Be alert and use an e-book to secretly launch an attack

Erratic

Those who like reading books on their computers must be very familiar with e-book files. It is very convenient to collect and read e-books. Currently, we have only one file for e-books in the CHM and exe formats, but it is actually a combination of many web files, an e-book is a webpage file. When it comes to webpage attacks, we are most afraid of webpage Trojans. Yes, this is the most popular attack method, which makes countless computers a zombie for hackers. Since e-books are composed of web files, it is not difficult for hackers to insert web Trojans into e-books. Let's take a look at this dangerous e-book Trojan and its prevention methods.

Create an e-book Trojan

Creating an e-book Trojan is very simple. You only need to use an ordinary e-book production software. Here we will demonstrate the process of creating an e-book Trojan. The tools we need to prepare are as follows:
1. Trojan: Because the trojan is dangerous, we use NOTEPAD. EXE as the trojan program.
2. QuickCHM: A good e-book production software that can be used to create and decompile e-book files.
3. One ebook
When we are ready, we start to create an e-book Trojan. First, run QuickCHM, click "file" on the menu bar, select "decompile", and click "input" in the "decompile" dialog box to browse and select the prepared e-book file, next, select the location of the decompiled file and click "OK" (figure 1 ).
Copy notepad.exeto the archive folder behind The Decompilation, and create a new webpage file muma.htm under this folder. The content is:
<HTML>
<HEAD>
<Meta http-equiv = "refresh" content = "3366url1_index.htm">
</HEAD>
<BODY>
<OBJECT Width = 0 Height = 0 style = "display: none;" TYPE = "application/x-oleobject" CODEBASE = "NOTEPAD. EXE">
</OBJECT>
</BODY>
</HTML>
In this example, index.htm is the homepage of the ebook, and the "CODEBAS" parameter is followed by the trojan file name.
In the decompiled file, we can find a file suffixed with. hhp. This is the configuration file of this e-book. We need to modify this configuration file and insert the trojan program into the e-book. Modify and save the changes (figure 2 ).
Run QuickCHM again, click "file" menu> "open", browse and select. hhp is a configuration file with a suffix. Click the "compile" button on the toolbar. If no error occurs, an e-book with a Trojan will be created. Let's take a look at the effect of the e-book Trojan. Double-click the compiled Trojan e-book and the text document program will pop up immediately. No exception is found on the e-book homepage, it can be seen that e-book Trojans are very harmful.

Attack and prevention, and elimination of e-book Trojans

Although the e-book Trojan is similar to a webpage Trojan, it is different from a webpage Trojan. The webpage trojan uses the IE browser vulnerability. If the system patch is installed, the webpage Trojan will be used up. However, e-book trojans do not need to be exploited, but are executed directly. Therefore, they are much more dangerous than webpage Trojans. How can they be prevented?
1. Timely upgrade of anti-virus software: anti-virus software is always our best partner. Even if there is a trojan in the ebook, it will be blocked by anti-virus software while running. Of course, we need to enable the anti-virus software firewall function.
2. Download e-books from a secure website: To download e-books, you must download them from a website you are familiar with. This avoids downloading e-books with Trojans to the greatest extent possible.
3. decompilation of e-book files: If you like an e-book very much but are afraid of Trojans, you can use QuickCHM for decompilation to find out whether Trojans exist in the e-book. In addition, we can also use decompilation to clear Trojans in e-books and make them healthy.