SYSTEM AND METHOD FOR TRACKING REMOTE ACCESS SERVER OF MALICIOUS CODE

摘要

The present invention relates to a system and method for tracking a remote server accessed by a code-injection of malicious code. A system for tracking a remote access server of a malicious code comprises: an image load monitoring part for monitoring whether a process loaded in a memory is included in a communication module; a monitoring module insertion part for inserting a monitoring module, which monitors an operation for the communication module into the process; a network connection management part for receiving communication information between the communication module and the remote access server from the monitoring module inserted into the process and managing the received information; a malicious code diagnosis part for diagnosing malice of the process; and an access server tracking part for asking a query to the network connection management part about the process diagnosed as malicious by the malicious code diagnosis part and obtaining information on a remote access server having communicated with the process diagnosed as malicious.