現今殭屍網路 (Botnet)病毒於網路中迅速蔓延開來，其感染方式及擴散程度令人難以招架，近年來更透過社群網路大肆散佈，加上使用者對網路資訊安全的概念嚴重不足，造成駭客透過殭屍病毒(Botnet Virus)感染的電腦遠端控制進行攻擊，不論是要發廣告信件 (Spam Mail)、發動分散式阻斷服務攻擊 (Distributed Denial of Service；DDoS)、鍵盤側錄程式 (Keystroke Logging)、以釣魚式攻擊(Phishing Attack)竊取個人私密資料、或是近年來出現的點擊詐欺 (Click Fraud)都輕而易舉，如何將殭屍網路偵測及摧毀，為網路管理者的重要課題。本論文將以KOOBFACE殭屍網路病毒為範例，藉由實際安裝病毒，對樣本病毒進行分析，找出有效可清除病毒之機制，並製作偵測與清除程式，協助防毒軟體找出無法偵測的病毒，對使用者發出警告通知。最後本論文設計了三個實驗： (1)KOOBFACE中毒偵測與分析；(2) KOOBFACE病毒清除程式製作及分析；(3) KOOBFACE病毒清除程式解毒後偵測與分析，透過本論文之偵測與清除程式防禦殭屍病毒，以期達成讓使用者能夠安心操作電腦之保證。

Botnet viruses spread rapidly on the network nowadays. It is difficult to defend because of various infection ways. In recent years, users lack the concept of network information security lead to botnets spread through social networks. Hackers are able to remotely control victim computers to carry out malicious or disturbing operations, such as DDOS attack, keystroke logging, click fraud, spam mail delivery, or phishing attack. How to detect computers to determine if they are being affected by botnet virus has become a major challenge. In this paper, we install a KOOBFACE virus, and analyze the computer to identify effective mechanisms to clear the virus. We proposed a detection and prevention system to assist in antivirus software against KOOBFACE botnets, and send the warning notice to the user. Finally, this paper designs two experiments to discuss the differences of infected computers and already cleared the virus computers. The two experiments include: (1) the statistics number of the malicious article post and deliver mail on infected computers; (2) the anti-virus system production and analysis; (3) the statistics number of the malicious article post and deliver mail on already cleared the virus computers. We expect this paper will be helpful for user to safely operate computers through the detection and prevention system.

[1] 電腦應用概況報告：民國99年。行政院主計處電子處理資料中心。2011。
[2] Symantec, “Internet Security Threat Report: 2011 Trends,” Symantec, 2012.
[3] Tanner, B.K., Warner, G., Stern, H., Olechowski, S, “Koobface: the Evolution of the Social Botnet,”Paper presented at eCrime Researchers Summit (eCrime), Birmingham, 2010.
[4] T. M. Arnold, A comparative analysis of rootkit detection techniques, ProQuest, UMI Dissertation Publishing , 2011.
[5] Alice Decker, David Sancho, Max Goncharov, Robert McArdle, “Ilomo Botnet:A study of the Ilomo / Clampi Botnet,” TrendMicro, 2009.
[6] Cox, A., and Golomb, G., “The Kneber Botnet,” NetWitness Corporation, Herndon, VA, 2010.
[7] Nicole Immorlica, Kamal Jain, Mohammad Mahdian, and Kunal Talwar, “Click Fraud Resistant Methods for Learning Click-Through Rates,” vol.3828, New York, Springer Verlag, 2007, pp. 34-45.
[8] Kurt Thomas, David M. Nicol, “The Koobface Botnet and the Rise of Social Malware,” Paper presented at MALWARE 2010 5th International Conference, Nancy, 2010.
[9] Julian B. Grizzard, Vikram Sharma, Chris Nunnery,Brent ByungHoon Kang, David Dagon, “Peer-to-Peer Botnets: Overview and Case Study,” Paper presented at The First Workshop on Hot Topics in Understanding Botnets, Cambridge, 2007.
[10] Chung-Huang Yang, Kuang-Li Ting , “Fast Deployment of Botnet Detection with Traffic Monitoring,” Paper presented at Intelligent Information Hiding and Multimedia Signal Processing 2009 Fifth International Conference, Kyoto, 2009.
[11] Ivan Arce , Elias Levy , Elias Levy, “An Analysis of the Slapper Worm,” IEEE Security & Privacy, pp. 82-87, 2003.
[12] Craig Schiller, Jim Binkley, Gadi Evron , Carsten Willems, Tony Bradley, David Harley, Michael Cross, Botnets: The Killer Web App, Syngress, 2007.
[13] G. Ollmann, “Botnet Communication Topologies:Understanding the intricacies of botnet command-and-control,” DAMBALLA, 2009.
[14] R. Pur, “Bots & Botnet: An Overview,” SANS Institute, 2003.
[15] Zhuge Jian-Wei, Han Xin-Hui, Zhou Yong-Lin, Song Cheng-Yu, Guo Jin-Peng, Zou Wei, “HoneyBow: an automated malware collection tool based on the,” Journal on Communications, vol. 28, no. 12, pp. 8-13, 12 2007.
[16] Ping Wang, Sherri Sparks, Cliff C. Zou, “An advanced hybrid peer-to-peer botnet,” Paper presented at The First Workshop on Hot Topics in Understanding Botnets, Cambridge, 2007.
[17] K. Thomas, “The Koobface botnet and the rise of social malware,” Paper presented at Malicious and Unwanted Software (MALWARE), 2010 5th International Conference, Champaign, 2010.
[18] M. Almgren, H. Bos, S. Ioannidis, E. Kirda, K. Marakomihelaki, “FORWARD Threat Report: Managing emerging threats in ICT Infrastructures,” Working Group Leaders, Karlsplatz, 2009.
[19] 陳嘉玫，網路安全的社交工程。科學發展，第461冊, 第16-23頁, 2011。
[20] L. von Ahn, B. Maurer, C. McMillen, D. Abraham, and M. Blum, “reCAPTCHA: Human-Based Character Recognition via Web Security Measures,” Science, vol. 321, no. 5895, pp. 1465-1468, 2008.
[21] M. B. N. H. a. J. L. L. von Ahn, “CAPTCHA: Using hard AI problems for security,” Paper presented at Eurocrypt 2003, Warsaw, 2003.
[22] 莊淵全，惡意程式分析報告 Exploit.Win32.Pidief.cvd。教育學術網路系統安全保證及反駭客控制技術研發中心，2010。
[23] 莊淵全，惡意程式分析報告 TR.Dropper.Gen。教育學術網路系統安全保證及反駭客控制技術研發中心，2010。
[24] 莊淵全，惡意程式分析報告 TR.Spy.Goldun.RS。教育學術網路系統安全保證及反駭客控制技術研發中心，2010。
[25] A. Orebaugh, G. Ramirez, J. Burke, and J. Beale, “Wireshark and Ethereal network protocol analyzer,” Syngress Media Inc, 2007.