Jinshan explosion 360 security vulnerability said has been used by hackers to leak privacy - original - DoNews.com-IT community -IT portal - media platform

Donewsoctober 13 news, Jinshan Security Center released a new security report that the recent popular "360U disk protection" Trojan Li Yongle 360 software key and 360 anti-virus two software security vulnerabilities to spread attacks. And said that the two software vulnerabilities are Trojan DLL random loading vulnerability, any Trojan can use the vulnerability to the user's computer to launch attacks, harm is very serious.

Jinshan security expert Li Tiejun introduced that SoftupNotify.exe (360 software manager) and 360nzp.exe (360 antivirus) these two components have dll hijacking vulnerabilities. These two programs start without checking whether the required dll files (somkernl.dll, 360nzp.dll) are official programs, and thus become Trojan loaders.

After analysis, malicious DLL file somkernl.dll, 360nzp.dll file can be any type of virus Trojan program, such as remote control Trojan, online game theft Trojan, backdoor program, etc. The reason why virus authors go to great trouble to find DLL hijacking vulnerabilities of 360 and these two programs is that most security software files use a digital signature trust mechanism (which allows applications with a large number of users to run by default), so as to take advantage of 360's natural trust advantage to easily load carefully constructed malicious DLL files.

Kingsoft said, taking the "360U disk protection" Trojan as an example, after the user's computer is infected with the Trojan, the Trojan will silently detect whether there is a mobile device (such as U disk, memory card used by digital camera, mobile hard disk, etc.) in the background after loading the user's computer. Once the existence of the mobile device is found, the user's private data is recklessly copied to a hidden folder called "360 security folder", and a "360U disk security protection.exe" is created to make each user can only click on the program USB flash drive to see their private data, and the Trojan program will repeatedly infect the user system. Once the user's computer is infected with the Trojan, it will face the risk of loss of personal privacy information.

Jinshan security engineers pointed out that the current 360 software manager and 360 antivirus old version still did not patch the two vulnerabilities, a large number of 360 users are still facing the danger of being "360u disk protection" Trojan attack. (over)