How do I prevent. jpg Trojans?

Source: Internet
Author: User

. Net Trojan is currently very strong,

This trojan is made by a. NET program. If your server supports. NET, you should pay attention to it. The function of entering the trojan is IIS Spy.

Click to view the physical paths of all sites. A lot of people have mentioned this before, but no one has answered the question ..

Defense method:

"% SystemRoot %/ServicePackFiles/i386/activeds. dll
"% SystemRoot %/system32/activeds. dll
"% SystemRoot %/system32/activeds. tlb

Search for these two files, remove the USER group and POWERS group, and retain only the permissions of administrators and system .. If there are other groups

Remove all .. This prevents this trojan from listing the physical paths of all sites...

The ASP program hits a uploaded image at the nearest point. If the uploaded image file gives the iisexecutable privilege, the Program uploads the image to .jpg.

Can also execute ASP Trojans. Haha
The upload format is xxx.asp;_200.jpg.
Upload is uploaded in the format of .jpg, but there is. asp in the middle. This can also execute scripts, which should also be a BUG in IIS.

Solution:
1. The directory that can be uploaded does not allow IIS to execute scripts.
2. Use other software with file protection to prevent *. asp; *. jpg from writing files.
3. All directories can be read. If the written folder is in IIS, change the script to none. If there are no friends on the server

That's no way, unless you can coordinate the Space Provider to help you with these operations.

Change ASP Trojan to a file with the suffix JPG, upload it to the website, and restore the JPG format to ASP Trojan by backing up the database. To control the website. Generally, if you only upload an ASP trojan in JPG format, it will not be damaged.
If you have followed the recent news, you will surely find that there is a vulnerability that has become more frequently accessed. That's right, it's Microsoft's latest JPEG image Vulnerability (Ms04-028 ).

Do not misunderstand that the JPEG file is faulty. In fact, it is not a problem with the JPEG format itself. You can only blame Microsoft programmers, it turns out that a buffer overflow problem for parsing malformed JPEG files is found on the operating system's GDI + component. This vulnerability involves a wide range of areas and causes great harm. The user is infected when Browsing Images in various ways and allows his or her machine to run other malicious code, including the Code of various viruses and illegal controls, this causes illegal intrusion of Trojans and worms into local computers.

Next I will teach you how to use the JPEG vulnerability to create an image Trojan, which can be used to send the image Trojan to the Forum, as long as someone else browses the post, it will be a Trojan. Only by understanding the attack principles can we take measures in an orderly manner.

First, we recommend a relatively simple tool for making image Trojans-JPG Trojan generator (JPEG Downloader ). Before creating a configuration file, we first use the Trojan server to generate a configuration file and upload it to our home page.

Run the JPG Trojan generator directly. A dialog box will pop up asking you to enter a file name. This file is the trojan file we Just configured. Select the trojan file configured in the Wizard to generate a file named mypicture.jpg in this directory, which is our main character.

Then select a forum, post, add the file address in the content (of course, the file address in your home page space), and give a tempting name, next, let's wait for others to invest in the Internet.

Postscript

The JPEG vulnerability tested only works for Windows XP SP1 and Windows 2003, but does not work for all versions of Windows 2000.

Microsoft official vulnerability repair solutions Co., http://www.microsoft.com/china/security/Bulletins/200409_jpeg.mspx.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.