pctools spyware,antivirus pctools,firewall download doctor pctools

Community Anti-Virus, is the Internet as a whole Hongbian

admin — Tue, 06 Oct 2009 10:38:27 +0000

2008 years end of the year, a security industry quietly popular new term, public good anti-virus, Hong Bian various social networks. Public service announcements, public performance, public donations have been our most well-known, then what do public good antivirus? As far as I know, such as in the community, enthusiastic users will post link to suspicious test results to confirm if the click on this link to the virus will , then users will be enthusiastic about the post of a trap Exposure to avoid more And more people are poisoning:

a map (online at Baidu Post Bar post malicious exposure)
According to friends, in the current Baidu Post Bar, the End of the World, Mop, meal cards, and many other well-known network of community, security enthusiasts everywhere Qiu Huibao not in the premise of testing in the community and malicious malice pages link to engage in anti-public to purify the Internet environment of the community. Intercept these people a lot of virus spread in the network, than the virus into the user's machine and then killing effect on the good times! According to my analysis of the public
popular anti-virus network following two reasons:
one to clean up the network environment, users have no illusions about the anti-virus software in the network security
some of the fans, said: network environment clean, not illusions in anti-virus software. As we all know, more than 90% of the virus, from the network. The poorer the network environment, poisoning the more the number of users, the more it seems that anti-virus software market. Manufacturers of play up against the virus, stressing the user's machine how to prevent, but very little exposure to those viruses to spread malicious Web sites and software. In this way, it is difficult to fundamentally improve the network environment. Some users simply call this the hidden rules antivirus industry. That being the case, the improvement of the network environment, into the commercial element or better, public good virus can be easily acceptable to users.
II, anti-people have to go to report to oversee the road network in
black industry chain, the flow of current transactions which are in a gray area, difficult to regulate and monitor. In the past, hackers were able to black out a small Web site, linked at the top of their horse. Now, hackers have become small climate and gradually became a black key part of the industrial chain. They are no longer easily and Web site, but openly to the station master individual buy traffic , the purchase of such flows in the form of disguised linked to the horse, the station master individual dragged into the water. That is to say let people browse the site's horses in the value is much higher than those of ordinary people view advertising. The user is often unaware of the relevant laws and regulations are a bit vague. It seems to master the moral to accept a severe test. In the current financial crisis environment, the risk seems to be becoming more. It seems the network needs to be anti-public service for the purpose of supervising and managing people.
According to the author learned that a small number of security firms by the anti-public service and to improve the network environment , to promote their own brand names. For example, super-patrol antivirus software, also issued a special Web site for scanning, the community of free tools for malicious website —- Patrol tour, as well as reward those anti-public service activities to highlight the performance of online friends. On the other hand, users participate in the public good anti-virus, there is no lack of benefits and establish their own reputation in the community, exercise their own network security technology, some users completely out of enthusiasm to participate in an anonymous, so I am very moved.
a number of security professionals who believe that the public good anti-virus security vendor experience from the civil security technologies, but also marks the Internet safety awareness and the network of social responsibility mature. Should appeal to more manufacturers and network security company accordingly. On the other hand, in the current financial crisis, the authorities have lost no time in the introduction of policies to guide enthusiasts to step up regulation of network security environment and promoting the building of a harmonious network.

December 16 virus warning: to prevent the worm variants of the virus

admin — Sat, 03 Oct 2009 10:37:15 +0000

Network security channel bit today to remind you: In today's virus cabo worm variant of r, Warcraft and variants aur Deputy worm variants SJ variants are a cause for concern.
a briefing today in high-risk virus and describe the phenomenon of poisoning:
cabo worm is a variant of r cabo worm worms in the family of one of the newest members to adopt MicrosoftVisualC 7.0 to prepare. Cabo worm variant of r running, it will replicate itself to the infected computer systems, % USERPROFILE% \ LocalSettings \ Temp directory, renamed svchost.exe . Through the start of the registry key value added in a manner to achieve the worm automatically start running. Traverse the infected computer's drive G to C, effective search network shared folder. If it is found that there is . RAR and . ZIP extension of the compressed file, it will be any self-named Setup.exe , Install.exe or _Run_Me_First.exe , written by the discovery of the compressed file And the dissemination of network sharing. In addition, the worm will not be repeated infection, in some cases, the infected files copied to the other directory and rename as updated-fixedRelease-.rar .
Warcraft aur variant of the Warcraft Trojan family in one of the newest members to adopt BorlandDelphi6.0-7.0 to prepare, and after dealing with the protection of Jiake. Warcraft variant aur run, in the infected computer systems, % USERPROFILE% \ LocalSettings \ Temp directory released malicious DLL file textfont.dat and LPK.dll , and the real system files % SystemRoot% \ system32 \ LPK.dll to copy the temporary folder, and renamed LOOPARK.dat . Warcraft aur variant of the components of the release of textfont.dat is a steal, Legends 2 online games account of the Trojan horse program members will be inserted into the explorer.exe and all the user-level privileges In the process of loading operation. After running through the news hook, such as interception RAM technology to steal online game players of the game account, the password of the game, where the service area, and other information, and will be in the background of players to steal confidential information sent to the hacker's designated site on the remote server, Resulting in online games player accounts of the game, equipment, goods, money, such as loss of players to the game caused varying degrees of damage. In addition, the Warcraft aur variants will be running in the background after the surveillance system is running all the process if it is found to kill some of the soft existence of direct control from the operation of the horse will not be released and a series of follow-up operation.
Deputy worm variants SJ (Worm.Win32.VB.sj) The virus is prepared by the VB, similar to a folder icon, the virus will run in the root system to copy a large number of their own, and named a different Name, will replace some system files. Will be the release of the root Autorun.inf, when in the Windows directory and open the system32 directory, the virus will shut down this folder from his visit to avoid anti-virus manual. Virus will modify the location of the start menu, when the mouse on the start menu, the menu will move randomly, not click. Virus will modify a large number of registry in order to achieve the purpose of the start-up. Virus will modify IE home page, download new so as to achieve the purpose of the virus, allowing users to easily repeated infection, it is difficult to remove completely. Second
the light of these viruses, network security channel bit proposed a wide range of users:
1, the best professional to install antivirus software to conduct a comprehensive monitoring and upgrading of the virus code in a timely manner. Some of the main recommendations will be monitoring the user to open the regular, such as e-mail monitoring, surveillance, such as memory, with a view to preventing the current prevalence of viruses, Trojan horses, harmful code or procedure, such as attacks on a user's computer.
2, Do not open e-mail at the Annex, in particular e-mail from an unknown source. Enterprise users in general to open mail server platform monitoring system, e-mail at the gateway to intercept viruses, to ensure the security of e-mail client.
3, enterprise users should upgrade control center in a timely manner and suggested that the relevant managers at the appropriate time for killing virus-wide network. In addition to guarantee information security companies should be shut down for the shared directory, and set up strong administrator account password, do not set an administrator password is empty or too simple password. As reporters
time only, Jiangmin, Rising Treasury virus have been updated and the above-mentioned killing the virus. Jiang thanked the science and technology, science and technology for the Rising-bit channel network security information provided by the virus.

Virus posing as crazy cloning own folder

admin — Wed, 30 Sep 2009 10:36:31 +0000

According to the Rising global anti-virus monitoring network, today (December 16, 2008) Of particular note was a virus, which is: Acting worm variants SJ (Worm.Win32.VB.sj) virus. The virus is similar to a folder icon, the virus will run in the root system to copy a large number of their own, the virus will modify the Start menu and the location of the IE home page to download a large number of viruses, the virus is very difficult to remove.
on this popular virus:
Deputy worm variants SJ (Worm.Win32.VB.sj) virus: the degree of vigilance ★ ★ ★, worm, spread through the network, dependent on the system: WindowsNT/2000/XP/2003.
the virus was prepared by the VB, similar to a folder icon, the virus will run in the root system to copy a large number of their own, and named a different name, will replace some system files. Will be the release of the root Autorun.inf, when in the Windows directory and open the system32 directory, the virus will shut down this folder from his visit to avoid anti-virus manual. Virus will modify the location of the start menu, when the mouse on the start menu, the menu will move randomly, not click. Virus will modify a large number of registry in order to achieve the purpose of the start-up. Virus will modify IE home page, download new so as to achieve the purpose of the virus, allowing users to easily repeated infection, it is difficult to remove completely.
anti-virus expert recommends that computer users take the following measures to prevent the virus:
1, to establish a good safety habits, not to open suspicious mail and suspicious sites;
2, a lot of loopholes in the use of the spread of the virus must be addressed in a timely manner patching systems;
3, professional installation The anti-virus software upgrade to the latest version, and open real-time monitoring procedures;
4, machine-based administrator account set up more complex password to prevent virus spread through password guessing;
5, to open the center to open all the protection to prevent the virus through IE vulnerability Such as computer intrusion.

Jiangmin KV2009 cure infection by an unknown computer virus

admin — Sun, 27 Sep 2009 10:35:51 +0000

Description of the problem:
One day, friends reflect on the computer may be caught and show symptoms for the Task Manager is disabled, the system slow, occupier of a serious network resources, has installed several anti-virus software are not out, and some of the Security software is not available, in addition, there are no other abnormalities. Suspect may be the latest in an unknown virus.
how to do? It seems the computer does not light poisoning, but also encounter a new situation. It seems only death Madang live horse medicine, using my secret weapon a try. I have to say that this mysterious weapon is not mysterious, that is, of Jiangmin KV2009, but how good use of this anti-virus tool, you need step by step and I looked down.
First, a friend of computer antivirus software to uninstall, install the latest version of the KV2009. In that case, we should be how to determine whether he is in a virus? We run the first Min-click to see the process – (path: the main interface – a tool commonly used tool — – process viewer) to see if we can find I wonder what the suspicious process?! Brbrbr Indeed, the red arrows point to the attention of the two procedures are abnormal. The first is not a normal exe extension, the second of the normal procedure should not be in the temporary folder. Attention to the top Rar.exe that in itself is suspicious, they will join the black list and the end of the process to prevent them from re-start (the virus due to the opening of the guardian of the process, we must first of all to the end of the suspicious programs, or virus program Automatic re-run, hold down the Ctrl key to select more than at the same time be the end of the process).

