我要投稿当前位置:主页  >  网络安全  >  DFK THREAT SIMULATOR 2.0版,外国专业全方位系统安全测试程序

DFK THREAT SIMULATOR 2.0版,外国专业全方位系统安全测试程序

作者:中国网管之家   编辑: 中国网管之家   发布时间:2007-11-1 12:15:19  阅读次数:     发表评论

去外国网转了转发现版本升级啦。记性好的人应该记得去年的1.0版,现在隆重推出最新2.0版。
该程序为全方位的系统安全模拟测试程序,通过模拟实际情况对电脑植入各种恶意程序来测试电脑的安全防护。电脑的安全仅仅是相对于你对其施放的压力大小。因此才有此模拟测试程序的诞生。这个测试程序包含一系列已经经过无害化处理的程序、技术如释放程序, rootkit, 漏洞利用, 病毒, 木马, 间谍程序, 键盘记录程序, 防火墙泄漏, 终止进程, 自动化操作, 和ADS数据流等。这代表了现时电脑用户面对的各种现代化的威胁......

在作者的设想中,一位有着一定安全意识的电脑用户朱蒂,她因为之前儿子在自己工作电脑上乱搞中了一堆病毒/木马后,决定痛定思痛,做好多手准备以免重蹈覆辙。系统是XP SP2+自动更新,其电脑安装安全软件有:McAfee VirusScan Enterprise (v8.0i, patch 13 - 反病毒),Webroot Desktop Firewall (v1.3 - 防火墙), CounterSpy (v1.5.82 - 反间谍), BOClean (v4.21 - 反木马), and Ghost Security Suite (v1.110 - 主机入侵防护[HIPS]) ,养成经常更新安全软件并且定期扫描硬盘的好习惯。为了防止系统受到破坏,她还使用Power User权限的账户登陆系统。

某天她收到一封带有附件的邮件,经过反病毒软件扫描确认“无毒”(和大多数的现存木马般经修改逃避检测)后,她打开运行了附件..........

测试提示:
一些反病毒软件会提示测试程序为病毒。如果想继续测试请禁用你的反病毒软件再运行测试程序。注意,这仅仅是一个模拟测试,但不代表是安全的。所造成任何损失由使用者自负!模拟测试程序清除工具包含于本附件中的,请在测试完毕后用该清除工具清除测试所产生的文件和对系统的修改。本测试程序不能运行于95/98/ME,同时需要用户使用管理员或POWER USER级别账户登陆。

解压密码:morgud.com

模拟测试文件作用描述(建议最好测试后得出自己结论再看本部分,以免先入为主得出不准确的结论):

iPod-commercial.exe
测试文件主程序,伪装成FLASH动画,在显示加载画面时,后台释放projector.exe, xmlscript.exe, frmsystem.exe, winllogon.exe, 和playmovie.exe到临时文件夹并运行projector.exe

Projector.exe
以名字迷惑用户,让其以为是FLASH动画的一部分而允许运行。本程序会关闭绝大部分的HIPS, 反病毒,反木马软件,如果需要会调用xmlscript.exe来达到关闭目的,并用frmsystem.exe替换这些安全程序。然后调用运行winllogon.exe和playmovie.exe

