Recently, there is a network security experts said the study found that a large number of malicious programs for major online banking appears on the network, by *** through face book and other public service groups
The CDN content manner.
Security researchers said, *** First uploading a malicious program to face book of public service, and then get to share files from the face of the jump address book.
*** inject malicious programs through such means it can be very effective through the company's Web site is usually the major browser, you can also avoid security software to monitor, at the same time to obtain the trust of users, to better enable users to download malicious programs.
Use PowerShell scripts to load the virus:
in fact, the user clicks on the link to download a file just a very ordinary compressed, and there is no security risk, but the file compression package contains a script file called PowerShell loaded.
Because PowerShell is a local file system and security software will not be detected, when the user clicks to download the script will run *** Download virus. In addition, the researchers also observed *** APT32 organization also is using this operation aiming to expand the network *** Vietnam activities.
It is worth mentioning that, when Dangdang victims from other countries, the *** link will download an empty file in the final stage, thereby interrupting ***. *** One can imagine the security behavior is mainly used to steal banking information of users in Brazil.
Security:
the receipt of e-mail or unknown links, not easy to click, most likely there *** virus. The use of well-known companies in the country jump address of a walk *** *** also common, usually using t.cn, url.cn and dwz.cn three addresses. The three main address is in short URL Sina Weibo, Tencent Weibo and Baidu are, however, many of the security of such software will intercept address.