Secret Trojan Common four camouflage cheating behavior

Hackers are not willing to be lonely, so there are many more easily fooled by the Trojan camouflage means. This article introduces some common Trojan horse camouflage means, hope to be helpful to everybody.

1, the Trojan packaging as an image file

First of all, hackers often cheat others to execute the Trojan horse, that is, the Trojan horse as an image file, such as photographs, should be said that this is a most illogical method, but is the most people recruit method, effective and practical.

As long as the intruder is dressed as Meimei and the file name of the server program (for example, Sam.exe) is the name of a "similar" image file, and then pretends to send the photo to the victim, the victim immediately executes it. Why does this mean that this is a illogical approach? Image file extension can not be an EXE, and the extension of the Trojan horse is basically an exe, a discerning eye will know that there are problems, most people in the reception of a see is EXE file, it will not receive, what is the method? In fact, the method is very simple, As long as he changes the file name, such as "Sam.exe" to "sam.jpg", then at the time of transmission, The other side will only see sam.jpg, when you reach the other computer, because the Windows default is not showing the extension, so many people will not notice the extension of the problem, and happens to your computer is also set to hide the extension, then you see only sam.jpg, deceived also inevitable !

Another problem is that the Trojan itself is not an icon, and in the computer it will display a Windows preset icon, others will know! But the intruder still has the method, this is to change the file for a "vest", that is, with IconForge and other icon files to modify the file icon, This trojan is packaged into a JPG or other picture format of the Trojan, many people will inadvertently executed it.

2, with Z-file camouflage encryption Program

Z-file camouflage Encryption software after the file compression encryption, and then in BMP image File format display (extension is BMP, after the implementation is a common image). It was originally designed to encrypt data, and it was not easy to divulge your confidential data even when the computer was hacked or illegally made use of. But if it is in the hands of hackers, it can become an accomplice to invading others. The user will combine the Trojan horse program with the small game, again with Z-file encryption and the "mixed" to the victim, because it appears to be image files, the victims often disagree, open and just general pictures, the most terrible place is even antivirus software can not detect it inside the Trojan horse and virus. When the victim's vigilance is eliminated, let him use WinZip to decompress and execute the disguise (for example, a small gift to give him) so that the Trojan can be installed successfully. If the intruder has the opportunity to use the victim's computer (such as a home repair computer), as long as the "mixed body" has been issued in advance, it can be extracted and installed directly with WinZip. Since home repairs were done with the use of computers at Chek Lap Kok, the victims did not suspect anything of being implanted into his computer, and the time was not long enough for 30 seconds. Even if it is "shining" in front of the victim, he may not be able to see what the two black hands are doing. In particular, because the "hybrid" can escape the detection of anti-virus programs, if it contains a hair-trigger virus, then once the knot open compression, the consequences will be unthinkable.

3, the merger process deception

Usually experienced users, will not confuse the image file and executable files, so many intruders pound, simply the Trojan program is said to be the application: Anyway, exe as the extension. Then change the pattern to deceive the victim, such as a new game, an omnipotent hacker program, and so on, to let the victim execute it immediately. And Trojan program is generally not any response after the implementation, so in silence, many victims thought it was transmitted when the file was damaged and no longer pay attention to it.

If there are more cautious users, the above method may cause them to be suspicious, so the derivation of a number of merger procedures. A merge program can combine two or more executables (exe files) into one file, and once this merged file is executed, two executables are executed concurrently. If the intruder will be a normal executable file (some games such as Wrap.exe) and a Trojan program, because the execution of the merged file Wrap.exe will normally execute, the victim in ignorance, secretly Trojan program also executed.

In the past, many of the two programs can be merged into the software used by hackers, but most of them have been listed by the major anti-virus software virus, and they have two prominent problems exist, the problem is: the merged file volume is too large, can only merge two execution files.

Because of this, hackers have turned to using a simpler and more powerful software, this software can merge the image file, audio file and executable file, but also reduce the volume of the merged file, and can receive the information immediately after the user has been executed, telling you the other party's IP. Everyone should be more vigilant.

4, disguised as application extension components

This category belongs to the most difficult to identify Trojan horses. Hackers usually write Trojan programs into any type of file (such as DLLs, OCX, etc.) and then hang in a very well-known software, so that people do not suspect the security of the installation files, but also no one to check its file more or less. When the victim opens the software, the problematic file is executed at the same time. This approach has a greater advantage than the use of the merge program, which is not to change the intruder's login file, the Trojan will run synchronously whenever the software is opened.

When you encounter the above four kinds of situation, please be careful, perhaps inadvertently you have been in the Recruit!!