资源描述:
《【教你】防范网页木马入侵,原理完全解析》由会员上传分享,免费在线阅读,更多相关内容在工程资料-天天文库。
1、【教你】防范网页木马入侵,原理完全解析TheessenceistousewebvulnerabilitytodownloaduserstospreadTrojans,whenweknowmoreofthiscaneffectivelyprevent・Arch-criminalis〃webTrojanmalwarethreats,andtheimpressionisdifferent,precisely,isnotawebTrojanTrojanprogram,whichshouldbecalled"Trojanhorse"planting",i.e
2、.abrowserorbrowserplug-inprogramthroughtheattack(thetargetisusuallytheIEbrowserandtheActiveXprogram)vulnerabilitiestothetargetusermachine,Trojanhorseviruses,stealpasswordsandothermaliciousprogramsmeans.WhatarethecommonwebTrojanattacks?Howshouldusersidentifyanddefendanattackfro
3、maTrojanhorseontheweb?Thisarticlewillbecarefulforeveryonetocome:AttackerscommonlyusewebTrojanattacks,accordingtothedegreeofuserinteraction,canbedividedintoactiveandpassiveattackstwo.Activeattackmode:Itistheattackerthroughvariousdeception,lureandothermeans,tolureuserstovisitawe
4、bTrojansite,andiftheuseraccidentallyvisitedthemaliciouswebsite,itmaybeinfectedwithmalicioussoftware・Thecommonattackcase,theattackerinvariousforums,chatrooms,bloguserfocusedregionalpublishpornogrsphiccontentinavarietyofonlinegames,connectthechatchannelinthereleaseofvariousinfor
5、mation,theuseoflotterywinningavarietyofinstantmessagingsoftwareorbyhandbeforetheinfectedusertoautomaticallysendacontactwithcheatingthenatureofthelinkstootherwebsites・Passiveattackmode:ReferstotheattackerbyinvadingInternetaccesstolargequantitiesofthesite,andinsertthewebTrojanin
6、itscodeinthepage,popularintheIDCroomandtheintranetbyARPspoofinginsertmaliciousWeblinksalsobelongtopassiveattacks,thisattacktospreadnetworkattacks,accesstotheuserofthesitetheremaybeinfectedwiththeTrojanplantmalware・Althoughthereisnospecificstatisticalresults,butfromtherecenttre
7、ndofsecuritycompaniesissuedbytheattack,theTrojanhorseactiveattacksandpassiveattackslaunchedalmostthesamefrequency・IftheuseraccidentallyvisitedawebsitethatmighthaveaTrojanhorse,howdoyouidentifyaTrojanhorseattackthatisoccurring?Userscanbejudgedbyseveralofthemostcommonphenomena:S
8、ystemreactionrate:Atpresent,theattackerconstructsIEbrowservul