spyeye trojan

One: Frame hanging horse Where the "address" can enter a malicious Web site links, etc. Two: js file hanging Horse As long as the JS file, can be maliciously modified to be linked to malicious code, generally quoted by the entire station JS code is most likely to be linked to the Trojan, detection we can see the JS code on the left or below, the bad guys like the malicious code and normal code between a lot of space or return to hide, So to see more

This paper describes the implementation process of the file transfer method of the Trojan Horse under Delphi, and the concrete steps are as follows: Server-side code: Unit serverfrm; Interface uses Windows, Messages, sysutils, variants, Classes, Graphics, Controls, Forms, Dialogs, Comctrls, Stdctrls, Extctrls,winsock; Type Tfrmmain = Class (Tform) Panel1:tpanel; Label1:tlabel; Edtport:tedit; Panel2:tpanel; Stabar:tstatusbar; Savedia

The server was found to be planted a lot of Trojans, but also let people wantonly use ... NNDthe use of the method is also very simple, the local commit file point to the commit file, the inside of the PHP code will be executedThis is the only record, PHP must be a good filter system. Be sure to handle the uploaded stuff.nginx Upload Vulnerability and discuz vulnerability handlingDue to the early version of Nginx, at least I am in the 0.9.X version of the bug still exists, resulting in processed

Copy Code code as follows: /* +--------------------------------------------------------------------------+ | Codz by indexphp version:0.01 | | (c) 2009 indexphp | | http://www.indexphp.org | +--------------------------------------------------------------------------+ */ /*===================== Program Configuration =====================*/ $dir = ' CMS '; Set the directory to scan $jumpoff =false;//Set the file to skip checking $jump = ' safe.php|g '; This setting is valid when yo

A word to find a PHP trojan The code is as follows Copy Code # Find./-name "*.php" |xargs egrep phpspy|c99sh|milw0rm|eval\ (gunerpress|eval\ (BASE64_DECOOLCODE|SPIDER_BC) > Tmp/php.txt# grep-r--include=*.php ' [^a-z]eval ($_post '. >/tmp/eval.txt# grep-r--include=*.php ' file_put_contents (. *$_post\[.*\]); >/tmp/file_put_contents.txt# Find./-name "*.php"-type f-print0 | xargs-0 egrep "(Phpspy|c99sh|milw0rm|eval\ (gzuncomp

Copy Code code as follows: * * A new PHP word Cmdshell (not a word trojan) Principle: PHP Runtime if meet the character ' (keyboard ~ symbol of the next key) will always try to execute the "" contained in the command, and return the results of the command execution (string type); Limitations: The signature is more obvious, "the symbol is rarely used in PHP, anti-virus software is very easy to scan the signature and alarm;" ' Inside Can not exec

"Download antivirus Software" 1, mobile phone poisoning The first thing we are downloading installation 360 housekeeper or other mobile phone housekeeper, and then to kill the virus. "For Antivirus" 1, open the download good housekeeper, you can find the "virus killing" this function 2, the use of anti-virus software, we can carry out the killing virus, this and computer as simple. "Safe Mode Antivirus" 1, if the poisoning can not be installed on the software, we can try to press and hold

scheduled Tasks[Email protected] ~]# crontab-u root-l[Email protected] ~]# Cat/etc/crontab[Email protected] ~]# ls/etc/cron.*9) Check the system back door[Email protected] ~]# Cat/etc/crontab[Email protected] ~]# ls/var/spool/cron/[Email protected] ~]# cat/etc/rc.d/rc.local[Email protected] ~]# LS/ETC/RC.D[Email protected] ~]# LS/ETC/RC3.D10) Check System services[Email protected] ~]# chkconfig-list[[email protected] ~]# rpcinfo-p (view RPC service)11) Check for rootkits[Email protected] ~]# rk

The phpeval function uses a Trojan code. The phpeval function uses the one-sentence Trojan code, which is a common one-sentence Trojan code in php. The post Trojan program is used to implant the Trojan. The eval () function calculates the string according to the PHP code. Ph