xmlscript.exe
第三方免费的按键/鼠标动作模拟软件

frmsystem.exe
创建一个带密码的用户DFKTS,密码为0wn3d 该用户一天后失效

winllogon.exe
DFKTS 2.0版尝试关闭下列安全软件:
AbuseShield, Ad-Aware, Antispy, BlackLight, CheckIt Firewall, Core Force, DarkSpy, DefencePlus, DefenseWall, EMCO Malware Destroyer, Filseclab Twister, Fireball CyberProtection Suite, Foundstone Vision, GeSWall, GhostWall, Ghost Security Suite (AppDefend & RegDefend), GMER, HiddenFinder, Hook Explorer, IceSword, Injoy Firewall, Lavasoft Personal Firewall, Neoava, NetVeda Safety.Net, Norman Personal Firewall, Online Armor, OSsurance Desktop, pcInternet Patrol, PortsLock Firewall, Prevx1, Process Lasso, Process Master, Prisma Firewall, Rootkit Hook Analyzer, SensiveGuard, SocketShield, SoftClan Integrity 2005, Spinach Antispyware, Spyware BeGone!, SurfSecret Personal Firewall, TaskInfo, TermiNET, The All-Seeing Eye, Trend Micro Antispyware, Trend Micro Personal Firewall, Trustix AntiVirus, Wanadoo PC Firewall, Webroot Desktop Firewall, Webroot Spy Sweeper, Windows Defender, WinShark - 3B Personal Firewall Pro, 8Signs Firewall, Abacre Antivirus, Absolute Startup from F-Group Software, Abtrusion Protector, Acceleration Software AV, Ad-Aware Checker, Agnitum Outpost Free, Agnitum Outpost Pro, AhnLab Antivirus, AlertWall Personal Firewall, Aluria Software Security Center, Anti Trojan Elite, Anti Trojan Shield 2, Antidote SuperLite, AntiHook, Anti-keylogger, AntiSpy firewall, Anti-spyware from Dell, Anti-Trojan, AntiVir AV, AntiViral Toolkit Pro, AntiVirenKit, Anti-Virus & Trojan, AntiVirus ExPert 2000 (AVX), Antiy Ghostbusters, ANTS, AnVir, AOL Spyware Protection, ArcaVir AV, Armor2net Personal Firewall, a-squared Personal, AT AVS, AtGuard, avast!4 Home Edition, avast!4 Professional Edition, AVERT Stinger, AVG, AVG Free, Bazooka Adware and Spyware Scanner, BHODemon, BitDefender AV, BitDefender firewall, BitGuard Firewall, BlackICE, BOClean, BPS Spyware & Adware Remover, BullGuard, Caddais BackupOnDemand, CheckIt Toolbox from WinCheckIt Diagnostic Software, Cheyenne AntiVirus, ClamWin, ComCast Internet software suite, Command AV, ConfigSafe, ConSeal PC Firewall, CounterSpy by Sunbelt Software, CWShredder, CyberScrub AV, Deerfield Personal Firewall, Doctor Solomon AVS, Dr.Web AV, DumpWin, DynaComm i:scan, Earthlink Spy Audit, Enigma FireWall, eSafe AV, eScan, eScan Free, eScorcher AntiVirus version 1.7, Ethereal, eTrust EZ AntiVirus, eTrust Firewall, ewido security suite, eXtendia AntiVirus AVK, Find Hidden Service (aka FHS), Flister, F-Prot Antivirus, Freedom AVS, FRITZ!webProtect, F-Secure Anti-Spyware, F-Secure AV, F-Secure BlackLight Console, G-Data AntiVirenKit, GData Firewall, German Process Viewer, Giant/Microsoft Antispyware, Greatis Software's RegRun 3 Security Suite, Hacker Eliminator, HackerSmacker, Hauri ViRobot AV, HijackThis, IceSword, Ikarus, InoculateIT Personal Edition, Integrity Master, InVircible, IParmor, Jetico Personal Firewall, Kaspersky, Kaspersky Anti Hacker 1.0, Kerio Firewall, Kernel PS, Kernel SC, KillBox, Klister, KProcCheck, Lavasoft Ad-aware Plus, LockDown Free, Lockdown Pro, Look N' Stop firewall, MailDefense Standard 3.0, Malicious Software Removal Tool (Microsoft), McAfee AntiSpyware, McAfee AV, McAfee firewall, McAfee Internet Security, Mike Lin's StartupMonitor, MJ Registry Watcher, MkS_Vir, modGREPER, MoniDir, myNetWatchman, neolog, Net Barrier firewall, Net Protect, NOD32 AV, Norman AV, Norton AntiVirus, Norton firewall, Norton Internet Security (NIS), Norton Uninstall Deluxe, Omniquad AntiSpy, Omniquad Personal Firewall, Ontrack AV, OSsurance, Panda Antivirus, Patchfinder2, PC DoorGuard, PC Security from Tropical Software, PC-Cillin AV, PC-Cillin personal firewall, PER Antivirus, PestPatrol, PreEmpt, Prevx, Primedius Firewall, Private Firewall 3, Process Explorer, Process Guard by DiamondCS, Process Magic by WinEggDrop, Protector 2000 Plus, Protector Plus Antivirus Software, Quarterdeck/Norton CleanSweep, Quick Heal, Qwik-Fix Pro, RAV, RegdatXP, RegDefend, RegFreeze anti-spyware, Registry Firewall, Registry Watch, RegistryProt by DiamondCS, RegSeeker, R-Firewall, RKDetector, RootKit Shark, RootkitRevealer, SafenSec, SafePC, Samurai, SBABR, SecuriTask, Softperfect Personal Firewall, Solo antivirus, Sophos AV, Sphinx, Spy X, Spybot Search & Destroy, SpyFlush, SpyHunter, SpySweeper, Spyware Doctor, Spyware X-terminator Control Center, SpywareGuard, Steganos Online Shield, Steganos Security Suite, SuperAdBlocker, SwatIt, Sygate Personal Firewall, Sygate Personal Firewall Pro, System Safety Monitor, System Spyware Interrogator (SSI), Task Manager, Task Monitor, TaskInfo, Tauscan, TDS, Tenebril SpyCatcher, Tenebril SpyCatcher Express, T-FAK Trojan Remover, TGB::Judy! Firewall, The Cleaner, Tiny Personal Firewall, Trend Micro Anti-Spyware, Trend Micro AV, Trojan Guarder, Trojan Remover, Trojan Scan Engine, TrojanCheck 6, TrojanHunter, TZ Personal Firewall, UnHackMe, VBuster, Vexira Antivirus, VICE, Viguard, ViRobot Expert, VirusBuster, VirusMD Personal Firewall, VirusNet PC, VisNetic AntiVirus & Firewall, Websense anti-spyware, Wild File GoBack, Windows Error Reporting, WinGate, WinPatrol, WinRoute, WinRoute Pro, WinTasks, WinXP Firewall, Worm Detector, WyvernWorks Firewall, X-Cleaner, Xeon Firewall, Xintegrity, XoftSpy antispyware, X-RayPC, ZeroSpyware, ZoneAlarm Free, ZoneAlarm Pro, 等等.....

