tin, thay i thng s
trnh duyt, hin cc pop-up qung co...
8/4/2014 Hong S Tng 14
Nhng con ng ly lan ca virus
Qua email
Ti file t Internet
Copy v chy file t a mm, CD, USB
Qua mng ni b (LAN)
Qua l hng phn mm
...
8/4/2014 Hong S Tng 15
R sot h thng b nhim virus my tnh
8/4/2014 Hong S Tng 16
Khi nim v Process, Service, Registry
Tin trnh (Process): L nhng chng trnh
hot ng mc ng dng ca h iu hnh
windows
Dch v (Service): L nhng chng trnh
hot ng ch nn ca h iu hnh.
Key: L nhng thng s ca mt phn mm
hay h iu hnh c lu tr li trong h
thng s dng nhiu ln.
8/4/2014 Hong S Tng 17
R sot h thng
Task Manager: xem
cc tin trnh v dch
v ang chy trn
my tnh

8/4/2014 Hong S Tng 18
R sot h thng
Registry Editor: Xem h thng registry
8/4/2014 Hong S Tng 19
Nhng chng trnh np lc khi ng h iu hnh
HKLM\SOFTWARE\Microsoft\windows\CurentVersion\Run
HKCU\Software\Microsoft\windows\Run
Startup Folder
Cc services, drivers
...
8/4/2014 Hong S Tng 20
Nhng chng trnh np cng windows Explorer
HKLM\SOFTWARE\Microsoft\windows\CurentVersion\Explorer\
Shared TaskScheduler
HKLM\Software\Microsoft\windows\CurentVersion\Explorer\She
llExecuteHooks
...
8/4/2014 Hong S Tng 21
Nhng chng trnh np cng Internet Explorer
HKLM\SOFTWARE\Microsoft\windows\CurentVersion\Explorer\
Browser Helper Object
HKCU\Software\Microsoft\Internet Explorer\UrlSearchHooks
...
8/4/2014 Hong S Tng 22
X l my tnh b nhim virus
Quy trnh bo v chng Virus
ng k: My tnh c ng k s c a vo danh sch qun l
Ci t phn mm chng Virus my tnh: Cn c vo chc nng ca
my tnh, cu hnh phn cng, h iu hnh, tnh trng khai thc ca my
tnh ng k nhm chng Virus my tnh thc hin ci t chng trnh
chng Virus my tnh thch hp. Nhm chng Virus my tnh t k hoch
phng chng Virus my tnh
Phng chng Virus my tnh nh k: Ln k hoch kim tra v dit
Virus my tnh cho cc my tnh c ng k ln cc bo co nh k
v tnh trng Virus my tnh ca cc my tnh c qun l v nh k cp
nht cc thng tin v cch dit Virus my tnh mi vo h thng chng
Virus my tnh vi s h tr ca i tc chng Virus my tnh
8/4/2014 Hong S Tng 23
X l my tnh b nhim virus
Quy trnh bo v chng Virus
Dit Virus my tnh trong cc trng hp bt thng:
Khi c tnh trng nhim Virus my tnh bt thng hoc theo
yu cu ca cp trn s tin hnh dit Virus
Chng Virus my tnh thm nhp qua cng Internet:
nh k cp nht thng tin v Virus my tnh cho my ch
dit Virus my tnh ti cng Internet. Lm bo co v tnh
trng Virus my tnh thm nhp qua cng Internet
Chng Virus my tnh thm nhp qua th in t: nh
k cp nht thng tin v Virus my tnh cho my ch dit
Virus my tnh ti cc mail server. Lm bo co v tnh trng
Virus my tnh thm nhp qua th tn in t.
