Watch out for high browser resource occupation caused by black web pages

For individual users, in addition to viruses and Trojans, the invisible code in webpages has begun to seriously threaten our security, but most people lack self-protection awareness, I do not have enough knowledge about the hazards of the invisible code, or even be stolen by others without my knowledge. Because the invisible code is relatively concealed, no virus firewall has been able to prevent the attack of the invisible code, and most of them cannot even be found. Therefore, we should be highly vigilant against the invisible killer in Web code.
Generally, the "invisible killer" in Web code is divided into the following categories. You can take precautions after learning about it.

Stealth killer 1: CPU usage

By constantly consuming the system resources of the local machine, the CPU usage is as high as 100%, so that the computer can no longer process other users.

The typical prank of the "stealth killer 1" code is to generate an endless loop through JavaScript. This type of code may appear on a malicious website or be sent to you as an email attachment. Currently, most mail client programs can automatically call browsers to open HTM/HTML files. As soon as you open the attachment, there will be countless new browser windows on the screen. Finally, you have to restart the computer.

Attachment of the deny method.

Stealth killer 2: Illegal reading of local files

A typical practice of this type of code is to read local files by calling Activex, JavaScript, and WebBrowser control on a webpage.

Compared with "invisible killer 1", "invisible killer 2" code is characterized by a relatively hidden expression. Generally, it is difficult for people to find that the invisible code is reading files on their hard disks. "Invisible killer 2" can also use browser vulnerabilities to kill attacks, such as IE5.0 IFrame vulnerability. A few lines of code can read any files that can be opened by IE on your local hard disk.

To avoid this problem, you can disable JavaScript and pay attention to Microsoft's security patches at any time.

Stealth Killer 3: Web Spoofing

Attackers first break into the DNS server responsible for domain name resolution of the target machine, and then reset the DNS-IP address to a host that he has been given super user permissions.

These attacks are rare in China at present, but they are very harmful if they are successful. In addition, it may cause heavy losses. The attack method is: forge an environment identical to that of the target machine on the host that has won the superuser permission to trick you into handing over your username and password. For example, our email or even the bank account and password on the Internet. Because you are faced with the same environment as yesterday, when you are skilled in typing the user name and password. I didn't even think of a real host.

When using the anti-virus method to access the Internet, it is best to turn off the JavaScript of the browser so that attackers can not hide the signs of attacks. Only when they access a familiar website, they can open it, although this will reduce the functionality of the browser, but I think it is worthwhile. Also, do not link to other websites from websites you are not familiar with, especially those websites that need to enter the personal account name and password.

Stealth killer 4: Controls User Machines

At present, this type of problem is mainly caused by the use of Actives by IE.

Now let's take a look at our IE Security Settings. For "Download Signed ActiveX controls", the current option is "prompt ". But you may not know that IE still has the privilege to download and execute programs without prompting. This is a serious security problem, and we may be completely controlled by others without knowledge.

In the Registry HKEY-LOCAL-MACHINESOFTWAREMicrosoftInternet assumeractivex Compatiblity, you can create a CLSID-based New {describ6015c} value for Active Setup controls: compatibility Flags 0x00000400.

Stealth killer 5: Illegal formatting of local hard disk

This type of code is very harmful. Your hard disk will be formatted as long as you browse its webpage.

This is not sensational. In fact, it is not a new vulnerability for IE to format the hard disk by executing ActiveX. If you browse a webpage containing such code, your local hard disk will be quickly formatted, in addition, because the window is minimized during formatting, you may not have to pay attention to it at all.

It is also a way to change the name of Dangerous commands such as format.com#deltree.exe of the local machine. There are not many cases where we really need to use these doscommands in Windows, and many macro viruses or dangerous Code directly call these doscommands, such as the famous Chinese macro virus "July Killer ", it is in Autoexec. deltree c:/y is added to bat.