Security perspective: View webpage Trojans

"Typhoid" is a highly infectious disease that can be infected if exposed. The Web application system uses standard protocols. If a Web server is infected with Trojans, visitors will be infected and their information will be stolen when accessing the server as if they were exposed to a patient with a cold problem, data is damaged.

Trojan Horse participation

If you frequently access the Internet, you may find that when you click on some links, the anti-virus software will trigger an alarm, prompting you that a virus or Trojan exists. Ms. Huo, director of a bank's Technology Department, is worried about such a customer complaint: an online banking user received an online banking activity notification email. After clicking the email, she found that the website was reported as a Trojan by the anti-virus software.

This email is a small investigation activity being conducted by the Bank during this time. After clicking the "participate in activity" button, the anti-virus software immediately sends an alarm.

After analysis by professional security company experts, it was found that this is a forged activity email. The hacker forged the URL link after the "participate in activity" button. After clicking it, the user will enter the activity page, but it will also be linked to a malicious site to download Trojans, which is why the anti-virus software generates alarms. The cause of this phenomenon is that the Bank's website page code is defective. In consideration of the Bank's business continuity requirements, Ms. Huo purchased security protection products as recommended by security experts and quickly deployed them online to prevent such attacks.

Why does webpage links cause Trojan viruses to be implanted? There are several possibilities:

1? The website owner intentionally embeds malicious code on the page, which is common in private websites. For personal gain, some webmasters intentionally embed malicious code into the website pages to steal visitors' information. Generally, enterprise users do not.

2? Attackers can add malicious code to the normal page after attackers obtain the website permission. This is also a common cross-site scripting (XSS) attack.

Diagnose XSS attacks

How can I determine whether I have suffered XSS attacks? Like other common attacks, there are also many free tools for XSS attacks on the Internet. hackers who use these software may not know how to clean up their system logs, from the log analysis, we can easily see whether XSS attacks occur. Another more direct method is to check the page source code to see if any irrelevant URL or other strings appear. For example, a page source file contains code unrelated to the page function, it is likely that XSS attacks have occurred.

Because the direct victims of XSS attacks are not the website owner, but the common users who access the attacked website. Therefore, common users often find that the website has been attacked by hackers, and the website administrator still knows nothing about it. For some institutions that rely on websites for business (such as financial institutions), it is very important to do a good job of pre-check services.

What should I do after an XSS attack? First, check the attacked page, clear malicious code, and then consider future defense. Like most Web threats, XSS attacks are caused by incomplete page files, therefore, you can avoid this by deploying an independent security product or modifying code-level page files. But considering the complexity and limitations of code modification, this method is not the best choice for XSS defense. You should choose to deploy security products that are competent for Application Layer threat protection. In the practical application of XSS defense, intrusion protection products are also widely used.

Websites infected with Trojan horses are like patients with typhoid fever. If they are accidentally exposed (click the link), they may be infected (infected with Trojans. Traditional Chinese medicine believes that the principle of the total treatment of the sixth menstrual disease is to eliminate external evil and help upright. Therefore, the solution to websites infected with Trojans should also be like this: Get rid of external evil (clean up the infected page ), positive attitude (to increase security devices, code evaluation services, code patching, and other behaviors to improve the website's internal defensive capabilities ).