(Clearwisdom.net) In the recent computer virus attacks against overseas practitioners, the attackers mainly took advantage of the security holes in Microsoft Internet Explorer (IE). We recommend that everyone use another Internet browser, and set it as the default browser. This will greatly reduce the security risk. Especially for practitioners who are not familiar what program to allow access to the Internet through the firewall, the browser replacement should be done as soon as possible.

In this article, we will talk more about computer security, especially in the area of IE security holes.

In the past several years, the computer attacks against Dafa practitioners have evolved in the following order:

1. Attacking overseas Dafa web sites directly from mainland China
2. Attacking overseas Dafa web sites through overseas proxies
3. Attacking U.S. government web sites using fake Dafa web site's identity
4. Set up fake oversea proxy to trap Mainland practitioners
5. Spread virus through practitioners' email. The viruses are mainly the more popular ones that are currently spread on the Internet.
6. Spy on practitioners' email communication, impersonate practitioners' style, and send email virus as attachment.

As practitioners become more and more aware of computer security, especially being careful about opening email attachments, these tricks are no longer effective. They have moved on to Trojan viruses to monitor practitioners' computer activity.

A "Trojan" is a program installed in the computer without the user knowing. The program automatically starts whenever computer is turned on. In the background, it monitors keyboard strokes and records any account name, password, and address book entries. It also scans all documents and steals useful information. Then it transmits such information to a remote machine.

Installing Trojans in the past was not easy. It required the user to run a program (such as open an email attachment). But now, with IE security holes, Trojans can be installed simply by visiting a web page. The evil is taking advantage of the security hole immediately.

Their attacks have following characteristics:

1. Content:
   
   The email pretends to contain truth clarification information, for example: "Big Trial " or "Clarify the truth through different ways". It may say something to draw people's curiosity, such as "UFO appears at rocket launch." It may report some internal news such as mainland practitioner so and so being arrested.
   
2. Web Page Link
   
   In order to install a Trojan, reading the email content is not enough. You must visit a web page. In the email, it often says, "Please click here to find out the newest information". This URL leads to a web page where the Trojan code is located. It mainly exploits the security hole in IE's embedded object feature. If you open the web source code (VIEW SOURCE), you should see some code like this:
   
   object data="lhxyexe.asp" height=0 width=0
   object data="lhxyhta.asp" height=0 width=0
   
   or the code is wrapped around like this:
   
   iframe src="mm.html" name="id" width="0" height="0" frameborder="0"
   Where the code is stored in "mm.html".
   
   The secret is "width=0 height=0". As result of these settings, the object is not shown on web page.
   
3. HTML Attachment
   
   The next, more advanced trick is using an HTML attachment, which people are generally not suspicious about. However this HTML attachment contains the Trojan object code. In this case, it must use the complete URL:
   object data="http://xxx.xxx.xxx.xxx/lhxyexe.asp" height=0 width=0>
   
4. Moving Trojan code server to overseas
   
   At the beginning, the Trojan code was located at China-based websites. We have found such servers in Shanghai, Shandong, etc. They also use some well-known Chinese web sites to forward the user to their server. For example, it may use the Net Ease website http://abckdkd.nease.net. Because Net Ease provides a domain name forward service, the user is forwarded to the server with the Trojan code.
   
   With a firewall installed, you need to very careful if your computer tries to visit a Chinese IP address without reason. Lately they have set up web sites outside China. We recently found one in the U.S. and one in East Asia.

The answer is rather simple. So far all of these tricks exploit security holes in IE. Other good Internet browsers include Mozilla or Netscpae. Mozilla's installation is simple, please visit www.mozilla.com

The key point is that Mozilla must be set as the default browser in the computer. So when you click a URL in an email, the popup window is Mozilla-based instead of IE-based.

Mozilla is not supported well in some multimedia web sites. In those cases, if you are sure that the web site is safe, you may use IE to visit.

In summary, currently, discontinuing the use of IE is the best way to avoid Trojans. Please pay special attention to this matter.

Posting date: 11/16/2003
Original article date: 11/15/2003
Category: Practitioners' Insights
Chinese version available at http://www.minghui.org/mh/articles/2003/11/11/60328.html

 Yearly Archive  Printer Version