2008年4月27日星期日

Cause the evil manipulator of web page of high browser resource occupation

Along with the development of computer and network application, computer information security is dangerous as being faced with and the loss that has caused is also increasing into time, especially various hackers grow , some personal users also often encounter the attack of different means, this has to arouse our attention.

For personal user, except virus and hobbyhorse, the invisible code in web page also begins to threaten our safety seriously, but the most persons lack self to protect consciousness , are not enough for the harm knowledge of invisible code , have even stolen important information under the condition that not known the facts by oneself by others. Because of invisible code have comparison big conceal sex, so far, have no virus fire wall yet can prevent the attack of invisible code well, majority can not even discover at all. So we more should the invisible killer in the high alert code of web page. In generally speaking the code of web page " invisible killer" divide into approximately following some kinds of:

Invisible killer

Through the system resources that consumes this machine

The typical mischief of code of " invisible killer 1 " is to produce a dead cycle through JavaScript. This kind of code may be to appear in having the website of malice, may also give you with the form of mail attachment. Now, the most mail customers hold program, may use browser voluntarily to open the file of the type of HTM / HTML. Such only you a dozen of open attachment, on screen, will arise the browser window that countless opens recently. Finally, let you have to start computer again.

Avoid bad method for this kind of problem, it can only be the attachment that does not open casually the mail that stranger sends , is .vbs, especially development , .htm and .doc , , the attachment of exe.

Invisible killer

The practice of this kind of code typical case passes in web page

The code of " invisible killer 2 " is to show way to conceal comparatively than the characteristic of " invisible killer 1 ", general person does not discover easily invisible code is reading to take the file on own hard disk. " invisible killer 2" can still realize it using browser self loophole to kill to recruit, such as IE5, the IFrame loophole of 0. Some lines of very simple codes may read to take the file on your local hard disk that any IE may open.

Avoid bad method may pass to close JavaScript

Invisible killer

Attacking person to pass attack first into the responsible DNS server of the goal machine analysis of domain name, then go to DNS - IP address reset a he has taken the host computer of super user limits of authority.

This kind of attack now seldom appears in domestic , but endangers if succeeding but is very big. It is heavy to lose. Method is its attack: When he has taken that host computer of super user limits of authority on a fake environment completely similar to goal machine, the user who comes to inveigle you to hand over you is well-known and password. For example, our mail even the bank account number on net and password. Because what you face is a environment similar to yesterday, when you skilled knock into user name and password time. It is not genuine host computer to have not thought of at all.

When avoiding bad method go on-line, best barrier loses JavaScript of browser , makes attacking person can not hide the sign of attack , only just opens it when visiting familiar website, though, this can reduce the function of browser, but I think that this is still been worth for. It is to do not link other websites from the website that does not know by oneself to still have , especially link those needs to input the website of the password and name of personal account.

Invisible killer

This kind of present problem

We may now see the safe installation of own IE, for " download ActiveX that has signed control ", now choose item is " hint". But your possibility does not be known , IE still has privilege, download and carry out program under the condition of need not point out. This is a serious safe problem, we may be controled completely under the condition that not known the facts by others.

Compatibility Flags0x00000400:

Invisible killer

The harm of this kind of code is

This is not sensational, actually, IE may make hard disk be not what new loophole by format through conducted ActiveX , contains the web page of this kind of code if glancing over , your machine hard disk will quilt fast format, also because of format window is minimum, your possible foundation has not been noticed , until discovering , have repented too late.

Avoid bad method deltree and format.com of this machine, it is a method that the dangerous orders such as exe rename. Because we, in Windows, will use really the condition that these DOSs order and are not many, many Hong virus or dangerous code is to directly use these DOSs to order , if famous country produces Hong virus " July killer ", it is to have joined deltree c in Autoexec, in bat: \/y.

没有评论: