Principle of FTP mining machine Trojan horse
Publish: 2021-04-26 08:44:50
1. The Trojan horse that transmits data through port 21 is usually called FTP Trojan horse,
FTP is the English abbreviation of file transfer protocol, and Chinese abbreviation is "Text Transfer Protocol". It is used for bidirectional transmission of control files on Internet. At the same time, it is also an application. There are different FTP applications based on different operating systems, and all these applications follow the same protocol to transfer files
Trojan horse virus refers to a specific program (Trojan horse program) to control another computer. Trojans usually have two executable programs: one is the control side, the other is the controlled side.
FTP is the English abbreviation of file transfer protocol, and Chinese abbreviation is "Text Transfer Protocol". It is used for bidirectional transmission of control files on Internet. At the same time, it is also an application. There are different FTP applications based on different operating systems, and all these applications follow the same protocol to transfer files
Trojan horse virus refers to a specific program (Trojan horse program) to control another computer. Trojans usually have two executable programs: one is the control side, the other is the controlled side.
2. A complete Trojan system consists of hardware, software and specific connection
(1) hardware part: Hardware entity necessary for establishing Trojan connection. Control side: the party that remotely controls the server. Server: the party controlled remotely by the control side. Internet: the network carrier of remote control and data transmission between the control end and the service end
(2) software part: the necessary software program to realize remote control. Control side program: the program used by the control side to remotely control the server side. Trojan horse program: a program that sneaks into the server and obtains its operation permission. Trojan configuration program: set Trojan program port number, trigger conditions, Trojan name, etc., make it more hidden in the server program
(3) specific connection part: the necessary elements for establishing a Trojan horse channel between the server and the control side through Internet. Control side IP, service side IP: that is, the network address of control side and service side, which is also the destination of Trojan data transmission. Control port, Trojan horse port: that is, the data entry of the control end and the service end. Through this entry, the data can go directly to the control end program or Trojan horse program<
Trojan principle
Trojan hacking tool can be roughly divided into six steps from the process (see the figure below for details). Here we will elaborate the Trojan attack principle according to these six steps< In general, a well-designed Trojan horse has a Trojan horse configuration program. From the specific configuration content, it is mainly to achieve the following two functions:
(1) Trojan horse camouflage: in order to hide Trojan horse as well as possible in the server, Trojan horse configuration program will use a variety of camouflage means, such as modifying the icon, binding files, customizing the port, Self destruction and so on, we will be in "dissemination Trojan horse" this section in detail
(2) information feedback: the Trojan configuration program will set the way or address of information feedback, such as setting the e-mail address, IRC number, ICO number, etc. for details, we will introce them in the "information feedback" section
what is a Trojan horse
Trojan horse (hereinafter referred to as Trojan horse) is called "Trojan house" in English, and its name is taken from the Trojan horse in Greek mythology
it is a hacker tool based on remote control, which has the characteristics of concealment and non authorization
the so-called concealment means that in order to prevent the Trojan horse from being found, the designer of the Trojan horse will use a variety of means to hide the Trojan horse, so that even if the server finds the infected Trojan horse, it can only look at the "horse" and sigh because it can not determine its specific location
the so-called non authorization means that once the control end is connected with the server end, the control end will enjoy most of the operation permissions of the server end, including modifying files, modifying the registry, controlling the mouse, keyboard, etc., which are not given by the server end, but stolen through Trojan horse programs
the development of Trojan horse can be divided into two stages< At that time, the function of Trojan horse program was relatively simple. It was often to embed a program into the system file and use jump instructions to perform some Trojan horse functions. In this period, the designers and users of Trojan horse were mostly technicians, and they must have considerable network and programming knowledge
then, with the increasing popularity of Windows platform, some Trojan horse programs based on graphical operation have appeared. The improvement of user interface makes users can skillfully operate Trojan horse without knowing too much professional knowledge, and the relative Trojan horse intrusion events also occur frequently. Moreover, because the function of Trojan horse is becoming more and more perfect in this period, the damage to the server is also greater
so today, Trojans have been used everywhere. Once they are controlled by Trojans, your computer will have no secrets
in view of the great harm of Trojan horse, we will introce Trojan horse in detail in three parts: principle, defense and counterattack, and information. I hope you have a thorough understanding of this attack means of Trojan horse
principle
basic knowledge
before introcing the principle of Trojan horse, we need to explain some basic knowledge of Trojan horse composition in advance, because these contents will be mentioned in many places below
a complete Trojan system consists of hardware, software and specific connection
(1) hardware part: Hardware entity necessary for establishing Trojan connection. Control side: the party that remotely controls the server. Server: the party controlled remotely by the control side. Internet: the network carrier of remote control and data transmission between the control end and the service end
(2) software part: the necessary software program to realize remote control. Control side program: the program used by the control side to remotely control the server side. Trojan horse program: a program that sneaks into the server and obtains its operation permission. Trojan configuration program: set Trojan program port number, trigger conditions, Trojan name, etc., make it more hidden in the server program
(3) specific connection part: the necessary elements for establishing a Trojan horse channel between the server and the control side through Internet. Control side IP, service side IP: that is, the network address of control side and service side, which is also the destination of Trojan data transmission. Control port, Trojan horse port: that is, the data entry of the control end and the service end. Through this entry, the data can go directly to the control end program or Trojan horse program<
Trojan principle
Trojan hacking tool can be roughly divided into six steps from the process (see the figure below for details). Here we will elaborate the Trojan attack principle according to these six steps< In general, a well-designed Trojan horse has a Trojan horse configuration program. From the specific configuration content, it is mainly to achieve the following two functions:
(1) Trojan horse camouflage: in order to hide Trojan horse as well as possible in the server, Trojan horse configuration program will use a variety of camouflage means, such as modifying the icon, binding files, customizing the port, Self destruction and so on, we will be in "dissemination Trojan horse" this section in detail
(2) information feedback: the Trojan configuration program will set the way or address of information feedback, such as setting the e-mail address, IRC number, ICO number, etc. for details, we will introce them in the "information feedback" section< (1) there are two main ways of Trojan horse propagation:
one is to send the Trojan horse program in the form of attachment through e-mail, and the recipient will infect the Trojan horse as long as he opens the attachment system; The other is software download. In the name of providing software download, some informal websites bind Trojans to software installation programs. After downloading, as soon as these programs run, Trojans will be installed automatically< (2) camouflage method:
in view of the harmfulness of Trojan horse, many people still have a certain understanding of Trojan horse knowledge, which has a certain inhibitory effect on the spread of Trojan horse, which is what Trojan horse designers do not want to see, so they develop a variety of functions to camouflage Trojan horse, in order to rece the user's vigilance and cheat users
(1) modify icon
when you see this icon in the attachment of e-mail, do you think it is a text file? But I have to tell you that it may be a Trojan horse program. Now there are Trojans that can change the icons of Trojan server programs into HTML, TXT, zip and other files. This is quite confusing. But at present, there are few Trojans that provide this function, and this disguise is not impeccable, so you don't have to worry all day
(2) binding files
this camouflage method is to bind the Trojan horse to an installation program. When the installation program is running, the Trojan horse sneaks into the system without the user's awareness. As for the bundled files, they are usually executable files (such as exe and com)
(3) error display
people who have some knowledge of Trojan horse all know that if you open a file and there is no response, it is likely to be a Trojan horse program. The designers of Trojan horse are also aware of this defect, so some Trojans have provided a function called error display. When the server user opens the Trojan horse program, an error prompt box will pop up as shown in the figure below (this is false of course). The error content can be freely defined, and most of them will be customized into some files such as "the file has been damaged and cannot be opened!" Such information, when the server users believe it, the Trojan horse quietly intruded into the system
(4) custom port
many old Trojan horse ports are fixed, which makes it convenient to determine whether the Trojan horse is infected. Just check the specific port to know what Trojan horse is infected. So now many new Trojan horses have added the function of custom port, Control end users can choose any port between 1024 and 65535 as Trojan port (generally do not choose the port below 1024), which brings trouble to determine the type of infected Trojan< (5) self destruction
this function is to make up for a defect of Trojan horse. We know that when the server user opens the file containing the Trojan, the Trojan will itself to the system folder of windows (C: &# 92; Windows or C: &? 92; WINDOWS\ Generally speaking, the size of the original Trojan file and the Trojan file in the system folder is the same (except for the Trojan with bundled files). Then the Trojan friends only need to find the original Trojan file in the recently received letters and downloaded software, and then go to the system folder to find the same size file according to the size of the original Trojan, Just judge which is the Trojan horse. The self destruction function of Trojan horse means that after installing the Trojan horse, the original Trojan file will be destroyed automatically. In this way, it is difficult for the server users to find the source of the Trojan horse, and it is difficult to delete the Trojan horse without the help of the tool to check and kill the Trojan horse< (6) Trojan horse renaming
the file name of the Trojan horse installed in the system folder is generally fixed, so we can determine what Trojan horse has been found by searching for specific files in the system folder according to some articles about killing Trojan horse. So now many Trojans allow the control end users to customize the Trojan file name after installation, so it is difficult to determine the type of infected Trojans< The Trojan horse will be installed automatically when the server user runs the Trojan horse or the program that binds the Trojan horse. First, yourself to the system folder of windows (C: & # 92; Windows or C: &? 92; WINDOWS\ System directory), and then set the trigger conditions of Trojan horse in the registry, startup group and non startup group, so that the installation of Trojan horse is completed. After installation, you can start the Trojan horse. The specific process is shown in the following figure:
(1) activate the Trojan horse by trigger conditions
trigger conditions refer to the conditions for starting the Trojan horse, which roughly appear in the following eight places:
1. Registry: open HKEY_ LOCAL_ MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Under the five key to run and run services, in which to find may be to start a Trojan horse
(1) hardware part: Hardware entity necessary for establishing Trojan connection. Control side: the party that remotely controls the server. Server: the party controlled remotely by the control side. Internet: the network carrier of remote control and data transmission between the control end and the service end
(2) software part: the necessary software program to realize remote control. Control side program: the program used by the control side to remotely control the server side. Trojan horse program: a program that sneaks into the server and obtains its operation permission. Trojan configuration program: set Trojan program port number, trigger conditions, Trojan name, etc., make it more hidden in the server program
(3) specific connection part: the necessary elements for establishing a Trojan horse channel between the server and the control side through Internet. Control side IP, service side IP: that is, the network address of control side and service side, which is also the destination of Trojan data transmission. Control port, Trojan horse port: that is, the data entry of the control end and the service end. Through this entry, the data can go directly to the control end program or Trojan horse program<
Trojan principle
Trojan hacking tool can be roughly divided into six steps from the process (see the figure below for details). Here we will elaborate the Trojan attack principle according to these six steps< In general, a well-designed Trojan horse has a Trojan horse configuration program. From the specific configuration content, it is mainly to achieve the following two functions:
(1) Trojan horse camouflage: in order to hide Trojan horse as well as possible in the server, Trojan horse configuration program will use a variety of camouflage means, such as modifying the icon, binding files, customizing the port, Self destruction and so on, we will be in "dissemination Trojan horse" this section in detail
(2) information feedback: the Trojan configuration program will set the way or address of information feedback, such as setting the e-mail address, IRC number, ICO number, etc. for details, we will introce them in the "information feedback" section
what is a Trojan horse
Trojan horse (hereinafter referred to as Trojan horse) is called "Trojan house" in English, and its name is taken from the Trojan horse in Greek mythology
it is a hacker tool based on remote control, which has the characteristics of concealment and non authorization
the so-called concealment means that in order to prevent the Trojan horse from being found, the designer of the Trojan horse will use a variety of means to hide the Trojan horse, so that even if the server finds the infected Trojan horse, it can only look at the "horse" and sigh because it can not determine its specific location
the so-called non authorization means that once the control end is connected with the server end, the control end will enjoy most of the operation permissions of the server end, including modifying files, modifying the registry, controlling the mouse, keyboard, etc., which are not given by the server end, but stolen through Trojan horse programs
the development of Trojan horse can be divided into two stages< At that time, the function of Trojan horse program was relatively simple. It was often to embed a program into the system file and use jump instructions to perform some Trojan horse functions. In this period, the designers and users of Trojan horse were mostly technicians, and they must have considerable network and programming knowledge
then, with the increasing popularity of Windows platform, some Trojan horse programs based on graphical operation have appeared. The improvement of user interface makes users can skillfully operate Trojan horse without knowing too much professional knowledge, and the relative Trojan horse intrusion events also occur frequently. Moreover, because the function of Trojan horse is becoming more and more perfect in this period, the damage to the server is also greater
so today, Trojans have been used everywhere. Once they are controlled by Trojans, your computer will have no secrets
in view of the great harm of Trojan horse, we will introce Trojan horse in detail in three parts: principle, defense and counterattack, and information. I hope you have a thorough understanding of this attack means of Trojan horse
principle
basic knowledge
before introcing the principle of Trojan horse, we need to explain some basic knowledge of Trojan horse composition in advance, because these contents will be mentioned in many places below
a complete Trojan system consists of hardware, software and specific connection
(1) hardware part: Hardware entity necessary for establishing Trojan connection. Control side: the party that remotely controls the server. Server: the party controlled remotely by the control side. Internet: the network carrier of remote control and data transmission between the control end and the service end
(2) software part: the necessary software program to realize remote control. Control side program: the program used by the control side to remotely control the server side. Trojan horse program: a program that sneaks into the server and obtains its operation permission. Trojan configuration program: set Trojan program port number, trigger conditions, Trojan name, etc., make it more hidden in the server program
(3) specific connection part: the necessary elements for establishing a Trojan horse channel between the server and the control side through Internet. Control side IP, service side IP: that is, the network address of control side and service side, which is also the destination of Trojan data transmission. Control port, Trojan horse port: that is, the data entry of the control end and the service end. Through this entry, the data can go directly to the control end program or Trojan horse program<
Trojan principle
Trojan hacking tool can be roughly divided into six steps from the process (see the figure below for details). Here we will elaborate the Trojan attack principle according to these six steps< In general, a well-designed Trojan horse has a Trojan horse configuration program. From the specific configuration content, it is mainly to achieve the following two functions:
(1) Trojan horse camouflage: in order to hide Trojan horse as well as possible in the server, Trojan horse configuration program will use a variety of camouflage means, such as modifying the icon, binding files, customizing the port, Self destruction and so on, we will be in "dissemination Trojan horse" this section in detail
(2) information feedback: the Trojan configuration program will set the way or address of information feedback, such as setting the e-mail address, IRC number, ICO number, etc. for details, we will introce them in the "information feedback" section< (1) there are two main ways of Trojan horse propagation:
one is to send the Trojan horse program in the form of attachment through e-mail, and the recipient will infect the Trojan horse as long as he opens the attachment system; The other is software download. In the name of providing software download, some informal websites bind Trojans to software installation programs. After downloading, as soon as these programs run, Trojans will be installed automatically< (2) camouflage method:
in view of the harmfulness of Trojan horse, many people still have a certain understanding of Trojan horse knowledge, which has a certain inhibitory effect on the spread of Trojan horse, which is what Trojan horse designers do not want to see, so they develop a variety of functions to camouflage Trojan horse, in order to rece the user's vigilance and cheat users
(1) modify icon
when you see this icon in the attachment of e-mail, do you think it is a text file? But I have to tell you that it may be a Trojan horse program. Now there are Trojans that can change the icons of Trojan server programs into HTML, TXT, zip and other files. This is quite confusing. But at present, there are few Trojans that provide this function, and this disguise is not impeccable, so you don't have to worry all day
(2) binding files
this camouflage method is to bind the Trojan horse to an installation program. When the installation program is running, the Trojan horse sneaks into the system without the user's awareness. As for the bundled files, they are usually executable files (such as exe and com)
(3) error display
people who have some knowledge of Trojan horse all know that if you open a file and there is no response, it is likely to be a Trojan horse program. The designers of Trojan horse are also aware of this defect, so some Trojans have provided a function called error display. When the server user opens the Trojan horse program, an error prompt box will pop up as shown in the figure below (this is false of course). The error content can be freely defined, and most of them will be customized into some files such as "the file has been damaged and cannot be opened!" Such information, when the server users believe it, the Trojan horse quietly intruded into the system
(4) custom port
many old Trojan horse ports are fixed, which makes it convenient to determine whether the Trojan horse is infected. Just check the specific port to know what Trojan horse is infected. So now many new Trojan horses have added the function of custom port, Control end users can choose any port between 1024 and 65535 as Trojan port (generally do not choose the port below 1024), which brings trouble to determine the type of infected Trojan< (5) self destruction
this function is to make up for a defect of Trojan horse. We know that when the server user opens the file containing the Trojan, the Trojan will itself to the system folder of windows (C: &# 92; Windows or C: &? 92; WINDOWS\ Generally speaking, the size of the original Trojan file and the Trojan file in the system folder is the same (except for the Trojan with bundled files). Then the Trojan friends only need to find the original Trojan file in the recently received letters and downloaded software, and then go to the system folder to find the same size file according to the size of the original Trojan, Just judge which is the Trojan horse. The self destruction function of Trojan horse means that after installing the Trojan horse, the original Trojan file will be destroyed automatically. In this way, it is difficult for the server users to find the source of the Trojan horse, and it is difficult to delete the Trojan horse without the help of the tool to check and kill the Trojan horse< (6) Trojan horse renaming
the file name of the Trojan horse installed in the system folder is generally fixed, so we can determine what Trojan horse has been found by searching for specific files in the system folder according to some articles about killing Trojan horse. So now many Trojans allow the control end users to customize the Trojan file name after installation, so it is difficult to determine the type of infected Trojans< The Trojan horse will be installed automatically when the server user runs the Trojan horse or the program that binds the Trojan horse. First, yourself to the system folder of windows (C: & # 92; Windows or C: &? 92; WINDOWS\ System directory), and then set the trigger conditions of Trojan horse in the registry, startup group and non startup group, so that the installation of Trojan horse is completed. After installation, you can start the Trojan horse. The specific process is shown in the following figure:
(1) activate the Trojan horse by trigger conditions
trigger conditions refer to the conditions for starting the Trojan horse, which roughly appear in the following eight places:
1. Registry: open HKEY_ LOCAL_ MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Under the five key to run and run services, in which to find may be to start a Trojan horse
3. "Trojan horse" program is a popular virus file at present. Different from common viruses, it does not propagate by itself, nor does it "deliberately" infect other files. It can attract users to download and execute by camouflage itself, and provide users with a portal to open the computer of the seeded, so that the seeder can destroy and steal the files of the seeded at will, Even remotely control the computer of the person being planted“ "Trojan horse" is similar to the remote control software often used in computer network, but because the remote control software is "goodwill" control, it usually has no concealment“ Trojan horse "is the opposite, Trojan horse is to achieve the" theft "of remote control, if there is no strong concealment, it is" worthless "
a complete "Trojan horse" program consists of two parts: "server" and "controller". It is the "server" part implanted into the seeded computer, and the so-called "hacker" uses the "controller" to enter the computer running the "server". After running the "server" of the Trojan horse program, one or several ports of the planted computer will be opened, so that hackers can use these open ports to enter the computer system, and there will be no guarantee of security and personal privacy
A virus is a piece of computer code attached to a program or file, which can spread among computers. It infects computers as it spreads. Viruses can damage software, hardware and files
virus (n.): code written for the purpose of self replication. The virus attaches to the host program and then attempts to spread between computers. It can damage hardware, software, and information
like human viruses classified by severity (from Ebola virus to common influenza virus), computer viruses can be divided into light and heavy ones, light ones only proce some interference, heavy ones completely destroy equipment. It is gratifying that the real virus will not spread without human operation. It must be moved together by someone sharing the file and sending an email
"Trojan horse" is the full name of Trojan horse, which originally refers to the story of ancient Greek soldiers hiding in the Trojan horse to enter the enemy city and occupy the enemy city. On the Internet, "Trojan horse" means that some programmers (or unscrupulous grooms) contain malicious programs that can control the user's computer system or steal the user's information through e-mail in their downloadable applications, game plug-ins or web pages, which may cause the user's system to be damaged, information lost or even paralyzed< First, the characteristics of Trojan horse
Trojan horse belongs to customer / service mode. It is divided into two parts, client and server. The principle is that one host provides services (server side), and the other host receives services (client side). As a server, the host usually opens a default port to listen. If a client makes a connection request to this port of the server, the corresponding program on the server will run automatically to allow the client's request. This program is called a process
generally, Trojans mainly search for backdoors and steal passwords. Statistics show that the proportion of Trojans in viruses has exceeded a quarter. In recent years, Trojans are dominant and will become more and more serious in the next few years. Trojan horse is a kind of special virus. If it is used as a software, it will be planted on the computer. When surfing the Internet in the future, the control of the computer will be completely handed over to the hacker. He can steal the password, information card number and other confidential information by tracking the keystroke input, and can also track, monitor, control, view and control the computer Modify data and other operations< In the process of using the computer, if you find that: the computer reaction speed has changed significantly, the hard disk is constantly reading and writing, the mouse does not listen, the keyboard is invalid, some of its windows are closed, new windows are inexplicably opened, the network transmission indicator light has been flashing, and no big program is running, However, the system is getting slower and slower, the system resource station is used a lot, or a program is not reflected when it is running (this kind of program is generally not big, from tens to hundreds of K), or the firewall detects that an email is sent when a program is closed... These abnormal phenomena indicate that your computer is infected with trojan virus<
Third, the working principle of Trojan horse and the introction of manual killing
because most players don't know much about security issues, they don't know how to clear the "Trojan horse" in their computer. Therefore, the most important thing is to know the working principle of "Trojan horse", so it will be easy to find "Trojan horse". I believe that after reading this article, you will become a master of "Trojan horse" If you can't be an expert, I suggest you use rubber band to hit the glass of bamboos. Haha)
"Trojan horse" program will try every means to hide itself. The main ways are: hide yourself in the taskbar, which is the most basic, as long as the visible property of form is set to false. If showintaskbar is set to false, the program will not appear in the taskbar when it runs. Invisible in Task Manager: it's easy to disguise yourself by setting programs as "system services"
A. startup group class (that is, the file group that runs when the machine starts)
of course, Trojan horse will start quietly. Of course, you don't expect users to click the "Trojan horse" icon to run the server every time they start (no one will be so stupid, right?)“ Trojan horse "will automatically load the server every time the user starts, and the method of automatically loading the application program when the windows system starts," Trojan horse "will be used, such as: startup group, win.ini, system.ini, registry and so on, which are good places for Trojan horse to hide. Load trojan through win.ini and system.ini. In Windows system, the two system configuration files win.ini and system.ini are stored in the C: Windows directory. You can directly open them in Notepad. We can modify the "load = file. Exe, run = file. Exe" statement in the windows section of win. INI file to achieve the purpose of Trojan automatic loading. In addition, the boot section in system.ini is normally "shell = explorer. Exe" (graphical interface command interpreter of windows system). The following specific talk about "Trojan" is how to automatically load
1. In the win.ini file, under [windows], "run =" and "load =" are possible ways to load "Trojan horse" programs, so we must pay close attention to them. In general, their equal sign is followed by nothing. If you find that the path and file name are not familiar with the startup file, your computer may be on the "Trojan horse". Of course, you have to see clearly, because many "Trojans", such as "aoltrojan Trojan", disguise itself as command.exe file. If you don't pay attention, you may not find that it is not the real system boot file
through the C: windowswinininit.ini file. Many trojan horse programs do some small actions here. This method is often used in the process of file installation. After the program is installed, the file will be executed immediately. At the same time, the original installed file will be deleted by windows. Therefore, the concealment is very strong. For example, in wininit.ini, if the rename section has the following content: nul = C: windowspicture.exe, This statement sends C: windowspicture.exe to nul, which means that the original file pictrue.exe has been deleted, so it is very hidden to run
2. In the system.ini file, there is a "shell = file name" under [boot]. The correct file name should be "explorer. Exe". If it is not "explorer. Exe", but "shell = explorer. Exe program name", then the following program is the "Trojan horse" program, that is to say, you have been in the "Trojan horse"
win.ini and system.ini files can be viewed through "run" in the "start" menu. Just enter "msconfig" in the "run" dialog box and click "OK" Here we must note that if you do not know much about the computer, please do not enter this command or delete the file inside, otherwise you will be responsible for all the consequences and losses. Banzhu and I are not responsible.)
3. Frequently check the files listed below. Trojans may also be hidden in
C: & # 92; windows\ Winstart.bat and C: \ windows\ Winnint.ini, autoexec.bat
b, Registry (registry is the registry, people who know computer know it at a glance)
1, load from the menu. If the automatically loaded files are added directly through customization on the windows menu, they are usually placed in the "start - & gt; Procere - & gt; In Win98 explorer, the location is "C: Windows startup programs startup". When files are loaded automatically in this way, they are usually stored in the following four locations in the registry:
HKEY_ CURRENT_ USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ ShellFolders
HKEY_ CURRENT_ USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ UserS! hellFolders
HKEY_ LOCAL_ MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ explorer\ UserShellFolders
HKEY_ LOCAL_ MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ explorer\ Shell folders
2. In the registry, the situation is the most complicated. Click "hkey-local-machine & # 92; Software\ Microsoft\ Windows\ CurrentVersion\ "Run" directory, check the key value to see if there are any unfamiliar auto start files, the extension is exe, here remember: some "Trojan" program generated files are very similar to the system's own files, want to muddle through by camouflage, such as "Acidbattery v1.0 Trojan", it will register the form "hkey-local-machine & # 92; SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Change the key value of explorer under "run" to "C: &" 92 "; WINDOWS\ expior
a complete "Trojan horse" program consists of two parts: "server" and "controller". It is the "server" part implanted into the seeded computer, and the so-called "hacker" uses the "controller" to enter the computer running the "server". After running the "server" of the Trojan horse program, one or several ports of the planted computer will be opened, so that hackers can use these open ports to enter the computer system, and there will be no guarantee of security and personal privacy
A virus is a piece of computer code attached to a program or file, which can spread among computers. It infects computers as it spreads. Viruses can damage software, hardware and files
virus (n.): code written for the purpose of self replication. The virus attaches to the host program and then attempts to spread between computers. It can damage hardware, software, and information
like human viruses classified by severity (from Ebola virus to common influenza virus), computer viruses can be divided into light and heavy ones, light ones only proce some interference, heavy ones completely destroy equipment. It is gratifying that the real virus will not spread without human operation. It must be moved together by someone sharing the file and sending an email
"Trojan horse" is the full name of Trojan horse, which originally refers to the story of ancient Greek soldiers hiding in the Trojan horse to enter the enemy city and occupy the enemy city. On the Internet, "Trojan horse" means that some programmers (or unscrupulous grooms) contain malicious programs that can control the user's computer system or steal the user's information through e-mail in their downloadable applications, game plug-ins or web pages, which may cause the user's system to be damaged, information lost or even paralyzed< First, the characteristics of Trojan horse
Trojan horse belongs to customer / service mode. It is divided into two parts, client and server. The principle is that one host provides services (server side), and the other host receives services (client side). As a server, the host usually opens a default port to listen. If a client makes a connection request to this port of the server, the corresponding program on the server will run automatically to allow the client's request. This program is called a process
generally, Trojans mainly search for backdoors and steal passwords. Statistics show that the proportion of Trojans in viruses has exceeded a quarter. In recent years, Trojans are dominant and will become more and more serious in the next few years. Trojan horse is a kind of special virus. If it is used as a software, it will be planted on the computer. When surfing the Internet in the future, the control of the computer will be completely handed over to the hacker. He can steal the password, information card number and other confidential information by tracking the keystroke input, and can also track, monitor, control, view and control the computer Modify data and other operations< In the process of using the computer, if you find that: the computer reaction speed has changed significantly, the hard disk is constantly reading and writing, the mouse does not listen, the keyboard is invalid, some of its windows are closed, new windows are inexplicably opened, the network transmission indicator light has been flashing, and no big program is running, However, the system is getting slower and slower, the system resource station is used a lot, or a program is not reflected when it is running (this kind of program is generally not big, from tens to hundreds of K), or the firewall detects that an email is sent when a program is closed... These abnormal phenomena indicate that your computer is infected with trojan virus<
Third, the working principle of Trojan horse and the introction of manual killing
because most players don't know much about security issues, they don't know how to clear the "Trojan horse" in their computer. Therefore, the most important thing is to know the working principle of "Trojan horse", so it will be easy to find "Trojan horse". I believe that after reading this article, you will become a master of "Trojan horse" If you can't be an expert, I suggest you use rubber band to hit the glass of bamboos. Haha)
"Trojan horse" program will try every means to hide itself. The main ways are: hide yourself in the taskbar, which is the most basic, as long as the visible property of form is set to false. If showintaskbar is set to false, the program will not appear in the taskbar when it runs. Invisible in Task Manager: it's easy to disguise yourself by setting programs as "system services"
A. startup group class (that is, the file group that runs when the machine starts)
of course, Trojan horse will start quietly. Of course, you don't expect users to click the "Trojan horse" icon to run the server every time they start (no one will be so stupid, right?)“ Trojan horse "will automatically load the server every time the user starts, and the method of automatically loading the application program when the windows system starts," Trojan horse "will be used, such as: startup group, win.ini, system.ini, registry and so on, which are good places for Trojan horse to hide. Load trojan through win.ini and system.ini. In Windows system, the two system configuration files win.ini and system.ini are stored in the C: Windows directory. You can directly open them in Notepad. We can modify the "load = file. Exe, run = file. Exe" statement in the windows section of win. INI file to achieve the purpose of Trojan automatic loading. In addition, the boot section in system.ini is normally "shell = explorer. Exe" (graphical interface command interpreter of windows system). The following specific talk about "Trojan" is how to automatically load
1. In the win.ini file, under [windows], "run =" and "load =" are possible ways to load "Trojan horse" programs, so we must pay close attention to them. In general, their equal sign is followed by nothing. If you find that the path and file name are not familiar with the startup file, your computer may be on the "Trojan horse". Of course, you have to see clearly, because many "Trojans", such as "aoltrojan Trojan", disguise itself as command.exe file. If you don't pay attention, you may not find that it is not the real system boot file
through the C: windowswinininit.ini file. Many trojan horse programs do some small actions here. This method is often used in the process of file installation. After the program is installed, the file will be executed immediately. At the same time, the original installed file will be deleted by windows. Therefore, the concealment is very strong. For example, in wininit.ini, if the rename section has the following content: nul = C: windowspicture.exe, This statement sends C: windowspicture.exe to nul, which means that the original file pictrue.exe has been deleted, so it is very hidden to run
2. In the system.ini file, there is a "shell = file name" under [boot]. The correct file name should be "explorer. Exe". If it is not "explorer. Exe", but "shell = explorer. Exe program name", then the following program is the "Trojan horse" program, that is to say, you have been in the "Trojan horse"
win.ini and system.ini files can be viewed through "run" in the "start" menu. Just enter "msconfig" in the "run" dialog box and click "OK" Here we must note that if you do not know much about the computer, please do not enter this command or delete the file inside, otherwise you will be responsible for all the consequences and losses. Banzhu and I are not responsible.)
3. Frequently check the files listed below. Trojans may also be hidden in
C: & # 92; windows\ Winstart.bat and C: \ windows\ Winnint.ini, autoexec.bat
b, Registry (registry is the registry, people who know computer know it at a glance)
1, load from the menu. If the automatically loaded files are added directly through customization on the windows menu, they are usually placed in the "start - & gt; Procere - & gt; In Win98 explorer, the location is "C: Windows startup programs startup". When files are loaded automatically in this way, they are usually stored in the following four locations in the registry:
HKEY_ CURRENT_ USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ ShellFolders
HKEY_ CURRENT_ USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Explorer\ UserS! hellFolders
HKEY_ LOCAL_ MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ explorer\ UserShellFolders
HKEY_ LOCAL_ MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ explorer\ Shell folders
2. In the registry, the situation is the most complicated. Click "hkey-local-machine & # 92; Software\ Microsoft\ Windows\ CurrentVersion\ "Run" directory, check the key value to see if there are any unfamiliar auto start files, the extension is exe, here remember: some "Trojan" program generated files are very similar to the system's own files, want to muddle through by camouflage, such as "Acidbattery v1.0 Trojan", it will register the form "hkey-local-machine & # 92; SOFTWARE\ Microsoft\ Windows\ CurrentVersion\ Change the key value of explorer under "run" to "C: &" 92 "; WINDOWS\ expior
4. FTP is just a file transfer protocol. It has nothing to do with Trojans. If you have to get involved, it is possible that someone with ulterior motives will put the Trojan horse on the FTP server.
5. Unknown_Error
6. Computer virus, but hard to kill clean
7. Trojan horse, also known as Trojan horse, is borrowed from the name of the Trojan horse in "Trojan butcher". In ancient Greece, a large army besieged the city of Troy. Someone offered to build a big Trojan horse with a height of two Zhang, pretending to fight the horse God. After several days of attack, it still failed, so it left the Trojan horse and left. The city got the news of the rescue, and got the strange booty of "Trojan horse", and the whole city drank and reveled. At midnight, all the soldiers and civilians in the city fell asleep. The soldiers hidden in the Trojan horse opened the secret gate, swam down the rope, opened the gate, set fire everywhere, and ambushed soldiers outside the city to burn and kill Troy. Later generations call this trojan horse "Trojan horse". Nowadays, the computer term borrows its name, meaning "once entered, there will be endless trouble". In principle, Trojan horse is just a remote management tool like some remote control programs such as PcAnyWhere, and it is neither harmful nor infectious; But it is often regarded as a virus, because if someone uses it improperly, it can be more destructive than a virus
because many novices don't know much about security issues, and because Trojan horse programs have the characteristics of strong concealment, it's not easy to find the existence of Trojan horse and the intrusion of hackers without the help of special monitoring software. Although there are many new anti-virus software on the market can automatically clear the "Trojan horse", but they can't prevent the new "Trojan horse" program, so the most important thing is to know the working principle of the "Trojan horse", so it's easy to find the "Trojan horse", and know how to clear the "Trojan horse" in your computer<
Trojan horse attack principle
Trojan horse attack is the most common attack method of hackers. Therefore, in this chapter, we will use a larger space to introce the attack and defense technology of Trojan horse
the harm of Trojan horse lies in its powerful ability to control and destroy the computer system, steal passwords, control system operations, and perform file operations. Once a computer is implanted by a powerful Trojan horse, the attacker can control the computer as if he were operating his own computer, and remotely monitor all operations on the computer
most of the people who use Trojans are rookie hackers. They often have a short contact with the Internet and are very interested in hacking technology. They want to show it to people and friends, but the attack technology is not high, so they can't take other methods to attack. Therefore, Trojan horse, a semi-automatic fool like and very effective attack software, has become their favorite. With the continuous emergence of domestic Trojan horse, most hackers use Trojan horse to attack. Of course, for those veteran hackers, they do not use Trojans. They usually implant their own Trojans as backdoors when they get a server permission, so that they can easily access the server at any time in the future<
tips
the Trojan horse written by hackers themselves. Generally, antivirus software and Trojan scanning software will not be considered as Trojan horse or virus, which has great harm<
1. Classification of Trojans
common Trojans can be divided into the following nine categories:
(1) destructive type
the only function of these Trojans is to destroy and delete files. They are very simple and easy to use. It can automatically delete the DLL, ini,
exe files on the target machine, so it is very dangerous. Once infected, it will seriously threaten the security of the computer. However, ordinary hackers will not do such meaningless and pure
sabotage unless you have a grudge against him
(2) password sending type
this trojan can find the hidden password of the target machine, and send them to the designated mailbox without the victim's knowledge. Some people
like to store their passwords in the form of files in the computer, which is convenient; Some people like to use the password memory function provided by windows, so that they don't have to input the password every time. This kind of Trojans just use this point to obtain the password of the target machine. Most of them will
re run every time they start windows, and use port 25 to send e-mail. If the target machine has a hidden password, these Trojans are often dangerous
(3) remote access type
this kind of Trojan is the most widely used Trojan, it can remotely access the hard disk of the attacker. As long as someone runs the server program and the client knows the IP address of the server by scanning, remote control can be realized
of course, this kind of remote control can also be used in the right way, such as the teacher monitoring all the students' operations on the machine
the remote access Trojan horse will open a port on the target computer, and some Trojans can also change the port, set the connection password, etc., so that only the hacker can control the Trojan horse himself
the option of changing the port is very important, because the listening port of some common Trojans has been well known. Only when the port is changed, will there be greater
concealment< (4) keyboard logging Trojan horse
this trojan horse is very simple. They only do one thing, that is, record the victim's keystrokes and find the password in the log file, and start with
windows. They have the option of online and offline recording, which can record the keystrokes when you hit the keyboard when you are online or offline. In other words, hackers can know what keystrokes you have pressed from the records, and it is easy to get your password and other useful information, even your credit card account number! Of course, for this type of Trojan, many have the function of sending e-mail, which will automatically send the password to the mailbox designated by the hacker
(5) DoS attack Trojan horse
with the more and more extensive application of DoS attack, Trojan horse used as DoS attack is becoming more and more popular. When a hacker invades a machine and plants a DoS attack Trojan horse on it, the computer will become the most effective assistant of the hacker in the future. The more the number of broilers controlled by hackers, the greater the probability of success of DoS attack. Therefore, the harm of this kind of Trojan horse is not reflected in the infected computer, but in the hacker's use of
it to attack one computer after another, causing great damage and loss to the network
there is also a DOS like Trojan called mail bomb Trojan. Once the machine is infected, the Trojan will randomly generate letters with various topics and send mail to a specific mailbox until the other party is paralyzed and unable to accept the mail
(6) FTP Trojan horse
this kind of Trojan horse may be the simplest and oldest one. Its only function is to open port 21 and wait for users to connect. Now the new FTP Trojan
also adds a password function, so that only the attacker can know the correct password and enter the other party's computer
(7) rebound port Trojan
after analyzing the characteristics of firewall, Trojan developers found that the firewall often carries out very strict filtering for the incoming links, but neglects to prevent the outgoing links. On the contrary, the server (controlled side) of rebound port Trojan uses active port, and the client (controlled side) uses passive port. The Trojan regularly monitors the existence of the control end, and finds that the control end pops up immediately when it is online, and actively connects with the passive
port opened by the control end; For the sake of concealment, the passive port of the control side is usually set at 80. Even if the user uses the scanning software to check his own port and finds a situation similar to TCP
userip: 1026 controller IP: 80 established, if he neglects a little, he will think that he is browsing the web page, because he will open port 80 when browsing the web page
(8) proxy Trojan horse
it is very important for hackers to cover up their footprints while invading, and guard against others finding their own identity. Therefore, it is the most important task of proxy Trojan horse to breed the controlled broilers with
proxy Trojan horse and make it a springboard for attackers to launch attacks. Through proxy Trojan, attackers can use Telnet, ICQ, IRC and other programs anonymously to hide their tracks
(9) program killer Trojan
although the Trojan functions above are various, it is necessary to pass the anti Trojan software to play its role on the other machine. The popular anti Trojan softwares are ZoneAlarm, Norton Anti virus, etc. The function of program killer Trojans is to shut down such programs running on the other machine, so that other Trojans can play a better role
prompt
(8) and (9) the two types of Trojans are actually the functions that other types of Trojans may have. For example, many remote access Trojans can make
use the proxy server to connect to the meat machine, and when connecting to the meat machine, first check that the other party has not opened the firewall. If there is, kill the process,
