惡意軟體之測試與攻擊方法探討

Abstract

惡意軟體在網際網路大量流竄，造成大量電腦系統的損壞，更因為殭屍網路(Botnet)的盛行而產生實體產業如金融業的災害。雖然許多測試工具已能協助找出一般軟體的漏洞，以提升軟體品質與穩定性，而惡意軟體雖然同屬軟體的一員，但由於其中常使用加密演算法來保護內部的資訊與外部伺服器的溝通，因此一般測試工具很難有效地對惡意軟體進行測試。對於惡意軟體研究大致可以分為兩種，第一是惡意軟體的惡意行為分析，第二是分析惡意軟體的弱點，現今多數研究為前者。

因此本研究將探討對惡意軟體中使用的加密演算法進行處理的文獻，以及目前對惡意軟體的測試、分析方法，了解找尋漏洞的過程，最後蒐集已被發現漏洞的惡意軟體，分析這些漏洞發生的原因和相關資訊，以提供進一步的研究資料。

Malware has been spread in the network for a long time and damaged many application systems. Many commercial activities like the financial sector have been affected by the botnet in the real world. Although many fuzzing tools have been used to find related vulnerabilities in the software to improve the quality and reliability, but the malware usually implements the encryption functions to protect inner information and the message communicating with C&C servers. A general fuzzing tool can’t test malware with satisfactory results. The research for malware can be divided into two types, (1) the analysis of malware’s malicious behavior and (2) the analysis of malware’s vulnerability. Nowadays the former research is paid much more attention than the latter.

Therefore, this thesis will study how we can identify the encryption functions in the malware, and attack and analyze malware with general methods. We have collected and organized the vulnerabilities of various kinds of malware, with possible attacks.