A simple analysis of the HTML virus
Print View , by: iSee ,Total views: 11 ,Word Count: 844 ,Date: Thu, 16 Apr 2009 Time: 4:54 AM
This has been something to write, but to go to work, said to go to work, do not write, go home and then busy playing games, throwing one side. Had not been doing regular jobs now open to write, I hope my head does not know the blog. Ha ha long time ago in HTML on the virus are very interested in, and I am very curious how can remote to local will be able to download without allowing the executable file, but has not had a chance to be engaged in the original asp
code, so I do not dare go out of context what analysis. Recently, a friend once said that he listen to a web page to see when the virus prompted a virus firewall and ask me to care (thanks to his first start), I like the idea of a flash
on the virus to open FlashGet down the next page. Look a little code found on the home page a few lines below there is a hidden floating frame. URL address of its reference is not local, I feel it should be, and then again to use FlashGet down under. Released virus was found in space do not support ASP, down under the ASP file is the source file. This interest has come, theall virus-related documents are down under. As a result of this virus is very simple, so I can only extract a number of fragments and, if really interested, do not look for an anti-viruspage, but do not use IE to see, to use FlashGet to download tools, etc. Download it, and then open Notepad, that can be hit or not come to see me, and the beginning of the body. There are three real virus files, a document is to guide, one is downloading files, and the third is the activation file. The first key part of guidance documents: This role is to download and activate the two documents as the subject of the page to invoke and run, this file is virus infection in the local key places, in reference to the document had no cited obstacles Action client components,, and that is that ah knife. The second is the virus exe file to download and then how to download exe, not the pop-up box prompts to download it. This is a collection of downloaded file to complete the task. The practice of the virus in the server-side components and Microsoft.XMLHTTP with response.contenttype = "image / gif" files to the virus picture format to download to the client in the page cache (this is very simple Get / BinaryWrite operation, on the not detail a). The third is to activate the process of feeling very clever activated, the virus was first fso
in c: \ documents generated in a hta, the activation process will write the document. WScript.Shell to run then the document. In this way, the need to activate the operation of major powers (such as: writing registry operation) there is no problem. Specific operation that is the case. Page cache in the directory moved to the virus file system
directory, and then changed its name to win.exe. Go into the registry where the key from the start, making the system the virus can be automatically activated after the restart, then delete the hta file to complete the infection and activation. This is the basic operation of the virus (in accordance with the practice part of the virus not to mention the destruction), but the use of what we do, in fact, this virus is very annoying I am, however, download the exe and its activation process can be used or place. For example: You must be a system for the client to download and activate a number of components in order to use this operation to know the face of people, of course, there is no problem, but if you are faced with the kind of network is not engaged in anything user-ching Lin, I estimated that the system not to start using your phone will be a. If you use different ways, in each other's permission to automatically download components, and automatically activated, it is more easy, is not it. However, in this way to the small shape file is a convenient, if you want to download more than 1m documents .. then have to consider the operation of multi-threaded downloads, and of course this is not the scope of this article. Have the opportunity to say that after using ASP + xml
to achieve WEB From multi-threaded multi-threaded way to download it.
ASP File System Object Articles
Can't Find What You're Looking For?
Rating: Not yet rated
No comments posted.