Use the trick to figure out the Trojan virus behind the picture

Trojan virus belongs to the virus category, mainly to steal account password information, remotely control the user's computer, destroy the operating system and other operations. Moreover, in order to prevent anti-virus software from killing it, it usually has strong concealment and anti-reconnaissance. After most Trojan viruses are infected, the first attempt is to forcefully shut down the anti-virus software, and then start stealing accounts. Some Trojan viruses will even break the mainstream anti-virus software at home and abroad.

In the recent past, it can be seen from the virus reports released by major anti-virus software vendors that the Trojan virus is currently flooding the Internet and has formed a complete virus industry chain. How does it invade the computer? How to prevent it as an ordinary netizen?

There are many users who find that their computer has a problem, but they can't find the reason. It is a Trojan, but it can't find it. What is the problem, and later it was detected that when the data was uploaded, the Trojan virus hidden in the picture was found in the picture, and finally it was pulled out. Take a look at the specific content:

The attacker used the Microsoft GDIplus security vulnerability to hide the Trojan in the picture. Note that it is hidden rather than bundled. This is different from the previous disguise as a Trojan, which lures netizens to click, but The real picture turned into a Trojan. Affected by the Microsoft GDIplus security vulnerability, almost all browsers, instant messenger tools, Office programs, and viewing software may become channels for Trojans. Just browse through the browser, view the software open, or even view these images in QQ, MSN, email, Office documents, you will be recruited! You are a QQ expression or a PNG picture with tens of thousands of layers, see You are on the Trojan! This security vulnerability is Microsoft's GDIplus image vulnerability, which is the biggest security vulnerability in Microsoft's history.

GDIplus is a graphical device interface that provides two-dimensional vector graphics, images, and layouts for applications and programmers. GdiPlus.dll provides access to a variety of graphical methods through a class-based API. It has an integer overflow vulnerability when parsing specially crafted BMP files. An attacker who exploits this vulnerability has complete control over the system, which can be used to install more Trojans; view, change, or delete data; or create new ones with full user rights. account. This GDIplus vulnerability is very serious, similar to previous cursor vulnerabilities and wmf vulnerabilities, but it covers a wide range and covers almost all graphic formats.

Understand the above problems, computer users should be careful to take the pictures they have received, must first kill the virus and then open, in case of the move, but this problem can also be solved, because Microsoft Special patches for GDIplus security vulnerabilities have also appeared, and as long as the download is run, the problem is saved.

Develop good online habits. A large number of Trojans are spread through illegal websites, etc.

Improve personal safety awareness. If you receive unfamiliar mail, don't open the attachment, don't click on the QQ or MSN message with the link, insert the U disk and then copy the file first, etc.;

If the computer is infected with Trojan virus, first upgrade the anti-virus software. After the latest version, perform a full-scale anti-virus. You can also seek help from professional anti-virus vendors such as Rising.

The Trojan virus is indeed a huge hazard, but I believe that as the country continues to crack down on computer viruses and cybercrime and related laws, the underground Trojan industry chain will gradually be eliminated.

Develop the above good habits, you can prevent your computer from infecting Trojans, hurry.