Fraud methods and case analysis of "disguised Website"

The following methods are provided to describe website fraud. These methods do not teach you how to perform website fraud, but do not use them to engage in illegal activities.

The method is as follows:

Fake website:

Domain names of such websites are very different from official websites. They may only differ in letters, and leave Trojans or other traps on the websites to wait for logon. A typical example is:

A) fake Lenovo site http://www.1enovo.com, and Lenovo site address is http://www.lenovo.com, which only the letter L and number 1 difference, and lower case L and 1 is so similar, it is almost difficult to distinguish by the naked eye. A Trojan trap is deployed on a fake website page, waiting for someone to access the website.

B) fake ICBC website, http://www.1cbc.com.cn, and really ICBC website is http://www.icbc.com.cn, is also a letter only bad, but the number 1 and letter I although similar, but careful users can still distinguish out. This fake website is used to defraud user accounts and passwords.

C) fake bank of China website http://www.956666.com. Because the service phone number of the Bank of China is 95566.

Camouflage website

This type of website uses technical means to modify the Browser display so that users mistakenly think they have entered the correct website. A typical case is to pretend to be a US state bank website (see case 2). Wait for the virus website to enter. A floating window containing the correct address is displayed through the Java program to mask the real address bar and fool the user.

Spoofing through network real names such as 3721

A typical website is a website with a real name registered in 3721: "five strokes". After Entering the website, the website is directly linked to a malicious website.

Also sold and stolen

The trojan author's home page may also be a test site of the trojan author. Some people looking for a Trojan are first attacked by the trojan author. The case is: Trojans are sold on websites where viruses are hidden and infected by viruses.

When users access the trojan home (http://www.17951.c please do not click), automatically opens the trojan in a hidden way without knowledge (MHT vulnerability, object data Vulnerability, HHCTRL vulnerability) spread the Trojan. Use the object data Vulnerability of IE to release the malicious webpage file TrojanDropper. VBS. jingtao uses the Internet Explorer MHT vulnerability to release malicious web File Exploit. mhtRedir. hov and TrojanDropper. mht. psyme. dgc, uses the HHCTRL vulnerability of IE to release "password 7005" Trojan/PSW. mir7005.bo, which specifically steals the account and password of the online game legend and sends it to the virus author by email. It also terminates the process of multiple legendary game Trojans. Data shows that "Trojan home" is a professional Trojan sales website. In addition to providing heaven Trojan, Millennium Trojan, miracle Trojan, QQ Trojan and other viruses, it also provides various types of Trojan virus generators.

Spread viruses

This situation may occur when the website administrator's computer is infected with viruses and then uploads the files with viruses to the server. VBS/KJ and VBS/HappyTime are commonly used. These are maintained, but the consequences are not serious. During this virus outbreak, websites often spread viruses.

Column stealing

In many normal websites, viruses and Trojans are often included. This may be because the website is attacked by hackers or the website administrator is defending itself. This type of Trojan is usually manifested in the fact that the webpage is normal but contains sensitive information such as passwords. The case is securities piracy.