Mr. Li is fond of making a forum. On this day, after replying to a forum he often goes to, his computer restarts inexplicably and the system becomes very slow after he restarts. Is it true that the post contains hidden organs? After Xiao Li updated the antivirus software virus database, he checked and found that he was running a Trojan in his system ......
Forums are often the most popular places on a website, but few people have noticed the security problems that the forum brings to viewers. However, stories like Xiao Li actually exist! Next, we will "dig" the hidden harmful traps in forum posts.
Worrying about browsing posts
Many Forum programs now add some extension functions during development. For example, you can reference the UBB tag in the post to hide the real url of the webpage in the post, special effects can be added to a personal signature.
Although these features are convenient for viewers, they also bring many security risks. Malicious attackers may use these functions to attack the viewer's systems, such as webpage Trojans. Here we simulate attackers to expose these attack methods.
Create "traps"
Select any forum with a slightly more powerful function (such as the mobile network, which is very popular in China and has many extension functions.
The webpage Trojan generator is used to create a webpage. The webpage uses the IE browser vulnerability. Open the webpage Trojan generator, click Trojan and select Trojan program mm.exe to generate two files: mm.chmand mm.html 1 ). After these two files are uploaded to the website space with the Trojan program mm.exe, you can get them to a Trojan page, whose address ends with mm.html, for example, http: // www. ***. com/mm.html ).
Figure 1 generate a Trojan webpage using the webpage Trojan generator
The next step is to use some of the extended functions of the Forum to hide the "trap", so that the browser can accidentally open the post.
Use traps
1. Trap 1: text deception
You can use text in the post to trick you into clicking the Trojan webpage link, which is the most common "trap" in forum posts ".
The attacker entered the forum where he was about to start, applied for an account, and posted a post in any of the forums. The post content is generally tempting:
[Url = http: // www. ****. com/mm.html] download the latest and most popular game materials and demos. Come in! [/Url]
Post the post after the input is complete.
Tips: The "[url] [/url]" label used in this post is a built-in label of the Dynamic Network Forum, which can serve as a link. This label is also used in other forums.
When you browse this post, you will find that only the text content is displayed in the post:
Here are the latest and most popular game materials and demo Downloads. Please come in!
Generally, people who are not clear are curious to open the Trojan webpage http: // www. ****. com/mm.html, so that their systems are planted with Trojans.
In fact, as long as you put the mouse pointer on the text, the actual URL http: // www. ***. com/mm.html 2 will be displayed in the lower left corner of IE browser ).
Figure 2 when you encounter such a post, you can have multiple eyes
<
