Shulou(Shulou.com)06/01 Report--

Recently, some network security experts said that a large number of malicious programs mainly aimed at online banks were found on the network, which were provided by * * through Facebook and other public group services.

In the form of CDN content

Security researchers also said that * first uploads malicious programs to Facebook's public service, and then obtains a file jump address from Facebook sharing.

By injecting malicious programs in this way, you can effectively use the web addresses of major companies, usually browsers, and evade the monitoring of security software. at the same time, you can gain the trust of users and better allow users to download malicious programs.

Load the virus using the PowerShell script:

In fact, users click on the link to download the file is just a very common compressed package, and there is no security risk, but the file package contains script files to call PowerShell load.

Because PowerShell is a local file of the system and will not be detected by security software, the virus will be downloaded when the user clicks to download and run the script. In addition, the researchers also observed that the APT32 is also using the operation to launch online activities aimed at Vietnam.

It is worth mentioning that when the victim comes from another country or region, the link to the * will download an empty file in the final stage, thus interrupting the *. It is conceivable that the security measures are mainly used to steal bank information of Brazilian users.

Security precautions:

When receiving an unknown email or link, do not click on it easily, it is likely that there is a virus. It is also common to use the jump addresses of well-known companies in China, usually using t.cn, url.cn and dwz.cn addresses. The three addresses are mainly on the short URLs of Sina Weibo, Tencent Weibo and Baidu, but many security software will block such addresses.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.