Go homepage(回首页)
Upload pictures (上传图片)
Write articles (发文字帖)

The author:(作者)aaa
published in(发表于) 2013/12/17 8:35:11
Ghost hijack Firefox extension user Lee, acts as a botnet accomplice

Li GUI extension hijack Firefox user, an accomplice acted as a botnet-Firefox, Firefox, Firefox-IT information Li GUI extension hijack Firefox user, an accomplice acted as a botnet

Foreign security investigator Brian Krebs last week found an unconventional botnets, hijacked the infected PC terminals, constant traffic access to the website, and search the back door vulnerabilities in order for access to site data and plant malicious software applications, Firefox browser users unfortunately shot, but will soon be resolved.

A botnet is an advanced method of attack, the offender used the huge computer network. Starting in May, has found that there are 1800 pages of vulnerabilities is SQL injection. Last week, the botnet again using a SQL injection attack methods, scan Web applications with poor password, log on by using these can break Web applications, to attack the site master data and mandatory access.

This attack method is primarily forged as a Firefox extension, installed at user eyelids, once installed, the browser and PC equipment is hijacked and attacked by botnets use constant access to certain sites, SQL injection, searching for vulnerabilities, gets the primary database site such as modus operandi.

The ghost Li extended pseudo is Microsoft. NET Framework Assistant, fortunately, Mozilla Foundation subsequently took action, this impostor, extensions are blocked, blocking Firefox is infected.

So if IT news reader also encountered when accessing the Web site, that the extension is installed, you need to check its authenticity in a timely manner.


(

李鬼扩展劫持火狐用户,充当僵尸网络帮凶 - Firefox,火狐,火狐浏览器 - IT资讯
李鬼扩展劫持火狐用户,充当僵尸网络帮凶

上周国外的安全调查员Brian Krebs就发现了一个非常规的僵尸网络,使用被劫持感染的PC终端,不断以大流量访问网站,搜索网站后门和漏洞,以用于获取网站数据和植入恶意软件应用,其中火狐浏览器的用户也不幸中枪,但很快就得到解决。

僵尸网络,是一种高级的攻击方法,犯罪者使用这个庞大的计算机网络。从5月份起,已经发现有1800个网页的漏洞被SQL注入。上周,该僵尸网络再次使用了SQL注入的攻击方法,扫描密码较差的网络应用,借助这些能破解登录的网络应用,对网站主数据进行攻击和强制访问。

这次的攻击方法主要伪造为一个火狐扩展应用,在用户眼皮下安装,一旦安装,该浏览器以及PC设备即被劫持,然后就被僵尸网络利用不断访问某些被攻击的网站,注入SQL,搜寻漏洞,获取网站的主数据库等犯罪手法。

这项李鬼扩展冒充的是Microsoft .NET Framework Assistant,所幸的事,Mozilla基金会随后就采取了行动,封杀了这个冒充的扩展,阻止火狐被感染。

因此,如果IT资讯的读者也遇到访问网站时,被安装了该款扩展,需要及时检查下其真实性。


)

If you have any requirements, please contact webmaster。(如果有什么要求,请联系站长)




QQ:154298438
QQ:417480759