(Test page: http://www.godog.y365.com/runexe/ICYFOX.HTM, the program running here is not Trojan!)
Since you want to create a perfect IE webpage Trojan, you must first make a standard for our perfect development. I personally think that a perfect IE page Trojan should at least have the following four characteristics:
One: You can hide the challenge of anti-virus software;
2: You can avoid the alarm of the network firewall;
Three: Most IE versions that can be applied to most Windows operating systems (mainly including Win98, WinMe, Win2000, WinXP, Win2003) (mainly include IE5.0, IE5.5, IE6.0), it is best to knock down SP patch ;
Four: Let the viewer do not easily find IE changes, so you can have a quiet, so you can have not been discovered for a long time.
(Note that the above four points refer to the page itself, but does not include your Trojan, that is Don't find me, I won't write it!)
Meet the above four points I want to make your horse more youth longer, running faster ...
What are you watching the above? Is you a heart? Don't worry, we are still in the existing IE website Trojans!
The first one: using ancient MIME vulnerability IE webpage Trojan
This kind of Trojan is still popular, but because this vulnerability is too old and the IE version is less, and the influence is too big, the patch is almost supplemented, so this Trojan is relatively low.
The second: use com.ms.activex.activexComponent vulnerability, combined with WSH and FSO control IE webpage Trojans
Although com.ms.activex.activexComponent vulnerability is widely existed in most IE versions, it is a better vulnerability, which is very high, but because it combines the popular virus called WSH and FSO controls, it can avoid it. Open the alarm of the network firewall, which can escape the pursuit of anti-virus software (such as Norton).
The third: use Object Types to confirm the Object Data Remote and combine IE webpage of WSH and FSO controls (typical representative with a shark web page Trojan generator) This kind of Trojan is that there are many IE versions. And the vulnerability is new, but there is a shortage:
1. Because this vulnerability is to call MSHTA.exe to access the network to download Trojans, it will cause firewall alarms (such as Tianwang firewall);
2, if this IE page Trojan uses WSH and FSO controls, they also escape the pursuit of anti-virus software (such as Norton), and
A shark web page Trojan is just using WSH and FSO controls, sigh ... Unfortunately ...?
3, then this vulnerability requires web server to support dynamic web, such as ASP, JSP, CGI, etc., which affects its play. After all, the current free and stable dynamic web space is less and less; although this vulnerability can also be used Mail MIME form (see I published on the security focus: "" "Http://www.xfocus" by the error MIME vulnerability ... "http://www.xfocus .NET / ARTICLES / 200309 / 607.html is used, but the test is discovered to find IE6.0.
Seeing the above analysis, you have this feeling: Qianjun is easy to get, one will be hard to find, the horse is in group, Nai Qiari horse is hard to find! Don't worry, let me bring this everyone to create the perfect IE webpage Trojan in my heart.
First of all, you have to hide the challenge of anti-virus software, we can't take advantage of WSH and FSO controls, because as long as you use the WSH and FSO controls, you will not take off "Norton" chasing, this can be tailored to us? ! Don't worry, after my hard work (saying that I am also studying the inspiration of the ASP Trojan), I finally found a control that can be used, that is, shell.Application, and it has been secure, It can be unobstructed in the "My Computer" domain, which is easier than WSH and FSO (using cross-domain vulnerabilities), please see the JavaScript code below:
