According to many media reports, we all know today that we cannot easily open executable file attachments in emails, but apparently those who sabotage activities read the warning articles and they started to play new tricks, it makes you think that attachments are just non-dangerous text files or image files. Because most people currently use windows operating systems, the default settings for windows are to hide known file extensions. When you click the file that looks friendly, those destructive things jump out. You can tell me the new spoofing methods and principles of The. txt file?
If the attachment you received contains a file that looks like this: qq.txt, do you think it must be a plain text file? I want to tell you, not necessarily! The corresponding website file name can be. txt. {3050F4D8-98B5-11CF-BB82-00AA00BDCE0B }. {3050F4D8-98B5-11CF-BB82-00AA00BDCE0B} indicates HTML file association in the registry. . Why is it dangerous to open this file directly? See if the content of this file is as follows:
You may think that it will call notepad for running, but if you double-click it, it calls HTML for running, and automatically starts formatting the D disk in the background, windows is running ing the system. Plase do not interrupt this process. "This is a dialog box to cheat you. The danger of opening the TXT file in the attachment is big enough?
Spoofing implementation principle: the ghost file will run in the form of an html file, which is a prerequisite for running it.
Lines 2nd and 3rd in the file content are the key to damaging the file. The first line is the executor of the destructive action, where commands with destructive nature can be loaded. So what is the 2nd rows? You may have noticed "WSCript" in row 2nd, right! That is, it directs the entire screen, and it is the overall command of actual operations.
WScript is short for Windows Scripting Host. It is a new function added by Win98. It is a batch language/Automatic Execution tool. Its corresponding program "WScript.exe" is a script language interpreter, in c: WINDOWS, it makes the script executable, just like executing a batch. In the Windows Scripting Host script environment, some objects are predefined. Using these built-in objects, you can obtain environment variables, create shortcuts, load programs, read and write registries, and other functions.
The following is a small example to illustrate how powerful the Windows Scripting Host function is, how simple it is to use it, and how much threat it poses after being exploited. For example, there is a *. vbs file with the following content:
Set so = createObject ("Scripting. FileSystemObject ")
So. GetFile (c: windowswinip0000.exe). Copy ("e: winip0000.exe ")
In this case, you can copy the file to the specified location. The first line is to create a file system object. The first line is to open the script file. c: windowswinip0000.exe indicates that the program itself is a complete path file name. The GetFile function obtains the file, and the Copy function copies the file to the root directory of the E disk. This is also a feature of most viruses written using VBscript. It can be seen from this that the object FileSystemObject can be effectively controlled to spread the virus. You can use the regsvr32 scrrun. dll/u command to disable file system objects.
Fraud identification and prevention methods: the best way to protect files. Another way of identification is to display the full name of the file name on the left side of my computer when "view by webpage". At this time, we can see that it is not a real txt file. The problem is that many beginners do not have enough experience, and the veteran may open it because he did not pay attention to it. Here, I remind you again that the file name of the attachment in the email you receive should not only look at the displayed extension, pay attention to what icons are actually displayed. In the attachment, the TXT file appears. You can download it and right-click it and choose "open with Notepad", which makes it safe.
Now, do you know that the. txt file cannot be opened easily? Do you know? OK. I wrote this article for the purpose!