[Abstract] every day up to tens of millions of users hijacked, thousands of IP address can be sold up to 70 yuan / day.

is clearly open A website, but was rather baffling to jump to the B website; obviously want to under the A software, download and install software is B; open a App pop-up ads make The mind is very confused. also be pestered beyond endurance…… Do you think computer mobile phone?! maybe you really wronged because the virus, your Internet traffic is likely to be hijacked.

in the Internet world, traffic hijacking is not a new thing. The so-called traffic hijacking, is through some technical means, control the user’s online behavior, let you open to open a web page, see do not want to see ads, which will give the hijackers to Everfount income.


already exists, but in the user is the sheep, the environment, traffic hijacking always fire endless". In the end who hijack traffic? Traffic hijacking behind the "demon’s hand" what kind? "IT times" reporter survey found that, in the Internet world, traffic hijacking behind a huge gray industrial chain, only DNS hijacked a way, every day is a malicious hijacking flow of at least tens of millions of IP.

download store millet they "face" into the UC browser

recently released a "cloud network operators suspected a flow based APK hijacking promotion system loopholes (day up to millions of hijacked Statistics) announcement" again "traffic hijacking" pushed in the teeth of the storm.

thing is the origin of the dark clouds white hat passerby a friend in the application to download the millet store suffered embarrassment, whether it is the phone side or PC side, download to the local will become UC browser. "Passerby" then capture test management system a secret was found during the test.

in the cloud network vulnerability information provided to reporters, detailed decomposition of "passerby" is how to find the black hand of hijacking traffic behind: first is the UC browser download link found in the capture test process, the user in the use of local broadband operators request, return the link has been tampered with the.

"passerby" Shuntengmogua, dug up a "install distribution platform", and found in the database, every day was hijacked from the system data are very large, the highest day hijacking number reached 1 million 510 thousand, this is a quasi tier city.

is simply the download address is a, then download links into the B address, B address is encryption parameters, the decrypted a address, but the download is still B address in the content, "a cloud network security experts explained to" IT times "reporter. This hijacking is very common, and the encryption parameters the tail is let this hijacking become more confusing, "from the hijacked side, but also to mark the application users to download is hijacked from the a address, then it is easy.

Written by 

Leave a Reply

Your email address will not be published. Required fields are marked *