Four ways to identify and defend a Web Trojan

Web Trojan Active attack and passive attack the frequency of initiation is similar. If the user accidentally visited a Web site that might have a trojan, how to identify the Web Trojan attack that is happening? The user can be judged according to the following several most common phenomena:

System reaction Speed:

currently the attacker builds a Web Trojan using the The Internet Explorer vulnerability, including the latest MS07004 VML Vulnerability, is the execution of attack code using a buffer that constructs a large amount of data overflow browser or component, so that when users are attacked by an overflow-class web Trojan, the system usually reacts very slowly . The CPU usage is high, the browser window is unresponsive, and cannot be forcibly closed using Task Manager. In addition, in some memory less than 512M system, overflow class of Web Trojan attack, the system will frequently read and write to the disk (physical memory is not enough, the system automatically expands virtual memory).

Change of Process:

There are a handful of IE Browser Vulnerability is not a buffer overflow vulnerability, such as the MS06014 XML vulnerability that occurred at the beginning of last year , the user in the use of the Web Trojan constructed by the attack, the system response will not be obvious changes or disk read and write, At most, sometimes the system waits for the hourglass icon, but the time is very short, users will miss when they do not notice. In this case, the user can open Task Manager or use Process Explorer tosee if there are non-user-initiated Iexplore.exe processes, strange-named processes, and so on to determine if they have suffered a trojan attack.

Browser display:

when an attacker uses a passive attack on a Web Trojan, it is usually used on a legitimate website that is controlled by it . An IFRAME statement in HTML or a Java script to invoke a Web Trojan if the user opens a legitimate website and discovers IE The status bar in the lower left corner of the browser always shows an address that is not related to the current browsing site, while the system response becomes very slow, or the mouse pointer becomes an hourglass shape, it is possible that the Web Trojan is being attacked.

Security software Alarms:

security software Alerts may be the most secure for users of a Web Trojan attack signs, but there are quite a lot of anti-virus software on the market to detect the use of Java Script and VBScript encrypted Web Trojan, So anti-virus software does not alarm does not necessarily mean that the site is safe.

User system patches to be updated in a timely manner, most of the Web Trojan victims have neglected their own system and application software patch upgrade. After all, only a handful of attackers will use expensive 0day browser exploits to make Web Trojans, timely software upgrades and security patches to protect against most web Trojans.

Four ways to identify and defend a Web Trojan