微博社交僵尸的设计与实现

发布时间：2018-05-11 10:56

本文选题：恶意代码 + 僵尸网络　；参考：《吉林大学》2014年硕士论文

【摘要】：随着僵尸网络的发展，一种新型的社交僵尸正迅速地传播。相对于传统僵尸，社交僵尸的命令与控制信道基于社交平台。微博是中国最大的社交平台之一，拥有数以亿计的用户。随着微博用户的增长，大量的微博消息发布到微博平台上，然而当黑客控制用户账户后，会对微博平台和用户造成重大危害。类似的案例已在国外著名社交平台——Facebook和Twitter上得到验证，如Facebook上发现的koobface僵尸网络，Twitter上发现的Nazbot僵尸网络。面对日益严重的僵尸网络威胁，研究者提出多种社交僵尸检测方法。目前出现的社交僵尸网络主要集中在Facebook、Twitter和MySpace平台，然而关于微博的僵尸网络研究较少，大部分研究者主要分析微博上的垃圾信息、虚假账户等，而这些垃圾信息和虚假账户可能是僵尸程序产生。因此，，研究社交僵尸在主机内的行为对于检测及清除主机内的僵尸程序尤为重要。为了更好地研究社交僵尸的结构、原理、与传统僵尸的差异等，进而有效地检测用户主机内的社交僵尸。本文根据微博平台建立一个社交僵尸网络，通过一个微博账户发布僵尸控制命令，利用微博平台作为命令与控制信道，受控的主机通过个人微博账户利用微博提供的开放API接口获取命令，并在主机或微博平台上产生相应行为。该社交僵尸可以通过入侵微博用户进行垃圾信息的传播，使用电子邮件传递窃取的用户隐私信息。微博僵尸的主要功能分为主机和网络活动。主机活动包括查询系统MAC地址、浏览网页、获取网卡信息、关机、重启、截屏、上传用户到僵尸主控机、执行指定文件的命令、修改邮件发送和接收地址。网络活动包括登录平台、获取僵尸控制者最新微博消息、更新用户微博状态、获取用户微博账户粉丝信息。本文中的社交僵尸只用作概念性验证，不会开放源码或用于商业用途。
[Abstract]:With the development of botnet, a new social botnet is spreading rapidly. Compared with traditional zombies, the command and control channel of social zombies is based on social platform. Weibo is one of China's largest social platforms, with hundreds of millions of users. With the growth of Weibo users, a large number of Weibo messages are published on Weibo platform. However, when hackers control user accounts, they will cause great harm to Weibo platform and users. Similar cases have been tested on Facebook and Twitter, the famous foreign social platforms, such as the koobface botnet found on Facebook and the Nazbot botnet found on Twitter. In the face of the increasing threat of botnet, researchers put forward a variety of social botnet detection methods. At present, social botnets mainly focus on Facebook Twitter and MySpace platforms, but there is little research on Weibo botnets. Most researchers mainly analyze spam on Weibo, false accounts, etc. And these spam and false accounts may be generated by zombie programs. Therefore, it is very important to study the behavior of social zombies in the host to detect and clear the zombie programs. In order to better study the structure and principle of social zombies and the differences with traditional zombies, social zombies in users' hosts can be detected effectively. This paper establishes a social botnet based on Weibo platform, issues botnet commands through a Weibo account, and uses Weibo platform as command and control channel. The controlled host obtains the command through the personal Weibo account using the open API interface provided by Weibo and generates the corresponding behavior on the host or Weibo platform. The social zombie can spread spam by invading Weibo users and use email to transmit stolen privacy information. The main functions of Weibo zombies are mainframe and network activity. Host activities include querying system MAC address, browsing web pages, obtaining network card information, shutdown, restart, screen capture, uploading users to zombie master, executing commands of specified files, modifying email sending and receiving addresses. Network activities include logging into the platform, getting the latest Weibo messages from zombie controllers, updating user Weibo status, and obtaining user Weibo account fan information. The social zombies in this article are used for conceptual validation only, not for open source or for commercial purposes.
【学位授予单位】：吉林大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】