8/4/2014 Hong S Tng 24
X l my tnh b nhim virus
Gii php dit virus my tnh trn Desktop
My tnh dng ny ch yu l cc my tnh bn cho cc nhn vin
s dng s c ci t cc chng trnh dit Virus cho cc my
nh: Trend Micro, Norton AntiVirus, Mc Acfee
Chng trnh chng Virus my tnh cho cc my tnh dng ny cn
m bo cc yu cu sau:
Chng trnh thng tr trong b nh my tnh vi kch thc nh
C th t ng dit Virus my tnh khng cn dng cc hot ng khc
ca my tnh
C kh nng cp nht thng tin v Virus my tnh mi bng tay hoc t
ng
Kim tra c Virus my tnh qua mail client ph bin nh MS
Outlook, Netscape mailtrn giao thc POP3
Chng c cc Virus my tnh c trn cc trang Web, trong cc file
nn

8/4/2014 Hong S Tng 25
X l my tnh b nhim virus
Gii php dit virus my tnh trn Internet Gateway
Cc dch v s dng cc giao thc truyn
HTTP, FTP, SMTP nh nhng trang WEB, cc
on chng trnh applet
H thng chng s thm nhp ca Virus qua
cc dch v truyn trn mng Internet nh
HTTP, FTP, SMTP c xy dng trn mt h
thng qut cc thng tin vo/ra h thng
mng trn cc cng (gateway)
8/4/2014 Hong S Tng 26
X l my tnh b nhim virus
Gii php dit virus my tnh trn Internet Gateway
Vic chng Virus my tnh ly nhim t mng Internet cn m
bo :
Chn cc Virus my tnh thm nhp t mng Internet ngay t
cng Internet trn cc giao thc HTTP, FTP, SMTP
Kim sot c Virus my tnh trn cc th in t vo v ra
qua cng Internet
c qun l thng nht vic cp nht thng tin ca Virus my
tnh vi cc chng trnh chng Virus my tnh khc hoc t
ng cp nht thng tin Virus my tnh
Gim thiu thi gian gi chm thng tin khi kim tra Virus my
tnh ti cng Internet
8/4/2014 Hong S Tng 27
X l my tnh b nhim virus
Phn mm chng Virus Anti-Virus Software
Th h u tin
Qut s dng ch k ca virus nh danh
Hoc pht hin s thay i di ca chng trnh
Th h th hai
S dng cc qui tc trc quan pht hin nhim virus
S dng m hash ca chng trnh pht hin s thay i
Th h th ba
Chng trnh thng tr trong b nh nh danh virus theo hnh
ng
Th h th t
ng gi vi rt nhiu kiu k thut chng virus
Qut v ln vt tch cc, kim sot truy cp
Dit bng tay vn c dng
8/4/2014 Hong S Tng 28
PHNG CHNG VIRUS
ATM
8/4/2014 Hong S Tng 29
PHNG CHNG VIRUS
{
NetWork VirusWall
IWSS
IMSS
SPS
ScanMail
ServerProtect
OfficeScan Server
TMCM
A Need for Multi Layer of Protection
OfficeScan
OfficeScan
8/4/2014 Hong S Tng 30
PHNG CHNG VIRUS
Trend Micro-
Network Virus
Wall:
Ngn nga Worm
ly nhim, bng
n gia cc
segment trong
mng.
Cch ly cc my
b ly nhim worm,
lm sch v cho
kt ni li
8/4/2014 Hong S Tng 31
PHNG CHNG VIRUS
Business Unit
0h 10h 20h 30h
Kaspersky
Sophos
Trend Micro
McAfee
Symantec
Average Vendor Response Time
Data Source: Datamation and AV-Test.org
http://itmanagement.earthweb.com/columns/executive_tech/article.php/3316511
8/4/2014 Hong S Tng 32
Discussion
Nhng ri ro g c loi tr bng h thng
AV?
Tn cng bng virus
Tn cng ca Spam
Nhng ri ro g c gim nh bng h
thng AV?
Tn cng t chi dch v (DoS)
Tn cng ca worm
Tn cng vo l hng bo mt trn host