Virus and anti-virus who struggle even more high-Yi Zhang Road

admin — Thu, 24 Sep 2009 10:35:17 +0000

Now more and more intelligent computer virus, disguised after the invasion of the computer can be openly; the virus is now getting more and more serious, not only can infect documents, but also even the devil into the computer's Sumon God, then — In the major anti-virus service center issued a warning, Death , AV Terminator and dove gray variant of the virus to become the leading role of these variants of the virus have some common characteristics: good at camouflage, to modify the registry until the damage Computer anti-virus software.
think from the beginning of 2006 with a large number of anti-virus, the ability of computer viruses, industry experts believe the virus and the virus contest, from a simple attack before a kill into fighting each other, the virus IQ more The higher the past.
antivirus software to try to destabilize him if
said before a group of computer viruses like the mob, only the Motoumeinao to disrupt the computer to launch indiscriminate attacks, in recent years, the emergence of the virus like criminals High IQ, they found that good at computers Weakness of the enemy is weak, first of all, down the computer Sumon God — anti-virus software and security software, or they simply bypass the computer intrusion.
the work of the media in the past two days, Miss Wang is very depressing: MSN's own computers have been sent to friends disguised as a photo file compression, think friends really, to open one after another after the virus in a trap. Miss Wang is now even dare to open the computer, the Internet did not dare, do not delay the work that my friends are complaining. Miss Wang allows confusing is that the computer is clearly anti-virus software installed, and how it will be poisoned? Brbrbr According to experts, from the beginning of August 2006, on the Internet for a large number of specific anti-virus software to destroy the virus, They include The Legend Terminator , QQ Trojan game , QQ thieves and horse close West , which is running in the background of the computer, network game to steal the user's QQ account and, passwords, and send it to manufacture virus Persons.
after the end of October 2006 in large areas of the country's popular Panda burning incense virus, in 2007 and has appeared in AV Terminator, Xiao Hao virus and pig virus, Gorilla virus, all The most important feature of these viruses and antivirus software is a positive sights set on. For many
not versed in computer technology, computer users, anti-virus software is the only line of defense, even if this defense line also fell, then the consequences would be unthinkable. Brbrbr do not wish to remedy the current computer system for the destruction of the virus has reached the point where all-pervasive, and even its own antivirus software was not spared either, so as Miss Wang as anti-virus software installed on the computer is still infected with the virus are quite common.
experts believe that the fundamental reason for this is: First of all, anti-virus technology always lags behind the development of the virus. In general, there is always the virus first emerged after the killing patch upgrades, anti-virus software vendors have a virus on the collection, analysis, deal with the process, which inevitably lead to some computer users to become a victim.
Second, anti-virus software in that the virus-maker in the dark. Every time a large-scale outbreak of the virus, such as Panda burning incense, and the use of all anti-virus software, there are some loopholes for the purpose of the attack. Such loopholes or weaknesses in the operating system and some software, can not be completely avoided, the virus that manufacturers continue to study through the loopholes in the system, training army of the virus.
Third, anti-virus software are present in the form of computers, and its security is related to computer software and other documents are the same, the new virus will emerge as the destruction of other software, the same document to Destruction of anti-virus software.
In addition, anti-virus software vendor business competition and lead to closing their doors to each other technically, it is bound to the formation of anti-virus also in the field of internal friction and conflicts, anti-virus technologies complement each other very difficult to achieve. On the contrary, computer viruses have been Trojan horses, worms, vulnerability to attack, the transmission of the virus, and other ways against the complex. Computer virus incidents occur frequently not surprising.
antivirus hardware
Jie Nanti by the end of May this year, an anti-virus hardware products through the Ministry of Public Security official permission to enter the market, which is China's first USB port on the state anti-virus hardware products. Its manufacturer, Nanjing Central R & D network data security Co., Ltd. announced that a U shape resembles an ordinary disk hardware, it into the USB jack on the computer without any operation can play a real-time anti-virus functions, do not take up hard disk space The occupants of the system resources are very limited, most importantly, the virus can not damage them.
This reporter has learned that anti-virus products have appeared in several hardware products, is an early anti-virus card, which is directly into the computer's motherboard slot, but its users a certain degree of expertise requirements, and Can not upgrade, it has come to an end soon. The other is the anti-plate U , which is equivalent to anti-virus software installed on the U disk, and U disk itself is a vector, may not have been on virus-infected, a very dangerous Infection , the anti-U did not set a firm foothold in the market.
now that the introduction of anti-virus products, hardware and what difference do they?
ring network in Jiangsu Institute of Information Security, chief information security expert Dr. Gong Jianxin said that as the fight against computer viruses, if its own is also installed on the computer inside Would be very vulnerable to the virus dry and even off infection, this anti-virus hardware product is anti-virus function implantation to the chip, the chip will drive encryption, to retain the anti-virus module for online upgrade Encrypted tunnel upgrade.
Dr. Gong Jianxin said that if the virus is a thief, the police anti-virus product, but before the police are thieves in a room scuffle started, and this anti-virus hardware in the room, on the one hand, can be set up to protect ring and the other On the one hand, is the protection of their own, thus more effectively killing the virus. The prevalence of the virus in case of emergency, the anti-virus hardware also against the latest epidemic virus's ability to use the virus to determine the characteristics of the act, we will find that the unknown virus.
In that case, anti-virus products, hardware, it means that virus and anti-virus winner of the contest has been the case? experts believe that since 1987 the United States found that the world's first case of a computer virus (Brian), Anti-virus technology with the virus on to start the fight, 20 years of ups and downs, there can be no conclusion yet, but the hardware anti-virus technology will be an important direction.

Mantis catch cicadas, the oriole, the hackers were also black

admin — Mon, 21 Sep 2009 10:33:28 +0000

Idiom mantis catch cicadas, the oriole in the post- means mantis about to catch cicadas, I do not know the oriole behind it is to eat it. Analogy short-sighted, only to see the immediate benefits were not aware of the troubles to follow. Appears to be a very simple truth, the reality on which it is necessary to more complex, are Dangjuzhemi the so-called. Drag so much, we enter the following question is, to talk about hackers and was the matter.
recently, micro-point defense initiative software to capture a back door: hacking fraud Trojan-Dropper.Win32.Agent.vuc, as its icon, it has been devoted to micro-point anti-virus, the back door of the procedure is different from that Backdoors for hackers and the preparation of the back door to their own program disguised as a claim that could have been Kabbah, safe 360, Rising, Kingsoft, and other mainstream soft kill hacker tools, lured by hackers to download running, but its function is to steal user Information, privacy and control as well use the back door. Some of the rookie class that was highly valued by hackers, did not expect that other hackers have become the Pan Zhongcan.
the back door after the implementation of the program was on the surface appear as the title of free kill shell on their own initiative, Beta1.2BY: Dao Meidan children, the hacker tool interface, to deceive users to hide their real purpose, and has secretly released through the dynamic library files , To modify the registry will be registered as a dynamic library services with a range of means to achieve it scvhost start. Through the injection of the virus svchost.exe connect the designated domain name, set up by growers to read the back door of the IP address and port number reverse connection with the hacker to communicate, to accept the control of hackers, so that the infection was the host for the puppet master-lun, When hackers can use remote process management, remote operation of the registry, restart the remote shutdown, and upload files to download, open the keyboard, and other records to monitor the operation.
preventive measures
has been installed at Micro-use software user defense initiative, without any setting, micro-point defense initiative will automatically protect your system from the invasion and destruction of the virus. No matter whether you have to upgrade to the latest version of Micro-point defense initiative will be able to effectively clear the virus. If you do not have to micro-point defense initiative to upgrade to the latest version of the software, micro-point initiative in defense find the virus software will prompt you to report to the police found that unknown Trojan horse , please delete the choice of treatment (Figure 1);
Figure 1 defense initiative Automatic capture unknown virus (not upgrade)
If you have active micro-point defense software upgrade to the latest version of Micro will prompt you to report to the police found Trojan-Dropper.Win32.Agent.vuc , please delete option (Figure 2 ).
Figure 2 after the escalation of known viruses intercepted
not for the use of micro-point initiative to defense software, micro-point anti-virus experts recommend:
1, not unknown in the non-official version of the site to download the software installed to prevent the virus through the bundled into the Your system.
2, as soon as possible, your antivirus software library features upgrade to the latest version of the killing, and to open the firewall to intercept abnormal network access, as there are still anomalies Please note that timely and professional security software makers access to contact technical support.
3, open the windows automatically updated in a timely manner to lay a good patch vulnerabilities.

Misuse of the Patriot anti-seismic restore deleted hard drive arrived mobile

admin — Fri, 18 Sep 2009 10:32:48 +0000

Data security is a measure of a good or bad performance mobile hard disk an important factor. I was informed that the latest from the business, Patriot 2.5-inch mobile hard drive Land Rover is currently H8165 arrival in Xi'an, a comprehensive listing. It is reported that this mobile hard disk of its excellent anti-seismic performance, but also mistakenly deleted restore features, ideal for enterprise customers to buy. The photo shows
: Patriot Land Rover Land Rover H8165
Patriot H8165 mobile hard disk size is 132 × 81 × 20mm, weighing about 190g, the mobile hard disk surface affixed with a buy first fall, the super-seismic All this shows is that paragraph The main safety of mobile hard disk. The photo shows
: H8165 Patriot Land Rover
light work on specific aspects of home H8165 Land Rover has three-dimensional shock-absorbing protection technology, anti-seismic capability, in that they can effectively protect the safety of the hard disk, and the balance of hydraulic roller systems, with little heat and wear small advantages And also to increase the effective seismic performance. The photo shows
: H8165 Patriot Land Rover
details are: H8165 Patriot Land Rover Land Rover
interface H8165 control of high-performance chips by USB2.0 and SATA hard disk interface to ensure the speed, can be applied to Win2K/ME / XP / VISTA, Linux, MAC systems. In addition to the mobile hard drive with antivirus software NOD Wushan Chu, as well as to restore the system software, hardware and efficient security. And software to provide personalized data storage, to guard against viruses, but also to restore the mistakenly cut losses. This mobile hard to enjoy the sunshine patriot, three-year warranty. Editor
Comments:
Patriot Land Rover H8165 mobile hard disk is the biggest bright spot in data protection, in addition to Naishuai earthquake, with the resumption of Wushan Chu software systems, business is very easy to use.

Internet cafes must be on guard against popular variant of the Trojan virus attack

admin — Tue, 15 Sep 2009 10:31:22 +0000

City computer service center to guard against the virus a week of the new security warning that the recent popular use of the loopholes in the system to download Trojan horse Super AV Terminator , was found to generate a confrontation-type variant — Terminator timer, to prohibit the user access And computer security-related web pages or bring their own security software and to download a large number of Trojan ones, the Internet, such as enterprise local area network users a great impact.

Internet cafes, according to a staff member to reflect that this virus is very invasive, or give the number of Internet cafes in domestic work a great deal of trouble. According to the staff reflects that he downloaded a cabinet form of e-books. Open the cabinet on the computer after a crash. And then after boot the computer, whether anything will open the lock. And the virus has shielded itself installed on the computer's antivirus software, use antivirus software after the other. Computers can not begin to enter the system, look for a lot of reasons found. Is the number of computer files were deleted. So you want to in the computer system is also equipped with the very trouble! A computer repair took only one day to find the original documents missing, and installed the system.
cafe's staff in a timely manner to do a good job of protection to prevent the virus from entering the lead to unnecessary losses and troubles

MSN sexy chicken simulated mouse virus is now operating

admin — Sat, 12 Sep 2009 10:30:19 +0000

December 15, Jiangmin anti-virus center reminded last week intercepted in the virus, MSN sexy chicken c variant of the virus and the focus of espionage, cho variant of the virus should be a cause for concern.
Jiangmin-to-date anti-virus monitoring center to a MSN chicken sexy variant of the virus, the virus through removable storage devices and the dissemination of MSN, MSN sexy chicken c variant detected a new removable storage devices when they access , To automatically create a read-only system, hidden attribute of the folder at the same time in order to set the Recycle Bin folder for the model to copy itself to autorunme.exe , the use of automated systems for the dissemination of playback. What is noteworthy is that the virus will be adopted with the hacker's designated server, the server in accordance with the instructions sent to the designated launch a DDos attack on IP, to download a large number of malicious programs, and MSN contact with the virus to send the ZIP compression File operations, such as downloading a malicious program, including theft account, install a backdoor, remote monitoring and other functions of the horse, to bring greater security threat.
In addition, Jiang anti-virus monitoring center to a simulated mouse automatically alert the security of the window, the focus of espionage, cho variant of the virus, the virus will create IE browser and the process of viral load documents into one operation in order to achieve better The self-concealment. At the same time, the Trojan horse by the release of the functional components of the mouse can also choose to automatically simulate a number of security software pop-up window warning of permitted and release button to prevent the virus's behavior was malicious software to intercept security. Virus will in Traversal background of the current system, all the process, if the designated security software, will try a variety of ways to end so as to achieve the purpose of self-protection (Jiangmin Anti-Virus software will not be closed KV2009), Led to the infected computer users be more different levels of threat, as well as the impact of the Internet overall security environment. Jiangmin
anti-virus expert recommends that users will not be easily received by the MSN, QQ upload to the package at the same time have the choice of smart defense initiative and the core level of self-protection feature of the anti-virus software, the Internet should be open Jiang The people of antivirus software features real-time monitoring. Another expert pointed out that due to a virus commonly used to hide more advanced technology, common software security tools can not find out, so as not to have been installed free of charge on-line security software tools and take it lightly, for his tremendous property Loss. The new listing of Jiangmin Anti-Virus Software KV2009 with heuristic scanning, Sandbox (Sandbox) technology, virtual machine shell, the core level of self-protection and many other leading computer anti-virus technology, can be an effective anti-virus software on the system .

On the security technology: web pages linked to the work of Ma analysis of the principle of

admin — Wed, 09 Sep 2009 10:29:22 +0000

As a website linked to the horse spread, with the aim of the Trojan will be downloaded to the local users and further implementation of the horse when implemented, will mean that more of the Trojan is downloaded, further implementation of a vicious cycle, So that the user's computer attacks and control. To achieve the purpose of the first Trojan to be downloaded to the local. According to the chart on the process, there is a common way of the following:
1. Disguised as a Trojan horse to page elements. Trojan browser will be automatically downloaded to the local.
2. loopholes in the use of scripts to run the download Trojan
3. the use of the loopholes in the script to run the release implicit in the pages of the script Trojan
4. disguised as a Trojan will be missing components or missing components and bundled together (for example: flash player Plug-in). In this way, to achieve the purpose of the download, to download the browser components will be self-executing.
5. script to run through some of the calls com components, the use of its vulnerability to download Trojan horse.
6. in the process of rendering page content use format overflow in the release of Trojan horse (for example: ani format overflow vulnerability)
7. rendering page content in the process of using overflow format to download Trojan (for example: flash9.0.115 loopholes in the play)
the completion of the download After the implementation of the horse following manner:
1. Play up the use of the page elements in the process of implementation of the overflow shellcode format for the further implementation of the Trojan download
2. The use of the loopholes in the implementation of the script running horse
3. Disguised as missing components of the package was installed here Automatic implementation of the
4. Script calls through the use of its components com loopholes in the implementation of the horse.
5. utilization of the page elements in the process of rendering the form of direct implementation of the overflow horse.
6. to use com components and other external communications process through proceedings in other horse (for example: realplayer10.5 existing playlists overflow vulnerability)
network in Malaysia and in the process of struggle, in order to evade anti-virus detection software, some of the network Ma It also has the following acts:
1. Time to amend the system so that the antivirus software failure
2. Antivirus software to remove the link HOOK, so that the anti-virus detection software failure
3. Amend the anti-virus software virus database so that it can not detect malicious code.
4. overflow vulnerability does not directly through the implementation of the malicious code, but implementation of the script for a call to avoid anti-virus software for the father of the testing process.
page linked to the detection Ma
traditional detection methods Defense:
1. characteristics of the match. Ma page will be linked to the script according to the script to deal with HIV testing. But the script page to deformation, the encryption methods than traditional PE format virus is more diverse, it is also more difficult to detect.
2. defense initiative. When the browser to make some moves, to make prompt, for example: to download a plug-in to install the package will be prompted to run it, such as the browser to create a storm when the audio and video player, suggesting that whether or not to allow run. In most cases, users will click yes, the page will be implementation of the horse.
3. Father of the process of checking whether the browser. This approach can be very easy to escape and plug-in will cause a lot of false positives.
days an act of defense analysis:
1. camouflage detection file format. The precise identification of file formats, page elements to determine whether or not to camouflage the malicious code.
2. check whether the source of the page elements for a long time to spread the web site linked to Ma.
3. Detection of specific function call stack to achieve.
(a) to distinguish between the user to download files, the browser automatically download files.
(b) detection of known loopholes in the buffer zone.
(c) the process of testing the creation of call stack, and whether the call parameters of conventional browser, in order to detect unknown vulnerabilities caused by the implementation of the document.
4. documents on the implementation of the monitoring, detection of parameters such as the characteristics of the implementation of the document.
5. on the part of the directory to write files to monitor operations.
6. Detection System to amend the clock.
7. Detection of DLL system memory mirroring Laws (import, export table, body function).
8. inspection PE parcel CAB files and digital signature.
9. Detection of specific file formats, known format overflow detection.
by more than the number of weighted can be effective on the page linked to known and unknown horse detection.