this is more concive to hackers to hide their identity, so as to achieve the purpose of remote control< As we know, most Trojans have two executive programs: client and server. The client is used by attackers to remotely control the Trojan embedded computer. The server program is what we usually call Trojan program. If an attacker wants to attack the computer system through Trojan, the first step is to implant the Trojan's server-side program into the attacked computer
prompt
pay attention to the name of the client and server side of the Trojan horse. The machine with the Trojan horse is called the server side, while the hacker controlled side is called the client side
at present, the main way of Trojan invasion is to implant the Trojan execution file into the attacker's computer system through certain methods, such as sending by email, downloading files, browsing web pages, etc., and then mislead the attacker to open the execution file through certain prompts, such as lying that the Trojan execution file is a friend's greeting card file, When the user opens the file without any precaution, the picture of greeting card does appear, but at this time, the Trojan may have been running quietly in the background
why don't users find their hosts running Trojan horse programs
this is mainly because the executable files of Trojans are generally very small, and the maximum size is only tens of K. Therefore, if the Trojan is tied to other normal files, it is difficult to find. Some websites provide software downloads that are often bundled with Trojan files. When these downloaded files are executed, Trojan horses also run
after the Trojan horse is implanted into the host, it will generally send the information of the host, such as the IP address of the host and the port of the Trojan horse implantation, to the attacker in a certain way. Only with this information can the attacker cooperate with the Trojan horse to control the attack on the host
because any Trojan horse has a server program, in order to remotely control a target machine, it is necessary to send the server program to the target machine and trick the target machine to execute the program. This is an important step in remote control with Trojan horse, and it is also very skillful
because many novices don't know much about security issues, and because Trojan horse programs have the characteristics of strong concealment, it's not easy to find the existence of Trojan horse and the intrusion of hackers without the help of special monitoring software. Although there are many new anti-virus software on the market can automatically clear the "Trojan horse", but they can't prevent the new "Trojan horse" program, so the most important thing is to know the working principle of the "Trojan horse", so it's easy to find the "Trojan horse", and know how to clear the "Trojan horse" in your computer<
Trojan horse attack principle
Trojan horse attack is the most common attack method of hackers. Therefore, in this chapter, we will use a larger space to introce the attack and defense technology of Trojan horse
the harm of Trojan horse lies in its powerful ability to control and destroy the computer system, steal passwords, control system operations, and perform file operations. Once a computer is implanted by a powerful Trojan horse, the attacker can control the computer as if he were operating his own computer, and remotely monitor all operations on the computer
most of the people who use Trojans are rookie hackers. They often have a short contact with the Internet and are very interested in hacking technology. They want to show it to people and friends, but the attack technology is not high, so they can't take other methods to attack. Therefore, Trojan horse, a semi-automatic fool like and very effective attack software, has become their favorite. With the continuous emergence of domestic Trojan horse, most hackers use Trojan horse to attack. Of course, for those veteran hackers, they do not use Trojans. They usually implant their own Trojans as backdoors when they get a server permission, so that they can easily access the server at any time in the future<
tips
the Trojan horse written by hackers themselves. Generally, antivirus software and Trojan scanning software will not be considered as Trojan horse or virus, which has great harm<
1. Classification of Trojans
common Trojans can be divided into the following nine categories:
(1) destructive type
the only function of these Trojans is to destroy and delete files. They are very simple and easy to use. It can automatically delete the DLL, ini,
exe files on the target machine, so it is very dangerous. Once infected, it will seriously threaten the security of the computer. However, ordinary hackers will not do such meaningless and pure
sabotage unless you have a grudge against him
(2) password sending type
this trojan can find the hidden password of the target machine, and send them to the designated mailbox without the victim's knowledge. Some people
like to store their passwords in the form of files in the computer, which is convenient; Some people like to use the password memory function provided by windows, so that they don't have to input the password every time. This kind of Trojans just use this point to obtain the password of the target machine. Most of them will
re run every time they start windows, and use port 25 to send e-mail. If the target machine has a hidden password, these Trojans are often dangerous
(3) remote access type
this kind of Trojan is the most widely used Trojan, it can remotely access the hard disk of the attacker. As long as someone runs the server program and the client knows the IP address of the server by scanning, remote control can be realized
of course, this kind of remote control can also be used in the right way, such as the teacher monitoring all the students' operations on the machine
the remote access Trojan horse will open a port on the target computer, and some Trojans can also change the port, set the connection password, etc., so that only the hacker can control the Trojan horse himself
the option of changing the port is very important, because the listening port of some common Trojans has been well known. Only when the port is changed, will there be greater
concealment< (4) keyboard logging Trojan horse
this trojan horse is very simple. They only do one thing, that is, record the victim's keystrokes and find the password in the log file, and start with
windows. They have the option of online and offline recording, which can record the keystrokes when you hit the keyboard when you are online or offline. In other words, hackers can know what keystrokes you have pressed from the records, and it is easy to get your password and other useful information, even your credit card account number! Of course, for this type of Trojan, many have the function of sending e-mail, which will automatically send the password to the mailbox designated by the hacker
(5) DoS attack Trojan horse
with the more and more extensive application of DoS attack, Trojan horse used as DoS attack is becoming more and more popular. When a hacker invades a machine and plants a DoS attack Trojan horse on it, the computer will become the most effective assistant of the hacker in the future. The more the number of broilers controlled by hackers, the greater the probability of success of DoS attack. Therefore, the harm of this kind of Trojan horse is not reflected in the infected computer, but in the hacker's use of
it to attack one computer after another, causing great damage and loss to the network
there is also a DOS like Trojan called mail bomb Trojan. Once the machine is infected, the Trojan will randomly generate letters with various topics and send mail to a specific mailbox until the other party is paralyzed and unable to accept the mail
(6) FTP Trojan horse
this kind of Trojan horse may be the simplest and oldest one. Its only function is to open port 21 and wait for users to connect. Now the new FTP Trojan
also adds a password function, so that only the attacker can know the correct password and enter the other party's computer
(7) rebound port Trojan
after analyzing the characteristics of firewall, Trojan developers found that the firewall often carries out very strict filtering for the incoming links, but neglects to prevent the outgoing links. On the contrary, the server (controlled side) of rebound port Trojan uses active port, and the client (controlled side) uses passive port. The Trojan regularly monitors the existence of the control end, and finds that the control end pops up immediately when it is online, and actively connects with the passive
port opened by the control end; For the sake of concealment, the passive port of the control side is usually set at 80. Even if the user uses the scanning software to check his own port and finds a situation similar to TCP
userip: 1026 controller IP: 80 established, if he neglects a little, he will think that he is browsing the web page, because he will open port 80 when browsing the web page
(8) proxy Trojan horse
it is very important for hackers to cover up their footprints while invading, and guard against others finding their own identity. Therefore, it is the most important task of proxy Trojan horse to breed the controlled broilers with
