No intruder intrusion, fake Trojan camouflage seven meters

Trojan programs are generally divided into client programs and server-side programs in two parts, client programs for remote control of the computer. The server-side program, however, is hidden to the remote computer, receiving and executing the commands issued by the client program. So when a hacker controls a remote computer over the network, the first step is to implant the server program on the remote computer.

In order to allow users to execute Trojan, hackers often through a variety of ways to camouflage it, this disguise is that we say the Trojan skin. Since the birth of the Trojan, hackers in order to hide the Trojan, a variety of camouflage tricks are endless, people are impossible to guard against. Then let us together to have a pair of eyes, debunk Trojan skin trick, will these uninvited guests shut out.

Painted First: Icon camouflage

Camouflage Level: ★★★★

In a Windows system, each file type is represented by a different icon, and it is easy for a user to determine the type of file by using an icon. Hackers in order to confuse users, the Trojan server program icon replaced by some common file type icon, so that when the user runs, the nightmare began.

Example: A black Hole 2001 server Installer uses the icon for the folder (Figure 1), and when you hide an extension of a known file type, the file looks like a folder, and when you click on it curiously and plan to go in and see what file it is, Pandora's Box opens.

Figure 1

Identification method

Usually when we run a file, we often get used to using the mouse to double-click it, so that the Windows system will first determine the file type to open its associated program, and then open the file. This way, it is easy to activate the Trojan that modifies the icon. In fact, we just need to change one way to avoid it. For example, we see a text file file, and do not double-click to open it, but first open the Notepad program, and then through the "File" menu "open" command to open the file, if the display is garbled, then the "text file" There must be a problem.

Security expert comments: The replacement icon is the most basic Trojan server to disguise the way, but only use this one way is not enough. Hackers will be it and file renaming, file bundle, such as a series of camouflage way to combine, so as to deceive users to run. So don't execute other people's files, so be wary of him being your friend.

The Painted skin Second: the changed names

Camouflage Level: ★★★

The icon changes often and file renaming is carried out together, the hacker often will file name obtain very attractive, such as "beautiful Sister" and so on, cheat the user to run it. When the Trojan server program is running, the server-side program will also set its own process to be similar to the normal system process name, so that users are not susceptible to suspicion, by their paralysis.

Example: As shown in Figure 2, this is the author of the Trojan Server installation program, it is displayed on the computer as "beautiful sister. bmp." If you think of it as an image file to open, the author of the Trojan Horse is also in your computer camp.

Figure 2