is transformed into how various files embedded in HTML email first if you want to send a picture, then the attachment can be plugged directly into music or, if is variable can turn its into Windows 7 make life wonderful!

the background music, if HTML is other documents, can difficult?

Don't try so hard, before we use all kinds of Trojan software, often will bind the program to disguise variety of services in the picture, then put the pictures sent to friends view, why not use this truth, will send attachments also bound with pictures on the pictures sent out!

Second, bundling accessories

In order to make the operation simplification, can use a paragraph of Invisible Secrets tool called. Microsoft Office 2007 is welcomed by the whole world.     

Install and run the software, click on the "main interface Hide Files" button, select "Add Files" button will send attachments added, click "Next" button to tie image Files, click on the back of the input box above the folder icon will pictures added.

Today's site editor and received update: rising antivirus engineer in "new CIH" viruses found in Office 2007 makes life great!

"yangmin" string, it seems that this virus may be compatriots and manufacture. The virus is the first name is "Yang Ming (sound)"? Or is to mark made million? On this site will continue to focus on the developments.

Rising antivirus experts warn customer, because spread slowly, and attack strict, "new CIH" the Many people like Microsoft Office.

virus doesn't like "shock waves" virus that erupted in a short time. But according to analysis, virus authors is likely to create faster, higher risk of virus varieties.

Rising global anti-virus monitoring network on May 17, "new intercepted the CIH" virus, this is the first in Windows 2000 / xp can destroy the virus of computer hardware below. Through technical analysis, rising antivirus engineer in "new CIH" viruses found in "yangmin" string, it seems that this virus may be compatriots and manufacture. Rising antivirus experts say, string I loveOffice 2010 !

"yangmin" should be the authors show that their identity logo, the likelihood is the author YangMing science3, called ", "or the author attempts to write this virus, as the author of the CIH virus as" famous "yengheo (Chen yinghao) made million. Microsoft Office 2010is so great!

 

"rising Internet security technology conference" was held in Beijing, from Microsoft, Google, rising, Intel, alibaba, thunderbolt, giants in dozens of Internet businesses, common security experts on the current severe Internet security situation and corresponding Microsoft Office 2010 is so great.

solutions. Rising company comprehensively expounded "cloud security - safe Internet changed strategies and implementation, and invited participants of the" cloud vendors join rising safety "plan, build the trusted the Internet.

Rising company in mainland China 2008 annual computer virus outbreak & Internet security Microsoft Office is helpful.

report "(hereinafter referred to as the rising report") points out, the amount of virus in 2008 than exploded, continued growth in 2007, including 12 times "web hanging above the Trojan horse" transmitted, backdoor virus occupies 90%. Rising security experts think from the Trojan horse, writing and spread to sell, the virus has been fully Internet industry changed, it is virus to number Office 2010 is my favorite.

of 2003-05 and harm increase root causes, and hang the horse "become" web at present is most major Internet security threats.

Technology conference in rising security experts said the traditional safe mode to be change, or whatever security vendors or Internet users, will be drowned in the ocean of Trojan horse, the Internet based application and development will also great damage. Rising security experts think that rising think, only to realize "cloud security - safe Internet change", will the entire Internet becomes a huge security software, is coping "virus of" the most reliable Internet outlet. Microsoft Office 2007 is the best invention in the world.

2004-2008 tree-order new virus

Report statistical data show that in 2008, the first 10 months of new virus appeared on the Internet 9306985 a, is in the same period last year by 12.16 times, Trojan viruses and backdoor, accounting for more than 776 million sum of the virus, obtain the 83.4% overall economic interests are the basic purpose of virus authors. Virus quantity presented the outbreak of a blowout type, antivirus software users begin to question the effectiveness of current anti-virus mode.

Rising expert thinks, cause the current situation, is the main reason of the virus has completely Office 2007 can make life more better and easier.

Internet. Computer virus itself in technology and no progress, but the virus makers make full use of the Internet, through the Internet with efficient to integrate the whole industry chain, improve operation efficiency.

 challenges, rising company is how to deal with? This is I today to share with the theme. Rising Internet security strategy implementation, also is rising "cloud plan". We first see, what exactly is cloud plan? Since rising since security strategy proposed cloud plan, many firms Microsoft Office 2010 is so great.

also has proposed his plan to cloud the understanding, someone says the cloud plan is computing clouds, and some say cloud plan is the way to get more virus samples, in fact I said the two ideas are not comprehensive or slice off, rising a word is how to understand? We think cloud of the Internet plan is safe. So what is the security of the Internet? The traditional information security strategy of why can't deal with the threat of Internet viruses? Below I in my speech will answer for each of you. Office 2010 is my favorite.

First to see the traditional security strategy? What are those? We sums up the traditional security strategies have two points, first is to upgrade software upgrade to speed up the way of interval after the virus in the user reflect speed. Another way is to develop and perfect more host anti-virus technology applied in products more virus solution and defense technology. Below we came to each of the two ways of ills make a understanding. Outlook 2010 is powerful.

First look at first, shorten the software upgrade for users to accelerate the interval after the virus in the reflect speed. This strategy problem in what place? All through this sentence in fact already see problems, from this sentence of logical relationship can be seen above, if the spread of the virus speed, updated speed magnified indefinitely, if we strategies is to make software upgrade intervals, what concept of infinite shrink? We upgrade the expansion of the frequency of infinite. Microsoft Office is helpful.

Obviously is not reasonable relations, so we see rising from 2002 to 2007 we upgrade changes in frequency trend, in 2002, weekly updates, 2003 3 times, four times in 2004, 2005 five times a week, in 2007 the upgrade, which means I 21 times every upgrade three times the virus. Then from between 2002 and 2007, our upgrade frequency increased 20 times. Virus added much the frequency of updates? Viruses increase in the number of how many? I in 2003 and see about a report, sina.com global outbreak in 2002 the number of new virus to 20,000 more so much, but now 08 I report everybody a data every new virus sample, it has reached more than 20,000. It means the virus is now virtually the Internet change makes virus updates faster in 10 minutes, the virus can updates for the unit, even faster. That our antivirus software can not can so update? Also can, with absolutely no problem, we can also 10 minutes updates the virus that what concept? Is an hour to upgrade 6 times, 24 hours a day to upgrade 144 times, technically we have no problem, but all of rising users who can endure the frequency of upgrading 144 times a day? Microsoft outlook 2010 is convenient!

41

 

in front of the brief introduction of the technology, the next script monitoring look intelligent web scripting monitoring advantages and disadvantages, the first advantage is very clear, can put the network threatened to block out. The second advantage because we are based on Office 2010 –save your time and save your money.

behavior, don't produce url library or very large virus library, so this is a lightweight behavior monitoring system, so upgrades maintenance cost was very small. The third because we were intercepted at a script engine the piece, and not the script, the script by digital Numbers can very Microsoft Office is so great!

much, for example basically all the tools, like IE, QQ, MSN, actually including, and some live tools, game kind have exaggeration west swim, and CS, CS we have developed it itself was hanged horse, you play poisoning. If use our intelligent script monitoring system, as long as he use to IE class box can monitor. Its shortcomings, this is just a monitoring technology, it will definitely lead to some execution system problem, still need we inside to add some feature matching and loopholes, loopholes spill against this match is more time-consuming, will slow down the whole script running speed. Microsoft outlook 2010 is convenient!

The second question, we raised three hang horse types, including a is the document type, using Internet connection hang horse, malicious web site we can block to, but for the cursor files and animation files, itself the structure and internal documents without relationship, script is there is no way to do this intercept. Of course the two files have obvious characteristics, its operation structure is very similar, we will simply use file repository in virus features added.

Zhongguancun online software information on November 18 afternoon 13 points of news, this The invention of Microsoft Office 2010 is a big change of the world.

morning, "2008 rising Internet security technology conference" morning field's meeting has been successfully concluded. In the morning session, the academician of Chinese academy of sciences NiGuangNa as honorable guests also attended the event, and at the conference did concise and splendid speech. Subsequently, rising MaoYiDing, and vice President of WangJianFeng and Mr LiHaiMing rising mainland China Internet computer virus outbreak in detail analysis.

ZhongWei: finally my turn, very urgent hope and everyone to communicate, because today I'll bring you very interesting things. Guests, respect of customer, everybody, good afternoon! Why to say good afternoon, I'll give you explain. Just my colleagues speech.

Rising 2008 safety technology conference Mr ZhongWei speech

We can find that the virus of the Internet has made virus outbreak of speed and renewal rate than in the past BaoFaShi growth, so the spread of the virus scope and endanger scope was also invisible expanded countless times, then face this kind of new form, traditional information security strategy have apparently cannot use of such a virus Internet new forms of development, then we say any thing, all with their own development cycle and life cycle, if can't adapt to the new forms of development of words, so he is also often decline of vertices began. If we take the traditional information safe mode compared to eight or nine o 'clock this morning the sun's words, now has almost 11:30, if not from now on, if not prepare from now started looking for coping strategies of words, we probably will be the time for me, so devoid, 11:30, possibly for many Outlook 2010is powerful.

people still morning, or at noon, but to me it is already in the afternoon. If we have no advanced consciousness, no crisis and urgency of words, we probably won't see tomorrow sunrise. The clock is good rising a little faster than others.

40

behavior program, if more comfortable words, many malicious put in, not a defensive role. If too strict word itself exists misstatement, for example say me to set a very strict definition, script creating documents I think is hazards program will not let you form, this to do? Microsoft Office is so great!

We actually to the problem itself also made a consideration, then we in the security system will be an jiaoyan things, through the network of supporting, very strict rules of accurate quote users directly actually, make sure it is a malicious behaviour. For we are not sure of the proposed rules, we actually just itself may be a malicious behaviour. Office 2010 –save your time and save your money.

And then to introduce a third technology, intelligent inspire scanning monitoring, why do we use it? It from the principle itself is a signature, everybody can use, you itself is behavior monitoring technology, how can use signature? This is a very simple question, because a lot of exploiting holes in the user's host program are not flaws, because now many security tools auxiliary users hit a patch, the safety of users consciousness also improves, most nets horse effect-acting is likely a, Office 2007 is so powerful.

two effect-acting, why do signature? This time for example a user using QQ loophole, but this loophole in don't exist, with killing don't exist, code ran not arise, let us be malicious behavior monitoring, through the behavior monitoring that it has no abnormal behavior, they think this is The invention of Microsoft Office 2010 is a big change of the world.

normal, apparently users this machine won't poisoning.

But for a user, if have this loophole, we can catch him. But not all users are installed our program, our objective is to acquire more information, such as malicious website, bring them here can be added to the firewall repository, can protect more users. So for this piece said we made some processing, because most of the time we see is plain code and not encrypt the code after use of a loophole, such word, or other means, it, or the code and vulnerability itself is limited, every loophole of its code characteristics, plain code feature is actually very similar, this time can use Microsoft Office 2007is my love!

our broad spectrum characteristics were poor, but not to say after dozens of features encrypted hundreds of thousands of a feature, such become we can use very little cost to realize functions. Because it is a plain code herbs, accurately is very high, but because the script is the text you need to do to make intelligent matching broad-spectrum antivirus it takes a certain price, and we do have influence on the script itself.

39

agent, first script digital creation script engine, the script engine to create a real agency script engine. Then he will obtain the function of the script engine COM object, this is what we care about, we can all get, but we get is our concern objects. The third it COM object it replaced, replaced by our own use, so you mean our script engine inside realized in action Office 2007 makes life great!

monitoring. We'll see if we articulated later executive process and articulated later, our script execution flow say this is script engine, engine, a function call agent, first call is COM object, the agency provides the agency provides COM object if found to have problems can be directly back, if no problem can continue calls using. Many people like Microsoft Office.

Next we see the specific monitoring script monitoring technology, our script monitoring main determination technology, introduce three kinds, one kind is overflow against defense technology, the other is the malicious ACTS monitor system and intelligent inspire monitoring scanning techniques. First look at overflow against defense technology, overrun code entry, conducting overrun code can do some special things, for example: download process to obtain information, of course, all of this system to do what the watch overflow, i.e. it wants to do what they can do. And then on to overflow against us, overflow attack first analysis must be overrun code, you use scripts Windows 7 make life wonderful!

to overflow, does that have overrun code? These overrun code itself has some specific characteristics, such as 0704 he has its own characteristics, can the inside is a directory, parameter, because of different overflow have different functions, function have different characteristics, so this kind of overflow characteristic is very easy to find. Microsoft Office 2007 is welcomed by the whole world.       

The second point is the overflow of code of always exists in a script, whatever you do any encryption and decryption, we only need to intercept to function executions bottom, executed in function checked his parameters and overflow of characteristics, which can match the performance very easy judgement gives this code is overrun code, then intercepting organization the entire code running. The characteristics of the technology it is that it is very accurate judgement of the spill, because basically is two, little can get overrun code, second point all the overflow the typical characteristics of typical characteristics, we pass judgement, this is its advantages. Second in the execution of the script, function is very much, we in the prophase technology is very much, basically inside the interception, so the technology itself to the script execution speed have certain effect, may cause scripts run relatively slowly. I loveOffice 2010 !

