Security Tutorial: Understanding CSS Hanging Horses and Prevention Methods (1)

  

With the popularity of Web 2.0, various web effects have been used more and more, which also gives hackers a chance. They found that the CSS code used to create web effects can also be used to hang horses. Ironically, the CSS hanging horse method actually evolved from the CSS code that guards the IFRAME.
Antian Lab A Nan: Security engineer, engaged in virus analysis for many years.

The website hangs the horse initially very single, but with the wide application of Web2.0 technology and blog, wiki, etc., there are a variety of technologies in the hang horse, including CSS hanging horses, you can Said to be the favorite of hackers in the Web2.0 era. There are many very famous websites that have been invaded by hackers using CSS.

In my impression, the most memorable one is the Baidu space CSS hanging horse. At that time, Baidu Space launched not long after, there are many Baidu users received a similar "Ha, happy holidays! Warmly celebrate 2008, in a good mood, remember to think of me! http://hi.baidu.com/XXXXX" in the station Message.

Since the URL is the URL of Baidu Space, many users think that there will be no security problems, and it may be sent by their own friends, so they will not hesitate to click. However, after entering the specified URL, the user will be infected with the worm and continue to spread.

Due to the very serious spread of worms, Baidu Space had to issue an official statement to remind users and to remove malicious code from the worm in the server. That time, the Hanging Horse event used the Baidu space CSS template function to dynamically execute the script in the CSS code through the deformed expression, allowing the specified remote malicious code file to run quietly in the background and send a large amount of forged information.

I suggest that when you click on a strange link, you should have multiple minds, and the big website may be hanged. When you are on the Internet, it is best to use some security aids with webpage blocking function.

Why do hackers choose CSS hanging horses?

In the Web1.0 era, using IFRAME to hang a horse is not so much a choice as a helpless hacker, in order to better realize the hiding of the Trojan. In simple HTML pages and websites that lack interactivity, the means that hackers can use are very limited. Even if they use complicated camouflage, they are easy to be seen. It is not as direct and effective as IFRAME.

But today there are more and more interactive Web 2.0 sites, allowing users to set up and modify blogs, SNS communities and so on. These highly interactive communities and blogs often offer a wealth of features and allow users to use CSS cascading style sheets to freely modify the pages of the site, which has prompted CSS to be popular.

Small Encyclopedia: CSS is the abbreviation of Cascading Style Sheets. The main purpose of CSS is to separate the structure of the file (written in HTML or other related languages) from the display of the file. This separation makes the file more readable and the file structure more flexible.

When hackers use CSS to hang horses, they often rely on netizens' trust in certain large websites to hang CSS malicious code on blogs or other web pages that support CSS. When netizens visit the page, they are malicious. The code will execute. It's like you go to a well-known and well-tested big hospital. You trust the hospital very much, but the clinic you saw has been outsourced by the quack, and you have successfully deceived you with your trust in the name of the hospital. But when you go to someone to do the bill afterwards, the hospital is often innocent at this time. For security engineers, troubleshooting CSS horses is a must-have.

CSS hanging horse attack and defense record

There are more ways to attack CSS hanging horses, but the mainstream way is to write malicious CSS code to support CSS through a vulnerable blog or SNS social networking website system. The feature is personalized in the page. Below we take the typical CSS hanging horse as an example to explain.

Method 1:

Body{

background-image: url('javascript:document.write("")')

}

The main function of "background-image" in CSS is to define the background image of the page. This is the most typical way of CSS hanging horses. This malicious code mainly uses the "background-image" with JavaScript code to make the webpage Trojan run quietly on the user's computer.

How do you hang this CSS malicious code on a normal web page? The hacker can put the generated webpage Trojan to the location specified by himself, and then write the malicious code to the webpage of the hanging horse website, or the CSS file called by the webpage.



Copyright © Windows knowledge All Rights Reserved