playmovie.exe
SFX自解压文件,内容为模拟测试的真正测试程序,包括:
Vanquish rootkit (vanquish.exe & vanquish.dll), Windows denial of service exploit (Win32e.exe), QuickTime denial of service exploit (Win32e.mov), Nopey trojan (Win32t.exe), Eicar test virus (Win32v.com), WhenU spyware (Win32s.exe), an alternate data stream (Eicar attached to calc.exe), Thermite leaktest防火墙泄漏测试 (Win32l.exe), SpyEx 1.0 keylogger键盘记录器 (Win32k.exe). 使用到的第三方程序: ElSave (elsave.exe).

为防止DFKTS模拟测试程序被多次运行,会在注册表里Software\Microsoft\Windows\CurrentVersion\Explorer生成
DWORD FLAG GUID 223456789012345678901234567890123456789012345678901
23456789012345678901234567890123456789012345678901234567890123456789012345
67890123456789012345678901234567890123456789012345678901234567890123456789
0123456789012345678901234567890123456789012"
键,值1。但是鉴于注册表漏洞该键为不可见状态

系统安全中心的杀软、防火墙和升级禁用提示被启用。
Here is a link: http://www.netfilego.com/v/3385811/dfk_threat_simulator_v2.zip.html

DFK THREAT SIMULATOR 2.0版,外国专业全方位系统安全测试程序
本文地址: http://www.net-web.cn/1504.htm
上一篇:win32k.exe win32 key恶意广告程序处理!        下一篇:三层交换机与路由器的比较
热门评论
网友评论仅供网友表达个人看法,并不表明网管之家同意其观点或证实其描述


[ Ctrl + Enter]
相关文章