In recent times,know the security emergency response team to capture some of the use of a similar domain name,input the wrong domain name to hang horse behavior.
Such the object of attack is generally not input the Internet of people(they will easily enter the domain name),the careless one(I is also enter the domain name wrong found hanging horse),foreign friends(they are not familiar with the domestic site,easy to input error).
Due to the Olympics coming,there may be a lot of people through a network of convenience to get faster and more tournament information,such attacks can be effectively affected to the users of the network aspects of security,especially foreign friends vulnerable.
We want to go Sohu,there may be a lot of people spell Sohu(souhu.com),and this souhu. com is a full of malicious domain name,it does not exist in the website,in its code,connect a few malicious address,to attack access to it.
And enter google. cn,maybe someone will rarely enter an o,but this gogle. cn is also not been using the domain name,then how is it possibly malware?
Since we input the wrong domain name,DNS resolution will turn to a service provider specified by the one page,for example, 1 1 4 search or the like,and this gogle. cn the steering domain is a common place(if you often mistype a domain name in it):OK365 search.
While the malicious source is OK365 of the search return page is hung it up.
So,in your input the wrong domain name,you will be transferred to a OK365 the search page,thereby triggering the OK365 on the malicious code.
这 两 个 站点 都 是 挂 了 hXXp://www.cao-2.cn/a0252580/a25.htm,it takes advantage of the following vulnerabilities:
ms06-0 1 4
Access the snapshot tool vulnerability
Ourgame game bug
Storm player exploit
Sina TV vulnerability
On this hanging horse domain www.cao-2.cn 与 上次 的 仿 新浪 挂马 是 同一 伙 人 所为 they're during the Olympics registered high similarity of the domain name hanging horse,also in DNS The steering the past 3 6 5 search hanging horse. They use the domain name also includes a www. cao-1. cn,www.cao-2.cn 等,have been transferred to the CNCERT/CC processing.
Recommends that users install antivirus software to protect against virus invasion,installed 3 6 5 doors to cover the anti-virus software to the WEB aspect of protection.