In the past six months, from the "pandatv burning incense" in the media, to the latest "avterminator", the media, the public, and the Internet are so popular, so powerful, I just downloaded it silently, studied it, classified it, and finally concluded that such things have no technology at all!
1. Starting from the way of Infection: Apart from webpage downloads (including compressed packages or program packages) and removable disks (commonly known as USB flash drives), there is almost no third infection path.
2. Starting from the source of infection: in addition to some hidden methods, almost all others inject dynamic web pages.
3. From infected people: almost all people do not apply Microsoft updates and do not have good security awareness.
The above three points are described in detail below.
1. The AUTORUN method is used almost without exception, and the source code is very uniform:
[AutoRun]
Open‑setup.exe
Shellexecuteappssetup.exe
Shellopen (&o=command;setup.exe
Shellexecuteappssetup.exe
Shellresource manager (&o;command;setup.exe
In a joke, if I write this thing, I must make a very vivid icon, and then I will easily add a line:
Icon = XXXX. ico
Even if you do it, do it well. Don't be too technical.
But what? Our dear authors, however, are simply plagiarized and not enterprising. Even the simple things I have said are not realized. We can see that the quality and ability of the authors are extremely low.
[Content navigation] |
Page 1: are the popular viruses and Trojans so powerful today? |
Page 1: are the popular viruses and Trojans so powerful today? |
Page 1: are the popular viruses and Trojans so powerful today? |
|