With people’s increasing awareness of the security, Trojans, hard disk bombs and malicious programs are more and more difficult to find the places to hid themselves. But these evil those guys won’t give up their lives and come up with many ways to disguise themselves, so many of them are taking advantage of WinRAR self-extracting program to bound malicious programs.
The attacker can put the Trojan and other executable files, for example Flash animation in the same folder, and then make the two files added to the archives, and will make the format for exe file since release file, so that, when you double-click on the release of the documents, will start in Flash animation, and other documents and operation of the disguise quietly Trojan! So the attacker will reach the purpose of Trojan growers, means that you’ve run Trojan service.
And this recruit the effect is very good, the other side is hard to detect, because there is no obvious signs of existence, so now use this method to deceive each other operation Trojan is very popular.
By using WinRAR to make self-extracting files, it not only can be used to covert loading Trojan server programs, but also can be used to modify the operation of the registry! The result is as long as someone double click run this done thumbs and Winrar self-extracting program, will automatically modifying registry keys, as malicious web general danger! And the whole process will not be in import registry of message (only a victimizer on another production self-extracting files to regedit when combined with “/ s” parameters and specific methods can not mention here, prevent people from using)! Not only that, and attacker can also put the self-extracting files and Trojan horse program or hard drive the service such as bombs and bomb with WinRAR bound together, and then make self-extracting files, so to everyone’s threat will be more big! Because it not only can destroy the registry, will also destroy all hard disk data, think isn’t that a scary thought?
It is not hard to see, WinRAR self-extracting function really is too strong, it can make the person also can not programming in a short time to make such a very venomous malicious programs, through to the generation of self-extracting files a easy of interest to send to others name, or directly on your web site or BBS place such as the release, to format the hard drive of each other, deleting files, planting Trojan, obtain access system, is very possible, very easy to realize.
The most terrible is, in the use of self-extracting files WinRAR to change after icon, it’s harder to identify it. And to contain Trojan or malicious program self-extracting files, at present many popular antivirus software and spyware detection software have found they cannot find out which have problems! Don’t believe it, and you can do an experiment, they know the results. For reasons known to all, did not say what the anti-virus software can’t find out is, you can begin to try.
What is the distinction between a normal self-extracting files and bound for malicious programs of self-extracting files? How to judge self-extracting whether the program contains malicious program? Simple! As long as you can find that the release documents have multiple files hidden in, especially more executable file, can determine which contains malicious program! So how to know since the release of the documents contain several files, what are the files? A simple recognition of the method is: use the mouse right click WinRAR since the release documents, the pop-up menu select “properties”, in the properties dialog box you will find more than common EXE file out two labels, respectively is: “archives” and “note”, click “note” label, see the comments content, you will find what files contain. This is the best method to recognize WinRAR malicious program files with bound.
Another simple way is that when you meet a self-extracting program, don’t run directly, but choose the right menu “with open WinRAR”, then you will find what exactly is in the file.