First, the back door Malaysian analysis
1.1 detect whether the back door
1. Enter the password to log Malaysian Firefox web url address have access to other sites that back door
2. capture mode
3. Find a login through key code such as "invalid login" and found this code is encrypted, so the function is changed to execute decrypt msgbox
1.2 Analysis of backdoor Code
The decrypted code example below, universal password backdoor
Second, the analysis chopper back door
Use WSockExpert and other software for the capture process, build a new China chopper record, packet capture software settings to select a listener, using a kitchen knife to open webshell, acquiring data capture, go over the whole back door to see if there is clear address, if there is no data to decode url