11/17/2018 5:15 PM 病毒，间谍软件最新趋势 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes.

11/17/2018 5:15 PM 病毒，间谍软件最新趋势 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

提纲趋势总结业界新闻安全漏洞病毒 Rootkit 间谍软件网络钓鱼监测和防护 11/17/2018 5:15 PM
© 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

趋势总结从以前大规模的，无特定目的的网络攻击转为小规模的，特定用户和目的的攻击 11/17/2018 5:15 PM

钱，钱，钱！窃取个人和公司银行账户窃取信用卡号码实施DDoS攻击创建代理服务器 Zombie网络散布广告软件自动拨号等等

最新统计数据数据来源 Symantec 2006年3月发布的互联网安全报告 1896新的安全漏洞被发现，增幅40%
11/17/2018 5:15 PM 最新统计数据数据来源 Symantec 2006年3月发布的互联网安全报告 1896新的安全漏洞被发现，增幅40% 80%有害软件试图窃取用户机密信息 IE安全漏洞 24；Firefox安全漏洞 13 平均时间从安全漏洞发现到补丁提供：49天出现代码利用安全漏洞：6.8天最容易被感染的系统：无补丁Win2K © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

业界新闻无论你喜欢与否，微软发布了一系列产品或服务…

安全漏洞最严重的安全漏洞 Office最新安全漏洞 WMF安全漏洞 MS06-048 Powerpoint
MS Onenote, Project MS …

病毒传播方式分类利用操作系统的安全漏洞社会工程？Social Engineering 后门 -- Backdoor
11/17/2018 5:15 PM 病毒传播方式利用操作系统的安全漏洞社会工程？Social Engineering 分类后门 -- Backdoor 木马 -- Trojan 蠕虫 -- Worm 文件感染器 -- File infector (virus) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

系统安全漏洞缓存溢出（ Buffer Overrun ） Code Red: IIS缓存溢出 Blaster: DCOM RPC缓存溢出
11/17/2018 5:15 PM 系统安全漏洞缓存溢出（ Buffer Overrun ） Code Red: IIS缓存溢出 Blaster: DCOM RPC缓存溢出 Zotob: PnP缓存溢出 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

堆栈缓存溢出 Top of Stack Return Address char[128]
11/17/2018 5:15 PM 堆栈缓存溢出 Top of Stack Return Address void UnSafeRecv(char* payload) char[128] { char localBuffer[128]; … … strcpy (localBuffer, payload); } © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

有害软件主体执行，系统被全面感染, 开始攻击其他机器
11/17/2018 5:15 PM 典型攻击模式用户攻击方恶意的网络数据 OS存在安全漏洞缓存溢出恶意代码被执行发出下载请求有害软件主体有害软件主体执行，系统被全面感染, 开始攻击其他机器 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

社会工程攻击者通过某种手段，例如虚假信息，诱使用户执行一定的动作，已达到控制系统，窃取信息的目的用户参与
11/17/2018 5:15 PM 社会工程攻击者通过某种手段，例如虚假信息，诱使用户执行一定的动作，已达到控制系统，窃取信息的目的用户参与 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

典型攻击模式邮件蠕虫攻击方用户发送电子邮件打开附件有害代码执行搜集邮件地址发送新的邮件以传播有害软件作为附件
11/17/2018 5:15 PM 典型攻击模式邮件蠕虫攻击方用户发送电子邮件有害软件作为附件打开附件有害代码执行搜集邮件地址发送新的邮件以传播 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

最流行的病毒 Sober

反病毒软件文件扫描基于特征代码（signature） 11/17/2018 5:15 PM

实时防护反病毒驱动程序截获应用程序的文件调用监控I/O操作，以便反病毒软件扫描文件反病毒驱动程序反病毒软件文件系统应用程序
11/17/2018 5:15 PM 实时防护反病毒驱动程序截获应用程序的文件调用监控I/O操作，以便反病毒软件扫描文件应用程序反病毒驱动程序文件系统驱动程序反病毒软件 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

局限性反病毒软件工作基于病毒样本的特征代码仅依靠反病毒软件保护系统安全是不完善的对于小规模传播的病毒，可能没有特征代码
11/17/2018 5:15 PM 局限性反病毒软件工作基于病毒样本的特征代码对于小规模传播的病毒，可能没有特征代码病毒爆发和反病毒软件公司提供特征代码之间有时间间隔仅依靠反病毒软件保护系统安全是不完善的 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

间谍软件间谍软件未经用户允许，有以下行为的软件：广告，收集用户个人信息，修改系统配置等等。 11/17/2018 5:15 PM

传播途径通过弹出对话框或其它手段诱使用户安装电子邮件邀请访问特定的网站附加在其它软件中一起安装 11/17/2018 5:15 PM

感染间谍软件的症状广告框总是自动弹出 IE的缺省主页和搜索配置未经允许被修改 IE出现不熟悉的工具条，凭无法被正常删除计算机性能下降
11/17/2018 5:15 PM 感染间谍软件的症状广告框总是自动弹出 IE的缺省主页和搜索配置未经允许被修改 IE出现不熟悉的工具条，凭无法被正常删除计算机性能下降操作系统频繁崩溃 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

热门间谍软件 WebSearch

反间谍软件和反病毒软件类似，主要是基于对文件的扫描。扫描基于间谍软件特征代码的数据库
11/17/2018 5:15 PM 反间谍软件和反病毒软件类似，主要是基于对文件的扫描。扫描基于间谍软件特征代码的数据库 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

防护措施安装反间谍软件尽量从正式网站下载软件注意IE中Internet secure zone的配置
11/17/2018 5:15 PM 防护措施安装反间谍软件尽量从正式网站下载软件注意IE中Internet secure zone的配置 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Rootkit 历史用于修改操作系统，以改变操作系统的表现行为的工具软件。而这种改变，往往不是操作系统设计时所期望的
11/17/2018 5:15 PM Rootkit 历史术语来自于Unix系统。最早的一个版本是出现在SunOS 4 用于修改操作系统，以改变操作系统的表现行为的工具软件。而这种改变，往往不是操作系统设计时所期望的 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

隐藏信息 Rootkit可用于隐藏以下系统信息: 运行进程服务 TCP/IP端口文件注册信息Registry 用户帐号
11/17/2018 5:15 PM 隐藏信息 Rootkit可用于隐藏以下系统信息: 运行进程服务 TCP/IP端口文件注册信息Registry 用户帐号 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

新的威胁越来越多的Windows系统的Rootkit 越来越多的有害软件，间谍软件和Rootkit 绑定
11/17/2018 5:15 PM 新的威胁越来越多的Windows系统的Rootkit 越来越多的有害软件，间谍软件和Rootkit 绑定 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

Win32 API 调用 Application NTExecutives Int 2E (NtCreateFile) User mode
11/17/2018 5:15 PM Win32 API 调用 User mode Kernel mode Application NTExecutives Kernel32.dll (CreateFileW) Int 2E Ntdll.dll (ZwCreateFile) KiServiceTable (NtCreateFile) © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

类型 User-Mode API 截获 Kernel-Mode API 截获 Kernel-Mode 数据结构修改
11/17/2018 5:15 PM 类型 User-Mode API 截获 Kernel-Mode API 截获 Kernel-Mode 数据结构修改 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

检测Rootkit Offline OS检测 API副作用检测 Rootkit检测工具
11/17/2018 5:15 PM 检测Rootkit Offline OS检测 API副作用检测 Rootkit检测工具 Strider/Ghostbuster，MS Research RootkitRevealer，Sysinternals © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

删除Rootkit 官方提供的工具重新安装系统 11/17/2018 5:15 PM

Rootkit实例为什么Sony的用来保护CD版权的程序被反病毒公司检测为Rootkit?

Phishing 复制一个官方网站的主页，诱使用户输入个人的机密信息，如银行账号，密码等等。 11/17/2018 5:15 PM

Phishing的最新统计数据数据来源 Symantec 2005年3月发布的互联网安全报告
11/17/2018 5:15 PM Phishing的最新统计数据数据来源 Symantec 2005年3月发布的互联网安全报告 Symantec Brightmail AntiSpam™ 每周截获的phishing攻击从9百万次增长到3千3百万次 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

防护 http://www.microsoft.com/athome/security/email/phishing.mspx
11/17/2018 5:15 PM 防护对特定的邮件信息要当心 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

综合保护措施第一重要：用户培训第二重要：系统备份 11/17/2018 5:15 PM

综合保护措施（续）防火墙及时安装操作系统的补丁尽量避免运行在系统管理员模式反病毒软件，反间谍软件特定的硬件配置
11/17/2018 5:15 PM 综合保护措施（续）防火墙及时安装操作系统的补丁尽量避免运行在系统管理员模式反病毒软件，反间谍软件特定的硬件配置 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

11/17/2018 5:15 PM 资源 Windows 安全 Rootkit Phishing Sysinternal 信息安全Blog © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

11/17/2018 5:15 PM 病毒，间谍软件最新趋势 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes.

Similar presentations

Presentation on theme: "11/17/2018 5:15 PM 病毒，间谍软件最新趋势 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes."— Presentation transcript:

Similar presentations

About project

反馈

请登录

Auth with social network:

11/17/2018 5:15 PM 病毒，间谍软件最新趋势 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes.

Similar presentations

Presentation on theme: "11/17/2018 5:15 PM 病毒，间谍软件最新趋势 © 2005 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes."— Presentation transcript:

Similar presentations

About project

反馈