Create the ultimate website Trojan, worth reading!
If you open this page, I saw the following program window, then I "Congratulations" You have "cave" ^ o ^
This vulnerability is discovered that it is no longer two days. Considering the security of users, Microsoft and some security organizations do not publicly publish this vulnerability, but recently discovered that there is more and more networks on the Internet, which use the vulnerability bundle troops. After the webpage, the US computer emergency response group (CERT) officially announced a new vulnerability in Microsoft IE browser. At present, this vulnerability has no perfect solution, and users have adopted certain protection measures. It is still not possible to avoid the dangers of this vulnerability. Using this vulnerability, intruders can deceive the IE browser in the IE browser to get the script from other domains and obtain the same permissions as the local area on the target computer. CERT pointed out that invaders can perform the above scripts by using a special URL address when visiting a certain site, giving the credit card information of others even causing the entire network. The working principle of this vulnerability is as follows: IE browser identifies a MHTML file that cannot be accessed or does not exist via ITS or MHTML protocol; ITS protocol processor It may be deceived to access the CHM file from other domains. At this time, intruders can make it carefully designed to CHM files, so that the cross-domain security mode is broken by the intruder from other domains.
Gossip less, immediately enter the topic. It is very simple to realize, I believe that people who know a little HTML can be implemented manually.
Step 1: Write a web page that automatically runs the EXE file, the content is simple, as follows:
