Method for automatically positioning webpage Trojan mount point in Trojan linked webpage

A web Trojan horse, automatic positioning technology, applied in transmission systems, electrical components, etc., can solve problems such as user threats, affecting the reputation of the website and the interests of website operators

Inactive Publication Date: 2010-09-01
PEKING UNIV
View PDF4 Cites 42 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, Trojan horses on the website not only pose a threat to users, but also seriously affect the reputation of the website and the interests of website operators. Therefore, website managers need to always pay attention to the security of web pages in the website. The location where it is hung, eliminating the harm caused by hanging horses on web pages

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052]下面结合具体实施案例对本发明方法作进一步说明。

[0053]本实施例包括下列步骤:

[0054]1.检测一个待分析网页文件(比如HTML文件)是否挂马:

[0055]a)首先使用杀毒软件扫描该网页文件的内容,若检测出包含恶意内容,则可判定该网页是挂马网页;否则继续以下步骤;

[0056]b)在受控虚拟主机蜜罐(系统中包含常见的系统和浏览器漏洞,并安装有常见的含有漏洞的第三方软件)中启动网页浏览器(比如IE)浏览该网页文件,若触发恶意行为,则可判定该网页是挂马网页。

[0057]判定为挂马网页的网页文件继续进行后续步骤以进一步自动定位木马挂接点。

[0058]需要说明的是,确定网页文件是否为挂马网页的方法不一而足,这部分内容不属于本发明方法,也不是本发明方法关注的。本发明方法只针对已经确定为挂马的网页,这样的网页也可以是他人(比如客户)提交的疑似挂马的网页,或已经通过其他方法确定挂马的网页。

[0059]2.样式表分析:

[0060]a)首先对挂马网页内容进行规范化处理,消除其中多余的空格 / 空行 / 注释行;

[0061]b)获取样式表:

[0062]-外部样式表:扫描挂马网页,当遇到标签时,若其属性满足,且含有href属性,则可以确定此处引入了外部样式表。提取href参数的右值,即为外部样式表的URL,根据这个URL即可通过网络获取外部样式表;

[0063]-内部样式表:扫描挂马网页,当遇到标签时,若其属性满足,则可以确定此处引入了内部样式表,获取该标签内部的样式表内容;

[0064]c)提取样式表中的脚本:

[0065]对于获得的样式表(包括外部样式表和内部样式表),扫描样式表中是否包含"expression”字段,若存在,则其后最近的一对匹配的"(”与”)”之间的内容为一个脚本;

[0066]扫描样式表中是否包含"url(‘javascript:”字串,若存在这个字串,则在其后与之匹配的”)”之间的内容为一个javascript脚本,例如,对于形如"url(‘javascript:xxx)”的代码,其中的"xxx”是一个脚本;

[0067]d)样式表挂马分析:

[0068]对于样式表中提取的脚本,按照下列步骤3进行分析,若经分析认定该脚本为恶意脚本,则可认为该样式表为一个恶意挂马点,输出该样式表标签所在的网页链接,样式表标签出现的位置和附近位置的上下文信息记录。由此准确定位样式表...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for automatically positioning webpage Trojan mount point in a Trojan linked webpage and belongs to the field of computer security. The method comprises the following steps of: a) determining the Trojan linking webpage; b) acquiring a style sheet in the Trojan linked webpage, and performing script analysis on the scripts therein according to a step c); c) acquiringthe scripts in the Trojan linked webpage, outputting the positions of malicious scripts in a father webpage, wherein the malicious characteristics comprise: calling the objects of known bugs, containing malicious codes, opening malicious webpages, redirecting to the malicious webpages, and adding malicious webpages; and d) acquiring an embedded webpage in the Trojan linked webpage, comparing whether the website domain name is the same as the Trojan linked webpage for the embedded webpage determined to be subjected to Trojan linkage, if so, performing recursive analysis, otherwise, outputting the position of an embedded label in the father webpage. The method can be applied to the computer security, and comprises rapidly positioning the mount position of the webpage Trojan in the webpage to assist the website management personnel to rapidly remove the malicious contents contained in the webpage.

Description

technical field [0001] The invention belongs to the field of computer security, and relates to an automatic analysis technology of a web page Trojan horse based on the analysis of the internal structure of a web page, and proposes a method for automatically identifying and locating a web page Trojan horse attachment point by utilizing the technical characteristics of a web page Trojan horse attachment. Background technique [0002] At present, web browsing has become an important way to spread malicious programs. The means of dissemination of webpage Trojan horses has changed from the previous method of deceiving users to download and install them to attacking security holes in the system and automatically downloading and installing Trojan horse programs. More and more browser and browser plug-in vulnerabilities have been discovered, such as Microsoft's MS06-014, MS08-078, MS09-002, MS09-028 vulnerabilities, Adobe Flash and Acrobat Reader vulnerabilities, etc. Common vulnera...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L29/06
Inventor 梁知音韦韬龚晓锐邹维
Owner PEKING UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap