  
  



      ,   ,   ,         ,      .           ,  ,   .       .

        ,    ,  ,    ,        ,     ,  -,   ,     ,      .  ,   ,       ,  ,   .

    ,  ,   ,      .

      .





  

  





 


 ,   :  ,        ,   ,        .   ,       ,     ,     .          ,      . ,     , ,   ,        ,      ,    .

,     , . ,  ,     ,      .   .        ,  ,        .

    -            .        ,     ,        . ,       ,     ,         .

 ,    Microsoft, ,   60 %         .    : ,       -       .      ,      ,      .    ,  , ,        .

,  Microsoft,  ,         .       ,      ,                .


 

 ,         dgurski@minsk.piter.com (mailto:dgurski@minsk.piter.com)( ,  ).

     !

   http://www.piter.com (http://www.piter.com/)      .




 1

 :   



   

  

  

 

     ?

     (rootkits)

    




1.1.    


    ,        , ,  ,        .     ,           .           .          ,       ,         .

 ,     ,     ,  - -    .  1949       .                ,        .    .       Darwin (http://www.cs.dartmouth.edu/~doug/darwin.pdf (http://www.cs.dartmouth.edu/~doug/darwin.pdf)),    1961    Bell Telephone Laboratories . . , . .   . .

,    (     )   ,        .    ,   .     -,      . ,      , .       :    .

     Creeper,    1970-    BBN     RSEXEC         . Creeper   :   ,      .

         Reaper,     .   , Reaper    Creeper    .

 1970      .     Venture      ,              Virus  Vaccine.               ,    .             ,   1975 .

       1973     Westworld.     ,    ,  ,    .

, 20  1977    ,    .       .

 1980-        .  ,    ,  ,    ,   .

,           .         -;   Elk Cloner  Virus,     .        ,    ,       廠    .

    .  1987    ,  IBM PC-    MS-DOS, Brain.     :          360 . Brain     ,   Brain Computer Services (   ),    ,         .    1987   Jerusalem ( ),        13-.     ,         .      .

      ,   ,       , .   ,           ,     .   2  1988 ,      -  -,        .      ,    ,      ,   ,   .

 -       6 . .     :      ,           .            CERT (Computer Emergency Response Team        ),           .

   .        ,     Intel- ,      ,   Microsoft.      .  1991    ,   .   Windows 95   ,   beta-  160 .       Form,         .  -,      ,  ,        .                ,      ,  ,    Microsoft Word.     oncept    ,     Microsoft Word        .





     100   oncept.


  1996        Windows 95  Win95.Boza,    Win95.Punch,  ,      Windows 95.          Win.Tentacle,   Windows 3.0/3.1.        .    Windows-        ,       MS-DOS   .        Laroux,   Microsoft Excel.




 1997         FTP  mIRC-,   1998    Win95.CIH.    26  (   1999 )      ,    .  ,   Flash BIOS,     ,  ,      .





  Win95.CIH,       26  1999 ,      .


 I love you,      2000 ,      ,     $10 .  ,     Code Red,  14     300 . ,   .     ,      . , Nimda ( admin,  ),  ,    ,   ,   . MyDoom     ,    .

            ,     .   AnnaKournikova,      2001 ,   ,     ,     ,  Basic.

               ,      .         .       MessgeLabs (http://www.messagelabs.com/ (http://www.messagelabs.com/))  ,  1999          ,  2000           ,   2004       .      .  ( Ļ),    2007       7 . .

 Darwin 




1.2.   


     ,    ,  ,   .       .     ,      .      .      . ,    ,   ,    , , ,          .      ,   ,      .



!

            .


     ,                .

       .     ,       ,    ,      .       (   :  AnnaKournikova).        ,     .

            ,     .        (      ) ,    ,     .   ,    ,    ,      .

     ,       . ?   ,    :    ,         .  ,   ,       (   , ?),        .        ,     .   ,      ,     - .         ,   .




        -,    .     . ,      ( . .),   ,         (    ).     ,         Microsoft Word  18:00  09:00,   ,      .   . , ,      :   L + A + M + E + R + F1 + Alt.  ,      ,                    ,       ,      ,     .   ,    .   

       ,       ,  ,   .   :     ,     .        ,       ,   (       ),    ,      .

       :      ,   . ,  -    ,        ,    ,   ,     .




1.3.   


   c         , ,     ,    ,   .

            .         .  ,     , -   .           .

  .     ,    .

  ,       , .    .   ,         . ,  Windows          EXE, COM  MSI,  (SYS),   (BAT)    (DLL). C            .

       .    ,     ,       .

       .    ,         .                ,        .

      ,    1.1.

    ,   , -,    (P2P) , IRC-       .   ,  W32.Slammer  Sapphire,   Microsoft SQL Server 2000,        ,     .                .      ,         .             .



!

     ,          .


     ,    ,          . ,      2005      .        :    ,    ,       .             (     ).

,  Melissa         50 ,  I Love You        ,      .      KakWorm,       ,     ,  .          ,     ,        .       ,  ,  ,  .    . ,  AnnaKournikova       :       ,        .








   ,    .  ,    ,    .


        -.        .      Mytob.c,    2005                 LSASS Microsoft Windows.

     .        ,    .          ,   . , Slammer     .      -,    ,     Slammer,       . ,             Microsoft Internet Explorer,     ,     ,   .

   ,      ,      ,      .             ,  .      Microsoft Word  Excel.           ,  ,     ( Normal.dot).       ,      ,    .   ,    Microsoft Access.

     ,       ,     ,      ,      .     ,           .

  . ,     .

            ,        ,   .     :         ,          .                .

