Trojan rampage beware of the QQ expression hidden behind the conspiracy-bug warning-the black bar safety net

ID MYHACK58:6220068855
Type myhack58
Reporter 佚名
Modified 2006-05-01T00:00:00


Editor's note: I believe that QQ is the majority of users are very familiar with the chat tool. A considerable part of the friends for QQ custom emoticons very favorite, or even make your own personalized custom emoticons to share to everyone. But we enjoy a variety of personalized expression, hackers also through these emoticons quietly sneak into our systems planting Trojan, get us off guard. How do we deal with, below we together to debunk hidden in the QQ custom emoticons behind the conspiracy.

Custom smileys using the

Knowing this principle, here we have a step-by-step to repeat through the picture of planting the Trojan's operation.

Step 1: Configure Trojan program

First you want to configure a Trojan server-side program, through this program can be remotely computer controlled. I here is the use of domestic Trojan PcShare it.

Run PcShare. exe, click on the toolbar, the“Generate customer”button in the pop-up“is generated is controlled to end the execution of the program”the window to set 1 on. Finally click the“Generate”button, you can generate a configured Trojan server program, then the services end of the program upload to my application good to of the cyberspace.

! Trojan rampage beware of the QQ expression hidden behind the conspiracy

  1. The use of vulnerability planting Trojan

This method is through the Windows System and application vulnerabilities and produce, for example, 2 0 0 4 year the“Windows GDI+ JPG parsing module buffer overflow vulnerability”,“Windows graphics rendering engine security holes”, 2 0 0 5 years of“MSN Messenger PNG image parsing remote code execution vulnerability”, as well as this year's“Windows graphics rendering engine WMF format code execution vulnerability”are and graphics image-related vulnerabilities.

Here's to the“Windows GDI+ JPG parsing module buffer overflow vulnerability”, for example, as we explain the picture the Trojan build process.

At the command prompt to activate the exploit tool jpglowder, view tools the use of methods such as Figure 2)。 Vulnerability to use the tool comprises a plurality of command parameters.

! Trojan rampage beware of the QQ expression hidden behind the conspiracy

To take advantage of this loophole to generate pictures of the Trojan, as long as the use of tools built-in parameter“d”can be, by entering a section containing a Trojan link to the page, you can generate the required picture Trojan.

  1. The use of HTML code planting Trojan

This use of HTML code make pictures of the Trojan, in fact, is the traditional web Trojan a variant of it. Open the Notepad enter the following code, 并将代码另存为plmm.jpg the.

Here via a jump command is connected the chain to a Web Trojan address.

Point Guard, pinpoint key

In fact, by picture of Trojan propagation is already an old technology. But now the hacker through the QQ custom emoticons to the active cultivation of the Trojan or to cause our highly attention.

We can see that the picture of the Trojans and web Trojans like to take advantage of system vulnerabilities to be planted into the system, so we can be found, party Jun friends in installing a variety of antivirus software and a firewall, there is no time to play on the system vulnerability patches, just let the hackers have.

So we Guard by QQ custom emoticons to the cultivation of the Trojan the key is timely for the system to hit on the bug fix(everyone can according to their own system to http://www. microsoft. com to download the appropriate patch, even if is not the first time the installed system security patches, by using a third-party patch for prevention.

Step 2: generate the picture Trojan

To pass through the custom emoticons to be a Trojan planted, there are two methods, which are by vulnerabilities, HTML code is produced, the following each of these two methods of analysis described.