Principle of writing original socket Trojan Based on sniffing Principle Author: refdom First, let's talk about the features and functions of existing Trojans. Early Trojans were generally based on TCP connections, and their viability is very limited because connection-based Trojans are easily intercepted or discovered. Then there are Trojans that are hidden by changing the protocol, such as using UDP or ICMP or other protocols. Of course, these pr

"Cloud security" we are no longer unfamiliar, with 360 security guards 6.0, Jinshan Shell 1.0, we have officially entered the "cloud security" era. 　　Then these manufacturers blown marvellous "cloud killing", whether really can replace the traditional anti-virus software, I believe the following article will bring you the answer. In fact, the industry does not have a uniform standard for the definition of "cloud security". In general, foreign manufacturers often through the "cloud" (ie, the Inte

A few days ago, rising released a report: a total of 83119 Trojan viruses were intercepted in the first half of this year, accounting for 62% of the total number of viruses during the same period. Viruses with Trojan Behavior Characteristics, it accounts for more than 80% of the total current viruses. Trojan viruses have become the biggest threat to Internet secu

Kaspersky found Triada, the most threatening Android Trojan so far Kaspersky Lab experts have detected the latest Android trojan named Triada, which is the most threatening mobile Trojan Detected so far.Triada: specializes in financial fraudKaspersky Lab malware researchers recently discovered a new Trojan virus, Triad

Rootkit Trojan: hiding the peak of Technological Development Since the "ghost of the World" pioneered the DLL Trojan age, the DLL Trojan and malicious programs used for thread injection have It can be seen everywhere that apart from the widely used DLL loader program to run and load the DLL entity in the startup item, the "cover letter" also includes It is a rare

Basic hiding: invisible forms + hidden files TrojanProgramNo matter how mysterious, it is still a program on the Win32 platform. There are two common programs in Windows: 1. Win32 applications, such as QQ and office, all belong to this column. 2. Win32 console Program (Win32 console), such as hard disk boot fixmbr. Among them, Win32 applications usually have an application interface. For example, the "Calculator" in the system provides an application interface with various digital butt

1. Name: How to make picture ASP Trojan Horse (can display picture) Build an ASP file, content for Find a normal picture ating.jpg, insert a word trojan (such as Ice Fox), with UltraEdit Hex compiled, inserted in the picture, for Run successfully, but also search 2. Name: Tricky Internet café First use the Elite Internet access tool to get user name and password, and then use Computer Management to connec

there are less than one months to rekindle the four-year-old World Cup, but the negative news from the World Cup in Brazilbut it's continuous .. According to the news, the World Cup is not only faced with the Brazilian people protest, the stadium can not be delivered on time and other adverse conditions, but also beware of various " poison ", For example, the growing drug trafficking in Brazil and the toxic chemicals on the World Cup shirt and sneakers will make the World Cup face Stern oftest.

Analysis on the principle of bitcoin theft in one Trojan walletRecently, bitcoin security problems have occurred frequently. I wanted to find a wallet to steal bitcoin for analysis. At this time, the user smtp posted a post on the B forum to reveal the LTC Trojan wallet, I also provided an LTC Trojan wallet sample. I reverse the

When further intrusion into the server, the uploaded files will be filtered out by the server, and the uploaded WEBSHLL will not run! Take the minimal blue screen ASP Trojan as an example! Make the following changes. The original code is % executerequest (cmd) %. Replace the label with scriptlanguageVBScriptrunatserverexecuterequest (cmd) Script. When further intrusion into the server, the uploaded files will be filtered out by the server, and the upl

The trojan program tries its best to hide itself. The main ways are to hide itself in the taskbar. This is the most basic thing if you set the visible attribute of form to false and showintaskbar to false, when the program runs, it will not appear in the taskbar. Stealth in Task Manager: setting a program as a "system service" can easily disguise itself. Of course, it will also start quietly, and you certainly won't expect the user to click the "