            ,   .       ,      .  ,         .





          .       ,  ,  ,  -   ,  .            , ,    (  )      .      ,   .      ,        , ,      ,     .

               ,              ,         ,                   .


           .    ,       .    ,  .

     - (stealth  ),      MS-DOS.    ,      .         .

         - (    ).       :

    (-,   .);

    (Windows, Unix, Linux, MS-DOS, Java);

   ( ,   ,   );

 ,     (,    .).

    ,       .

    .   ,     .   ?   ,         ,     ,      .  : , Worm.Win32.Nuf     ,  Net-Worm.Win32.Mytob.c.       :

     (Jerusalem);

       (I Love You);

    (AnnaKournikova);

  (Black Friday).

 ,     . ,    .        Israeli,  ,     ,     1813 (  ),        IDF (Israeli Defence Forces),        Jerusalem.





      Repus (Win95.)   156  (, ,    ,   256 ).           ;    ,      .     ,     Repus (Win95.).   , Repus   ,     - Windows.    -  ,         dirty,        .           .


      I-Worm.Hybris (Vecna),    2002    .     .         wsock32.dll,     -,          .  ,        ,     alt.comp.virus ,    .

         400-    .




1.4.  


 ,      ͻ.

          ,     . ,    ,  ,         .    .

,   

      .      ,       ,   ,     . ,         .      ,       .         1988 ,      1990-,     ,         ,        .

   .        ,        ,              .      .         (      ).      :    ,                .    ,     ,     .

       Good Times,   1994    AOL.    ,  -    :            Good Times.      ,     .   ,          .            .     ,        ! ,  -    Good Times.

  Good Times   .

 ,     ,     .       BBS- ,       ,  ,    2400 .  .            1200    ,     .

, , ,      - ,  -  . ,  2001     ,   sulfnbk.exe,    ,         .   , ,       ,          (   System Utility for Long FileName Backup           ),         .     .         2002 ,        .     jdbgmgr.exe,   Visual J++ 1.1.     ,      .    ,       Visual J++,        .

  ,     ,       ,     .

 2002      Perrun (W32/Perrun-A, PE_PERRUN.A, Win32.Perrun, W32/Perrun, W32/Perrun.A),        , ,  : ,    .            TXT.    ,  , ,  .    ,          -,              .

       1991 .     ,     ,     ,    ,       .   ,     :

  -   ;

   (              );

      ;

    ,   ,    ;

   , ,  , ,  ,  , ,   ;

  ,  , ,    .

,    ,    .

 ,            .       .     ,       (   ?) .     -     1 .       ,   ,      ,       . ,        ,     .

    .   ,      .                 :  ,   ,   ,    .  ,         ,          .          ,            .

     ?

       ,    ,        .      ?  ,    ?

         ,         ,       .

                   ,    ,      Microsoft     ,    .       ?

      ,    .   Good Times ,         n-        - ,    .

   ,     , ,     .    ,         .   ,      - , ,     ,     :        .

    ,  .         (http://www.vmyths.com/hoax.cfm (http://www.vmyths.com/hoax.cfm))      Hoaxbusters (http://hoaxbusters.ciac.org/ (http://hoaxbusters.ciac.org/)).

      ,  .         (http://www.viruslist.com/ (http://www.viruslist.com/)), Symantec (http://www.symantec.com/avcenter/index.html (http://www.symantec.com/avcenter/index.html))  McAfee (http://vil.mcafee.com/hoax.asp (http://vil.mcafee.com/hoax.asp)).

,  ,    Google      ,   !




1.5.      ?


            ,  .      ,       ?     ,      .      :      (      ),  ,   ,         .        ,    ,     :    ,  DDOS- (Distributed Denial of Service   ,      ).

    .    ,         ,   .       ,     ,      .        :        ,          ( ,     ).            ,   , ,    Winamp   ,   .





,    ,     ,       .


              superfoto.bmp.exe( ,  BMP     ,     ).       .     : ,    .    ,         .       ,  ,   ,    ,      .        ,      ,     ,   .




      ,     .  ,        ,     ,       .     -   .

,         :      ,   ,  -  (     ),   ,  ,  ,            .

 ,  ,     .      . ,          .      -        ,        ,         ,    .

   Trojan-Downloader  Trojan-Dropper,       ,  (adware)   (pornware) .  ,       -         .

 ,      ? -, , ,       Winamp    . -,       ,       ( Internet Exsplorer already patched),  , ,   ,    ,           . ,       .         ,  ,        ,    ,       .      . ,  Windows       :

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunservicesOnce

       (   ,          )     autoexec.bat, win.ini, system.ini.    ,         ,     Ctrl+Alt+Delete.         ,       .                ,     e-mail, ICQ  IRC-.

     : ,   ,  ,    .     backdoor ( ).  -,  ,     :   ,       .

     ,    ,   ,       .    ,     ,        ,     ,       ,    (, ,  ) ,  .        ,          .  ,         ,    .    ,                  ,        4.




1.6.      (rootkits)


 ,    ,      ,          .

       .        ,       .     ,      (, Spymaster     MSN Messenger),        ,    .

     ,        ,       ,    .      Unix-, ,  ,      ,         ,   Microsoft Windows.   ,            Sony.      ,    -          700 %  .  ,       :       ,       . ,   ,   Microsoft  ,   .  ,        Windows.




  .


   .

   ,     (https://www.litres.ru/sergey-yaremchuk/zaschita-vashego-komputera/)  .

      Visa, MasterCard, Maestro,    ,   ,     ,  PayPal, WebMoney, ., QIWI ,       .


