Vladimir Palant, tus tsim ntawm Adblock Plus, () nyob rau hauv qhov tshwj xeeb Safepay web browser raws li Chromium engine, muaj raws li ib feem ntawm Bitdefender Total Security 2020 antivirus pob thiab tsom rau kev nce kev ruaj ntseg ntawm tus neeg siv kev ua haujlwm ntawm lub ntiaj teb network (piv txwv li, kev cais ntxiv yog muab thaum nkag mus rau hauv tsev txhab nyiaj thiab kev them nyiaj systems). Qhov tsis txaus ntseeg tso cai rau cov vev xaib qhib hauv browser los ua cov cai tswj hwm ntawm qib kev ua haujlwm.
Qhov laj thawj ntawm qhov teeb meem yog tias Bitdefender antivirus ua qhov cuam tshuam hauv zos ntawm HTTPS tsheb los ntawm kev hloov daim ntawv pov thawj TLS thawj ntawm lub xaib. Ib daim ntawv pov thawj hauv paus ntxiv yog ntsia rau ntawm tus neeg siv khoom lub cev, uas ua rau nws muaj peev xwm zais kev ua haujlwm ntawm kev tshuaj xyuas tsheb siv. Lub antivirus wedges nws tus kheej rau hauv kev tiv thaiv kev khiav tsheb thiab ntxig nws tus kheej JavaScript code rau hauv qee nplooj ntawv los siv lub Safe Search muaj nuj nqi, thiab nyob rau hauv cov ntaub ntawv ntawm teeb meem nrog daim ntawv pov thawj kev ruaj ntseg kev twb kev txuas, nws hloov lub rov qab yuam kev nplooj ntawv nrog nws tus kheej. Txij li cov nplooj ntawv yuam kev tshiab tau muab rau sawv cev ntawm tus neeg rau zaub mov raug qhib, lwm nplooj ntawv ntawm tus neeg rau zaub mov ntawd tau nkag mus rau tag nrho cov ntsiab lus tso los ntawm Bitdefender.
Thaum qhib lub vev xaib tswj hwm los ntawm tus neeg tawm tsam, qhov chaw ntawd tuaj yeem xa XMLHttpRequest thiab feign teeb meem nrog HTTPS daim ntawv pov thawj thaum teb, uas yuav ua rau rov qab los ntawm nplooj ntawv yuam kev spoofed los ntawm Bitdefender. Txij li thaum nplooj ntawv yuam kev raug qhib hauv cov ntsiab lus ntawm tus neeg tawm tsam lub npe, nws tuaj yeem nyeem cov ntsiab lus ntawm nplooj ntawv spoofed nrog Bitdefender tsis. Cov nplooj ntawv muab los ntawm Bitdefender kuj tseem muaj qhov tseem ceeb ntawm kev sib tham uas tso cai rau koj siv lub Bitdefender API sab hauv los qhib qhov kev sib tham Safepay browser cais, qhia meej cov kab hais kom ua tsis ncaj ncees lawm, thiab txhawm rau tshaj tawm cov lus txib siv "--utility-cmd-prefix" chij. Ib qho piv txwv ntawm kev siv (param1 thiab param2 yog qhov tseem ceeb tau txais los ntawm nplooj ntawv yuam kev):
var thov = new XMLHttpRequest();
request.open("POST", Math.random());
request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
request.setRequestHeader(«BDNDSS_B67EA559F21B487F861FDA8A44F01C50», param1);
request.setRequestHeader(«BDNDCA_BBACF84D61A04F9AA66019A14B035478», param2);
request.setRequestHeader(«BDNDWB_5056E556833D49C1AF4085CB254FC242», «obk.run»);
request.setRequestHeader(«BDNDOK_4E961A95B7B44CBCA1907D3D3643370D», location.href);
request.send("data:text/html,nada —utility-cmd-prefix=\"cmd.exe /k whoami & echo\"");
Cia peb nco qab tias qhov kev tshawb fawb tau ua hauv 2017 uas 24 tawm ntawm 26 tau sim cov khoom siv tshuaj tiv thaiv kab mob uas tshuaj xyuas HTTPS kev khiav tsheb los ntawm daim ntawv pov thawj spoofing txo qhov kev ruaj ntseg tag nrho ntawm HTTPS kev sib txuas.
Tsuas yog 11 ntawm 26 cov khoom tau muab cov khoom siv cipher tam sim no. 5 lub tshuab tsis tau txheeb xyuas daim ntawv pov thawj (Kaspersky Internet Security 16 Mac, NOD32 AV 9, CYBERsitter, Net Nanny 7 Win, Net Nanny 7 Mac). Kaspersky Internet Security thiab Total Security cov khoom raug tawm tsam , thiab AVG, Bitdefender thiab Bullguard cov khoom raug tawm tsam и . Dr.Web Antivirus 11 tso cai rau koj los yob rov qab rau cov ntawv xa tawm tsis txaus ntseeg (kev tawm tsam ).
Tau qhov twg los: opennet.ru