摘要:This paper presents an example of a malware attack on a virtual computer.Human factor and social engineering techniques are believed to play a major role in malware attacks.Insufficient education of the user regarding the information safety facilitates further action of the attacker.The attacker writes the malware code if necessary - as a key logger,downloader,etc.Every attack includes good preparation,port scanning,collecting information about antivirus software and target computer usage,considering the scenario of the attack,and choosing the best timing and method of the attack.The paper discusses anti-forensic role of Trojans in a corrupt virtual computer from which the abuse was committed,without the owner’s knowledge.Furthermore,the paper provides more information about the experimental verification of forensic activities aimed to prove the so called “Trojan Defense” in virtual environments.
其他摘要:U ovom radu prikazan je primer napada malverom na virtuelni računar.U napadu malvera veliku ulogu igraju greška ljudskog faktora i tehnike socijalnog inženjeringa.Nedovoljna edukacija korisnika o bezbednosti informacija,olakšava dalje delovanje napadača.Napadač piše kôd malvera po potrebi – kao keylogger,downloader itd.Svaki napad uključuje dobru pripremu,skeniranje portova,prikupljanje informacije o antivirusnim softverima i načinu korišćenja ciljnog računara,razmatranje scenarija napada,izbor prilike i metoda napada.U radu je razmatrana antiforenzička uloga trojanca u korumpiranom virtuelnom računaru sa kojeg je izvršena zloupotreba,bez znanja vlasnika.Opisana je eksperimentalna verifikacija forenzičkih aktivnosti za dokazivanje tzv.„trojanske odbrane“ u virtuelnom okruženju.