proxy Trojan horse and make it a springboard for attackers to launch attacks. Through proxy Trojan, attackers can use Telnet, ICQ, IRC and other programs anonymously to hide their tracks
(9) program killer Trojan
although the Trojan functions above are various, it is necessary to pass the anti Trojan software to play its role on the other machine. The popular anti Trojan softwares are ZoneAlarm, Norton Anti virus, etc. The function of program killer Trojans is to shut down such programs running on the other machine, so that other Trojans can play a better role
prompt
(8) and (9) the two types of Trojans are actually the functions that other types of Trojans may have. For example, many remote access Trojans can make
use the proxy server to connect to the meat machine, and when connecting to the meat machine, first check that the other party has not opened the firewall. If there is, kill the process,
this is more concive to hackers to hide their identity, so as to achieve the purpose of remote control< As we know, most Trojans have two executive programs: client and server. The client is used by attackers to remotely control the Trojan embedded computer. The server program is what we usually call Trojan program. If an attacker wants to attack the computer system through Trojan, the first step is to implant the Trojan's server-side program into the attacked computer
prompt
pay attention to the name of the client and server side of the Trojan horse. The machine with the Trojan horse is called the server side, while the hacker controlled side is called the client side
at present, the main way of Trojan invasion is to implant the Trojan execution file into the attacker's computer system through certain methods, such as sending by email, downloading files, browsing web pages, etc., and then mislead the attacker to open the execution file through certain prompts, such as lying that the Trojan execution file is a friend's greeting card file, When the user opens the file without any precaution, the picture of greeting card does appear, but at this time, the Trojan may have been running quietly in the background
why don't users find their hosts running Trojan horse programs
this is mainly because the executable files of Trojans are generally very small, and the maximum size is only tens of K. Therefore, if the Trojan is tied to other normal files, it is difficult to find. Some websites provide software downloads that are often bundled with Trojan files. When these downloaded files are executed, Trojan horses also run
after the Trojan horse is implanted into the host, it will generally send the information of the host, such as the IP address of the host and the port of the Trojan horse implantation, to the attacker in a certain way. Only with this information can the attacker cooperate with the Trojan horse to control the attack on the host
because any Trojan horse has a server program, in order to remotely control a target machine, it is necessary to send the server program to the target machine and trick the target machine to execute the program. This is an important step in remote control with Trojan horse, and it is also very skillful
8. How does Trojan horse invade
generally, Trojan horse has two executive programs: client and server. The client is the machine used by the attacker to control the Trojan horse remotely, and the server program is the Trojan horse program. The attacker wants to attack your system through the Trojan horse. The first step he does is to implant the server-side program of the Trojan horse into your computer
at present, the main way of Trojan horse intrusion is to get the Trojan execution file into the computer system of the attacker through certain methods, such as e-mail, download, etc., and then mislead the attacker to open the execution file through certain prompts, such as deliberately falsely claiming that it is a Trojan horse execution file and that your friend sent you a greeting card, There is a picture of greeting cards, but at this time, the Trojan horse may have been quietly running in your background
the general Trojan execution file is very small, large to a few K to dozens of K, if the Trojan is bound to other normal files, it is difficult to find, so, some websites provide software download is often bundled with Trojan files, when you execute these downloaded files, you also run the Trojan
Trojans can also be implanted through script, ActiveX, ASP and CGI interactive scripts. Because Microsoft's browser has some loopholes in executing script scripts, attackers can use these loopholes to transmit viruses and Trojans, or even directly control the browser's computer, Not long ago, there was an HTML page that used Microsoft scripts script vulnerability to format the browser's hard disk. If the attacker has a way to upload the Trojan execution file to an executable www folder of the attacking host, he can execute the Trojan directory on the attacking host by programming CGI program
Trojan horse can also take advantage of some loopholes in the system, such as Microsoft's famous IIS server overflow vulnerability. Through an iishack attack program, the IIS server is crashed, and the remote Trojan execution file is executed on the attack server at the same time
How can a Trojan horse send the information of an invading host to an attacker
after the Trojan horse is implanted into the attacking host, it will generally send the information of the invading host, such as the IP address of the host and the embedded port of the Trojan horse, to the attacker in a certain way, so that the attacker can cooperate with the Trojan horse to control the attacking host
in the early Trojans, most of the information about the intruded host is told to the attacker by sending e-mail. Some Trojan files simply notify the attacker of all the passwords of the host in the form of e-mail, so that the attack can obtain some important data without directly connecting to the attacking host, such as GOP Trojan attacking OICQ password
using e-mail is not the best choice for attackers, because if a Trojan horse is found, the attacker can be found through the e-mail address. Now, some Trojans send UDP or ICMP packets to notify attackers.
generally, Trojan horse has two executive programs: client and server. The client is the machine used by the attacker to control the Trojan horse remotely, and the server program is the Trojan horse program. The attacker wants to attack your system through the Trojan horse. The first step he does is to implant the server-side program of the Trojan horse into your computer
at present, the main way of Trojan horse intrusion is to get the Trojan execution file into the computer system of the attacker through certain methods, such as e-mail, download, etc., and then mislead the attacker to open the execution file through certain prompts, such as deliberately falsely claiming that it is a Trojan horse execution file and that your friend sent you a greeting card, There is a picture of greeting cards, but at this time, the Trojan horse may have been quietly running in your background
the general Trojan execution file is very small, large to a few K to dozens of K, if the Trojan is bound to other normal files, it is difficult to find, so, some websites provide software download is often bundled with Trojan files, when you execute these downloaded files, you also run the Trojan
Trojans can also be implanted through script, ActiveX, ASP and CGI interactive scripts. Because Microsoft's browser has some loopholes in executing script scripts, attackers can use these loopholes to transmit viruses and Trojans, or even directly control the browser's computer, Not long ago, there was an HTML page that used Microsoft scripts script vulnerability to format the browser's hard disk. If the attacker has a way to upload the Trojan execution file to an executable www folder of the attacking host, he can execute the Trojan directory on the attacking host by programming CGI program
Trojan horse can also take advantage of some loopholes in the system, such as Microsoft's famous IIS server overflow vulnerability. Through an iishack attack program, the IIS server is crashed, and the remote Trojan execution file is executed on the attack server at the same time
How can a Trojan horse send the information of an invading host to an attacker
after the Trojan horse is implanted into the attacking host, it will generally send the information of the invading host, such as the IP address of the host and the embedded port of the Trojan horse, to the attacker in a certain way, so that the attacker can cooperate with the Trojan horse to control the attacking host
in the early Trojans, most of the information about the intruded host is told to the attacker by sending e-mail. Some Trojan files simply notify the attacker of all the passwords of the host in the form of e-mail, so that the attack can obtain some important data without directly connecting to the attacking host, such as GOP Trojan attacking OICQ password
using e-mail is not the best choice for attackers, because if a Trojan horse is found, the attacker can be found through the e-mail address. Now, some Trojans send UDP or ICMP packets to notify attackers.
Hot content