Are all websites infected with viruses? It's a new version of ARP virus.

On June 16, June 13, the kangmin anti-virus center received a call from the user Mr. Sun for help. "All users in the LAN, no matter which website they visit, have been infected with anti-virus software. After checking, we found that there was a piece of code on the webpage, but after manually deleting the code, it appeared again later. Other websites also had the same code. What is the virus ?"

After analyzing the LAN, Jiang Min's anti-virus experts found that Mr. Sun's website was infected with a new ARP virus variant known as the LAN "killer. This virus causes any computer in the LAN to access the webpage, and all the webpages opened are reported to be infected with viruses by anti-virus software, at the same time the infected web page will be through the Microsoft MS06-14 and MS07-17 two system vulnerabilities to the computer implant a trojan download, and the trojan download will download more than 10 vicious online game Trojan, attackers can steal multiple online game accounts and passwords including World of Warcraft, Legend of the world, journey, fantasy westward journey, and edge games, causing great losses to online game players.

According to Jiang Min's anti-virus experts, ARP viruses are also called ARP Address Spoofing viruses, which are a special type of viruses. This virus is generally a trojan that does not have the characteristics of active transmission and does not replicate itself. However, due to its attack, it will send forged ARP packets to the whole network, seriously interfering with the normal operation of the entire network, the harm is even more serious than some worms.

When an ARP virus attack occurs, the network is usually disconnected, but the network connection is normal. Some computers in the Intranet cannot access the Internet, or all computers cannot access the Internet, the failure to open or open a webpage is slow, the LAN connection is interrupted, and the network speed is slow, which seriously affects the normal operation of the enterprise network, Internet cafe, campus network and other LAN. More seriously, the recently popular new ARP virus variants have seen new features. These ARP viruses also send spoofed ARP spoofing broadcasts to the entire network, however, viruses disguise themselves as gateways and add malicious code to webpages requested by all users. As a result, antivirus software generates a virus alarm when users access any website. Sun's company's LAN was attacked by the new ARP virus.
Jiang Min's anti-virus experts described the operating principles and processes of the new ARP virus variants. When a computer S in the LAN wants to access a website page, the computer will first send a webpage access request to the gateway, so that the gateway will download the page and send it to the S computer. At this time, another computer A infected with the ARP virus disguised itself as A gateway and continuously sent A counterfeit ARP spoofing broadcast to the whole network. In this way, when the computer S requests a web page, the infected computer A downloads the page with good intentions and sends it to the computer S. However, when it returns to the computer S, it inserts A malicious URL Connection to it. The malicious Web site connection will take advantage of a variety of system vulnerabilities such as MS06-014 and MS07-017, to S Computer planting trojan virus, the same, if any other computer in the LAN also request web page access, computer A will also return A webpage with A virus. In this way, computers in the entire network segment will be infected with viruses and even become botnets in the hands of hackers.

Currently, Jiangmin technology has received help reports from users of Enterprises and institutions that are infected with the virus. Jiangmin anti-virus expert recommends that you immediately upgrade the anti-virus database to immediately intercept various ARP viruses from the network. Immediately install MS06-014 and MS07-017 vulnerability patches for the entire computer. It is recommended that LAN users deploy KV network-based anti-virus software in a unified manner to prevent ARP viruses throughout the network. For new ARP virus variants that have not been added to the virus database, we recommend that you immediately report them to the Jiangmin anti-virus center and use the "unknown virus scan" function of Jiangmin anti-virus software, thoroughly detects known and unknown ARP viruses on the machine, and helps the network administrator to quickly clear ARP viruses.

In addition, the Jiangmin anti-virus center also provides "ARP virus Emergency Response Service" for enterprise users. In case of ARP viruses that cannot be handled, Jiangmin anti-virus engineers can provide on-site services, enables enterprise users to quickly restore their networks and ensure data communication security. The new version of the kV Firewall adds the ARP Virus defense function. You can also set the "Network Attack Protection" option to intercept ARP spoofing packets from the LAN to protect the security of the local network.

(About ARP: ARP is called Address Resolution Protocol, meaning Address Resolution Protocol. The so-called "Address Resolution" refers to the process in which the host converts the IP address of the target host to the MAC address of the target host before sending data packets .)