network security issues should not be underestimated, so be careful when visiting websites
recently, the national internet emergency center ( CNERT) publish a "about the existence of some domestic websites Ramnit a notice on the situation of malicious code attacks, according to the content of the notice, a paragraph is called " Ramnit” the malicious web page code is mounted on nearly 600 party and government agencies, enterprises and institutions in the country. when users visit the website of the horse, they are likely to be attacked by viruses, posing a security threat to the user's computer.
according to the notice, Ramnit malicious code is a typical VBScript worm virus can be transmitted through web page mounts, and users browse and mount the malicious code in the browser. HTML after the page and click load ActiveX the host may be infected by malicious code after the control. the following picture is Ramnit a snippet of code that resides in the page.
figure 1. HTML page Ramnit malicious code snippet (source:Fireeye)
Ramnit mainly in user% TEMP% the folder (this folder is not usually visible to you, don't ask where it is) is implanted with a name called " svchost.exe” and execute the associated binary file ActiveX control, infected user host attempts to connect to Ramnit a related trojan control server— fget-career.com。 as shown in the figure below:
figure 2. svchost.exe being implanted (source:Fireeye)
based on the current analysis, Chrome( google chrome) and Firefox( firefox) browser users will not be affected by malicious code, while higher versions of IE the browser will do this ActiveX the control warns and does not execute automatically. and the lower version IE browser users may have made unsafe configurations (for example: setting trust from unknown sources ActiveX control) IE users are vulnerable to malicious code.
according to CNCERT 2015 the inspection results between november 2016 and march 2016 showed that there were about 1,250 units in the country. WEB the server has been mounted Ramnit malicious code, the main types of servers that are hacked are IIS( 69.3%), this type of server ASP there are many websites, followed by Apache server (19.2%).
for this, users are recommended:
1、IE browser users set the security settings (it is recommended to set to medium-high security level), and whether the execution source is unknown ActiveX the control is made by us, or the execution of unknown source is prohibited. ActiveX control.
2、abandon the old version IE browser, use google chrome, firefox, QQ commonly used in browsers or 360 safe browsers, etc., are all lower versions IE powerful.
3、upgrade the computer security manager, install the latest tencent computer security manager or 360 security guard, and often anti-virus and clean up garbage.
it is recommended that party and government organs, enterprises and institutions upgrade their websites. IDC service providers upgrade servers and strengthen servers. if you need website construction (select Apache server +PHP for development language), website upgrade, please contact us, if you have any other related questions, please contact us.
the above is the "network security issues that cannot be underestimated, please pay attention to when visiting the website". thank you very much for reading this article patiently. we will provide you with more information about reference, use or learning and communication. we can also provide you with:enterprise website construction, website imitation, website copying, imitation site, foreign trade website construction, foreign trade website construction, company official website productionfor services, our company serves customers with the service concept of "integrity, professionalism, pragmatism and innovation". if you need cooperation, please scan the code to consult, and we will serve you sincerely.
TAG label:
