Web viruses are viruses that use web pages to cause damage. They exist in web pages. In fact, they use some malicious code written in some SCRIPT languages ??to exploit IE vulnerabilities to implement virus implantation. When users log into certain websites that contain web viruses, the web viruses are quietly activated. Once these viruses are activated, they can use some system resources to cause damage. It can range from modifying the user's registry to change the user's homepage and browser title to turning off many functions of the system, installing Trojan horses, and infecting the user with viruses, making it impossible for the user to use the computer system normally. In serious cases, it can even change the user's computer system. The system is formatted. This kind of web virus is easy to write and modify, making it difficult for users to guard against it.

Current web viruses all use JS.ActiveX and WSH*** to work together to perform local write operations on the client computer, such as rewriting your registry, on your local computer hard disk Add, delete, change folders or files and other operations. However, this function gives an opportunity for web viruses and web Trojans to take advantage of. Before we analyze web viruses, let us first know the culprits that promote the formation of viruses: Windows Scripting Host and Microsoft Internet Explorer vulnerability exploitation

Windows Scripting Host, Internet Explorer vulnerabilities and related WSH are "Windows Scripting The abbreviation of "Host", its common Chinese translation is "Windows Script Host". For this more abstract term, we can first have a general understanding: it is a scripting language working environment embedded in the Windows operating system. The concept of Windows Scripting Host first appeared in the Windows 98 operating system. Everyone must still remember the batch processing command under MS-Dos, which effectively simplified our work and brought us convenience. This is somewhat similar to the scripting language that is popular today. But even if we regard the batch command as a scripting language, it is the only "scripting language" supported by the Windows operating system before version 98. Since then, as various real scripting languages ??have continued to appear, batch processing commands have obviously become insufficient. Faced with this crisis, when Microsoft was developing Windows 98, in order to enable multiple types of script files to be run directly under the Windows interface or Dos command prompt, a language-independent script based on the 32-bit Windows platform was implanted in the system. Script running environment and name it "Windows Scripting Host". WSH is built on ActiveX. By acting as a script engine controller for ActiveX, WSH clears the way for Windows users to take full advantage of the powerful scripting command language. WSH also has its shortcomings. Everything has two sides, and WSH is no exception. It should be said that the advantage of WSH is that it allows us to make full use of scripts to automate computer work; but it is undeniable that it is this feature that brings new security risks to our system. Many computer virus makers are keen on using scripting languages ??to compile viruses, and use the support function of WSH to let these scripts hiding viruses spread widely in the network. With the help of this defect of WSH, the current "webpage crisis" has been formed through webpage scripting languages ??such as JAVASCRIPT, VBSCRIPT, and ACTIVEX.

What also contributes to this problem is Internet Explorer's own vulnerabilities. For example: "Incorrect MIME Multipurpose Internet Mail Extentions, Multipurpose Internet Mail Extensions Protocol Header", "Microsoft Internet Explorer browser pop-up window Object type validation vulnerability". The problems or loopholes in several components introduced below or the lax filtering in terms of security issues have caused another important factor in the "webpage crisis".

Java language can write two types of programs: applications (Application) and small applications (Applet). Applications are programs that can run independently, while Applets cannot run independently and need to be embedded in HTML files, follow a set of conventions, and run in browsers that support Java (such as Netscape Navigator version 2.02 or above, HotJava, Microsoft Internet Explorer version 3.0 or above) , is an important application branch of Java, and the most interesting aspect of Java at that time (it changed the dull interface of web pages), which is to add animation, images, music, etc. to the design of WWW web pages (Home Page / Pages), and The most commonly used methods to achieve these effects are Java Applet and Java Script (this is a Java command language).

JavaScript is an object- and event-driven scripting language with security features. The purpose of using it is to interact with HTML hypertext markup language and Web clients. This allows you to develop client applications, etc. It is implemented in the standard HTML language through embedding or file references. Its appearance makes up for the shortcomings of the HTML language. It is a compromise between Java and HTML. It has the characteristics of object-based, simple, safe, dynamic, and cross-platform.

l ActiveX is a set of technologies proposed by Microsoft that use COM (Component Object Model) to enable software components to interact in a network environment. It has nothing to do with specific programming languages. As a technology developed for Internet applications, ActiveX is widely used in all aspects of WEB servers and clients. At the same time, ActiveX technology is also used to easily create ordinary desktop applications. ActiveX technology can be used in Applet, such as directly embedding ActiveX control, or using ActiveX technology as a bridge to integrate multi-language program objects provided by other developers into Java. Compared with Java's bytecode technology, ActiveX provides "Code Signing" technology to ensure its security. Since it is a web page virus, to put it simply, it is a web page. Even the creator will make this special web page no different from other ordinary web pages, but when this web page is running locally, the operations it performs are It is not just downloading and then reading it out, but behind the former operation, there is also the downloading of the original virus software, or the downloading of the Trojan horse, and then executing it, quietly modifying your registry, etc... So, this kind of What are the characteristics of web pages?

Seductive web page names and taking advantage of the browser’s ignorance

I have to admit that the creators of many malicious web pages or sites work hard on psychological analysis of the viewers. The selection and utilization of domain names are absolutely in place. Many male netizens online are interested in photos of girls, and this is a channel they use. For example, if you see a domain name: www.l*****.com, or etc., will you be tempted to take a look? It's obvious, at first glance, the picture! A picture that may be MM. Someone with some security knowledge said, don’t worry, it cannot be a BMP picture Trojan. If you use this address to open it, it must be a picture in .GIF format. OK, you can try it. Looking at another domain name, it is obviously structured.

Taking advantage of the viewer’s curiosity

It is not a good habit to be curious about everything. Some things are not just for you to see if you want to.

Unconscious browser