摘要
目的研究网页挂马案件的检验方法,为有效打击此类犯罪,维护信息网络安全提供技术支持。方法在染毒主机端重新浏览可疑网页,使用wireshark捕获通信数据,借助wireshark提供的文件还原功能从通信数据中还原出所有文件,再利用主流杀毒引擎对这些文件进行病毒扫描,记录下木马程序的名称和下载路径。之后利用本文的Referer字段递归分析方法还原木马完整的种植过程,找出被挂马网站和相应的页面,提取出网页中被植入的恶意代码。结果获得了被挂马网站的相关信息,准确地定位出恶意代码的存储位置,提示网站管理员除去恶意代码并增强保护措施,从源头阻断木马的传播途径。根据黑客种植恶意代码过程中在被挂马网站遗留的入侵痕迹,对挂马网站进行检验分析,获得黑客的相关线索。结论应用本文提出的Referer字段递归分析方法可以有效检验网页挂马类案件,获取相关线索。
Objective To explore the method for detection of Webpage Trojan. Methods The suspicious webpages are reviewed and checked with Wireshark to capture the relevant data from which all of the involving files are restored. The mainstream anti-virus tools are used to scan the obtained files so that the Trojan viruses are kept with their names and downloaded paths. Through recursive analysis of referer fields, the Trojans can be completely exposed of their transmission route, the infected websites will be located, the corresponding pages defined, and the malicious codes extracted as well. Results The relevant information of the infected sites has been obtained together with their accurate storage locations and malicious codes. Thus, the website administrators can take the information to remove the Trojans and enhance the protection measures to block the viruses' intrusion and spread. On the other hand, based on the footprints left in the process of planting malicious codes of Trojans, the hackers can be traced to reveal themselves according to relevant cJues. Conclusion The recursive analysis of referer fields can effectively detect the Trojans concealed in webpage, therefor; making the clues of related cases gained.
出处
《刑事技术》
2016年第6期431-436,共6页
Forensic Science and Technology
基金
公安部技术研究计划项目(No.2014JSYJB033)
公安部应用创新计划课题(No.2014YYCXXJXY055)
辽宁省教育科学‘十二五’规划立项课题<"能力导向"的网络安全与执法专业实践教学研究>(No.JG14db440)
辽宁省自然科学基金课题(No.2015010091-301)