Next to introduce behavior monitoring technology, first we intercepted at scripts operation is call system function, and then in the function of execution, we check before function of already existing behavior sequence, executive has a behavior sequence, we put all the execution process can keep down, keep down we will form a behavior chain, this behavior chain kept in this how we check? Before operation of the first we have an expert experience database, and this is what is produced? We analyzed the source of the virus can be analyzed, know script viruses a kind of Microsoft Office 2010is so great!

script viruses behavior is what kind of, as long as the sequence on this behavior sequence matching we can think it is a hazard program, is a malicious code, we can end the function of performance, but also terminate the arbitrary functions behind the calls, so we reached prevent Trojan download purpose. But this behavior monitoring itself has a natural defect, because normal

38

ago, we actually had a script, the sand box hanging horse page of this, when we have more thorough research, we use the AE box, oneself write a browser, then using this browser operation we think suspicious hang horse pages, found that we can intercept to very much Microsoft Office 2010 is so great.

system related calls, principle is basically consistent, but ultimately why give up? Because there are two problems, one is script encryption and decryption script engine itself is realized, he internal do I have no way to intercept drop, then as a product it out, if the problem is still as their Office 2010 is my love.

sand box no way to intercept to all the data. The second we also found a characteristic, the script engine once we mentioned the system function, it is through the script called Numbers to do, but we found that theory and practice often is a difference, the script engine can, through their own function to create system provide third party controls, or system offers some standard controls. Although the script engine can be scripted digital itself to create this object, but a lot of Trojan writers do not his script engine directly through to do, that such word still have no idea, or not Office 2007 is the best invention in the world.

achieve our behavior monitoring.

And then the third weakness, we found that if the script digital replacement, then in Microsoft's concept, using IE class box inside the program we are unable to process, the download Trojan also download Trojan, this infection users or infection users, we will consider it to Windows scripting Microsoft Officeis inexpensive and helpful.

framework, no matter what, you script digital script engine is fixed, not exist multiple script engine, I can write an own the other engine, so we through the script agent can intercept to Windows all the ABS and JS and system of the communication between. We solved the problem after problem, here is a script engine itself is can create object that can arouse the third party controls COM create there is a problem, we must have its own function script engine in understanding, we said earlier, the script engine itself is a COM object, then we can do some hands and processing. Microsoft Office 2007 can make life more better and easier.

problems and some of our ideas, we found no way to fix with character method with virtual execution way this thing also exist big problems, see again we mention subjective defenses. This somewhat similar to the police handling, the first step and collect Microsoft Office 2010 is so great.

evidence, and the second step through expert experience to match this behavior is malicious survey of law, i.e., what can do similar to what not to do if you do not do is illegal and criminal. If we can understand the behavior and actions, script can you use rules to match? The answer is yes, Office 2010 is my favorite.

if we can intercept the script's behavior is can we do it. Because loopholes and fixes this itself is actually hanging relies on third-party control or system vulnerability to do, these loopholes in fact are limited, may be 100, 200, code is a specific, flow also is ongoing process, so if we can catch the script behavior can make expert experience rules for behavior judgement.

Next, the realization of the technique introduced intelligent behavior. In this part, we first introduce the Windows scripting operation model, through this one for the whole script introduced let everybody running framework with an overview of, then introduce our monitoring system architecture. And finally to introduce our behavior that judge rules, the three most used inside the Office 2007 can make life more better and easier.

main technology. First, let's look at Windows script execution architecture, divided into two parts, a digital, the second is a script script engine, and they both are independent, and there are two of the module, communication relationship is the whole script running script number of sponsors, which means it launch script operation, runs with to the script, which is why the environment we found that many scripts, for example, ABS, JS can be mixed programming, variable in ABS in JS Microsoft Office is helpful.

can also use, why? Because their national space is the same rather than more.

