The Implementation of a Trojan Detection Tool
Abstract
In recent years, the number of trojan is increasing very rapid and it now amounts to the most part among in all the illegal programs. Trojans have brought much more serious damages and losses .As a result, the research of anti-trojan has already become the hotspot and the main emphasis in the area of network security. Because of its ability of detecting unknown trojans, signature-based scanning has currently turned into hotspot in the anti-trojan research area. So the characteristic code technology is used widely. The characteristic code technology is the method that has the simplest and lowest expense to check the Trojans. The tool gets 4,096 bits from the known Trojans file, and gets its message digest with MD5 algorithm, then puts this value in an INI file as the database of Trojan characteristic code. When a file is checked, the tool will scan the file and compare with the characteristic code database, if the message digest of this file is equal to a certain record, then we can determine the file is a Trojan file. The accuracy of our tool is very high, and can identify the name of the Trojan. According to the result, it can take corresponding measure to deal with the Trojan file.
