The secrets of World of Warcraft theft Trojan principle

Source: Internet
Author: User
Tags require safe mode

1. Infection

Thieves generally put the theft Trojan on the Web page, or the use of the Web page of the JS script, ActiveX Plug-ins and other functions to download the Trojan to the user's computer, a bit stronger also the Trojan bound to the picture, animation, video, and then coax users to click. There is the Trojan bound to some programs, especially the plug-in program. Even a lot of external program itself is stolen Trojan horse. In the Recruit users, is generally browsing some gossip site, was tempted to click on some pictures, animations, videos, or run some unknown program.

2. Latent and activation

Now the new Trojan will write its own function module (or its own program code) into Windows system files, such as resource Manager EXPLORER.EXE, sound card, graphics driver, etc., so lurking down. And even if it is safe mode, a boot Trojan will be loaded by XP system, more than before the Trojan by modifying the registry to start loading more clever. The trojan was activated when it was loaded. Now the new Trojan, after activation is not a separate memory process, to view the memory process is not see it. So where does it hide??? It injected itself into the normal process of the system SVCHOST.EXE, XP system has at least 5 SVCHOST.EXE process, is responsible for the user's Internet function (do not casually close these processes oh, will not be on the net drip), the Trojan casually find a process can hide in. This article is from http://bianceng.cn

3. Surveillance and theft

The Trojan monitors the user's activity, monitors the specific process of the user's computer memory----such as the WOW.EXE of the Game program (World of Warcraft), and records the user's account, password and other information entered in the process. Most Trojans will secretly actively connect to the network and send out recorded information, but this is easy to be found by some anti-virus software and firewalls. So there are some clever design of the Trojan it will quietly wait until received the order of the thieves will be the record of the information sent out. In any case, the user's account number, password is stolen by the hands of the person.

4. Trojan Fraud Secret security card

For the user who has tied the card, the thief has stolen the account number, the password is still useless. What Would a thief do? Trojan + deception. First look at the deception, with false winning information fraud is a common means, what else discount recharge, leveling and so on, the purpose is to deceive users to say that the thieves want the secret card random password, and then log in to Rob, and so kicked off the user again to login up, the body has been naked (around less than a minute). Look at the Trojan Horse, in World of Warcraft as an example, said that the thief is how to tie the secret card to steal the account number. Thieves use the stolen account number, password login to 9C account Management Center, change the password, and then choose to change the secret card. To change the card first enter the original secret card three sets of passwords. So the thieves issued instructions to the Trojan, when the secret card users will play the game when the sudden drop line (not off the telecom and 9C, is a Trojan ghost), and then appear to require users to enter the security card on the three group of password prompts, and this input secret card password interface is Trojan program out, not the game program, But because it is really the same, the general user is difficult to distinguish between true and false, and require the input of the three sets of passwords is .... Unknown number of users, confusedly entered the secret card password, the result is that the thief with his hand on the secret card replacement binding this account, the account thoroughly easy master. But the number of thieves will not lose money, with the secret card binding account, how it is also worth a few dollars, not the money who will go to tie.

How is the security number?

1, tried, do not be tempted to click the unknown connection, do not visit those assorted sites, do not use Plug-ins.

2, anti-virus software + firewall, secret card is still essential, can greatly reduce the chance of your stolen number.

3, vigilance, in case of being cheated. Now many online games have launched a secret card, to be wary of various scams, especially to your secret card random password.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.