c - 特洛伊木马(C语言中的简单客户端-服务器)

Question

所以我几天前开始网络编程，我创建了一个非常简单的木马(受害者执行一个客户端，该客户端与黑客的 PC 建立连接，然后黑客可以通过简单的 system() 命令执行 CMD 的功能)。

基本上我的特洛伊木马可以工作，但我不明白为什么我的防病毒软件没有检测到它。我的意思是，唯一可能阻止我的特洛伊木马的是我的防火墙，它检测到一个传出连接。所以我不明白为什么检测到其他木马而不是这个新木马。

如果需要，我可以提供源代码，我想强调的是，我这样做只是为了教育目的。我永远不会用任何这些知识来攻击任何人(反正我没有足够的技能)，我只是想学习和理解:)。

Answer 1

查杀:

AMES is using the Avira engine for virus detection. If the Avira engine is not able to detect a virus, then the most likely cause could be that this virus is brand new and cannot be detected yet. We would greatly appreciate if you submit the suspicious file to us so we can analyze it immediately. Our virus lab will subsequently send you a feedback. If we cannot detect the suspicious file as a virus, we will work on creating an update to make sure we detect the file in the future.

平均值:

Sometimes a new virus is not detected even if your AVG is fully up to date. This happens when a threat has just been written or released, or we’ve discovered it only very short time ago and are now working on an update that will recognize and contain the virus.

戴尔(https://powermore.dell.com/technology/teaching-your-computer-to-detect-new-viruses/):

Most antivirus programs use signatures — mathematically derived strings or regular expressions of malware code — to detect viruses. But that requires a lengthy process of finding malware in the wild, getting a sample, analyzing it, generating a signature and adding it to the repository that is pushed to users in anti-virus updates.

因此，就像评论中提到的那样，似乎只有当安全软件记录了病毒的签名时才会检测到病毒。

这是一个关于如何使用 ClamAV 创建您自己的签名的链接:http://blog.adamsweet.org/?p=250