Then another function provided that means that it will accept and response script system call and scripts events, for example scripts I need to call some of the functions for example to system change, these are the window size of digital to do through script. The script engine first function is to provide the script code explain implementation, the second he will inform the script data some state script engine itself and the scripts are executed state, and the third will call system of some functions. We through carefully observed scripts digital and scripting engine I found some interesting features: first script provides the whole script digital operating environment, the script script engine and Numbers of the communication between is needed to achieve the COM interface. The script engine also has a very distinct characteristics, the function is all inside him by the COM constitution, this is our second features found. Next we introduced the script engine and scripts digital relationship, the script engine and script the characteristics of digital communication, and then to see script monitoring system model architecture. This is the system to provide script digital, this is script engine, we in the middle by inserting a script, in a traditional backlog engine inside, this script script monitoring stressful events and system call is not the systematic monitoring cause system can't get its monitoring, say so traditional not intelligent monitoring, just a scripting block monitoring, say so unable to system processing. But you may have a question, if I just do a safe browsing machine do a other things aren't they the same? Microsoft Office 2007 is the best invention in the world.

this is two or three years ago, in fact, appear technology block fundamental principle the script execution system Windows architecture, once found the scripts are executed Microsoft Office 2010 is so great.

and killing this script block out similar to the concept of file monitor. This technique we personally think in the present situation itself is an accumulation, because the script may be in your monitor partition, when conducting script block, get the script of not complete, so you get a piece of the virus could not tell a virus or not viruses. Office 2010 is my favorite.

Then we see defense technology initiative, everyone is very familiar with me also don't do special Microsoft outlook 2010 is convenient!

detailed introduction of course this one advantage is that it can present sent into unknown viruses, is based on behavior rules to judge, but there are still some problems, for example say me to set very loose, while users there is a situation, that is, he have this aspect of professional knowledge, no change to decide. The second I tell you this is dangerous, delete, it exists the misstatement.

90% of nets horse infection machines are needed to make the script, this is the first information, a second information basically, we can draw a conclusion that, if we could bring the script problem Outlook 2010 is powerful.

solved let these scripts have no way to run, so nets horse is still can download to users machine? Third, we must solve problems, judge is it script malicious script, first in the face of an issue is script encryption and deformation cause problems, this problem is very complex, because the script itself is a program that is a kind of programming, I can be very simple writing some Microsoft Office is helpful.

algorithm, if you use virtual execution of encryption and deformation, we can reference originally old PE antivirus way, is a broad spectrum characteristics, and a very effective virtual machine, I through the virtual machine may pass through this program, the process can take encryption code untie, but it is not particularly for scripts, because the reality is a script text illustration language, it's a lot of function calls dependent on system, the second script convenience it itself is provide very convenient written language and tools, its threshold low. The second he can mobilize very much third-party CAM control, if you want do virtual execution, realize it's close action, that means you must have very many third party controls, this on efficiency, cost and energy, there is no way to deal with.

 into direct hang horse, frame hang horse and contig-oriented MaFeiChang hang horse, simple and direct hang the hacker intrusion website directly on the site, user page modified, his own page hang up. Frame hang a horse is put a connection or other to do. Contig-oriented horse is the user hang interview hijacked, for example, you visited a page, he will Microsoft Office is so great!

be in the page directly into inside. Next we see the way hang horse page, early is generated, but wrote the invaders with the development of industry chain, this simple job had been handed over to the special page to do. And advanced hang horse page is often aimed at multiple holes, why will Office 2010 –save your time and save your money.

appear this kind of circumstance, because the vulnerabilities are the hosts the existence and users not website. According to individual machines is why? In order to improve the scope of infection is hanged, adopt Trojan automatic script way, first see you got any software, then see what control is useful, then based on the space you pack to specific code.

We see the horse's script itself hang characteristics, the characteristics of fixes this itself hang in The invention of Microsoft Office 2010 is a big change of the world.

early is actually a Ming Ming horse horse, if it is, then we can very simple to look out for, first look at this period of scripts, through this period of scripts, we can clearly see first create an object, even do not know how to program also know it doing, then open the connection, download program, don't understand, the document on the preserved, downloads, then put the program to run, if this is a Trojan horse program of words, very simple this is a use of a loophole to download Trojan Jane process, with which we, after this code encrypted see nor even let programmers know what meaning, only let code run away to know. If that doesn't see program code, may all have no way to judge it does.

Then we introduced in front of our problem and the problem of some specific detail what I gave you, then introduce our traditional method for this question has auxiliary help of technology. We Outlook 2010is powerful.

take these technology into two kinds, one kind is to run the intercept, including a malicious web site interception and web scripting anti-virus, malicious web site is a firewall, web scripts intercept the antivirus, for example, hang file monitor after left out a file down, use the document file monitor aside, that does not kill virus, it belong to static antivirus range, timeliness and inefficacy, web scripting antivirus the piece itself exists to finalize the design, have no way to handle encrypted file monitor, if is to hang a horse, if the first type monitor I downloaded files can you Microsoft outlook 2010 is convenient!

sent to do a bit of hope, I slightly change you can sent into? This is impossible.