Net silver controls to be “disaster” loophole, baidu antivirus release orange alert

recently, industrial and commercial bank of online banking assistant security controls such as had existed “disaster” hole, the hole can cause arbitrary code execution, and do great harm to the user’s computer security. Baidu safety prompt the user to open check list as soon as possible, add a temporary patch file to protect computer security official, at the same time, baidu antivirus pioneered vulnerability self-checking and a key to “repair” function, to provide users with “smart” solution, users can go to baidu safety website to upgrade the new strengthening protection.

May 10, cloud platform under the name “industrial and commercial bank of security controls can lead to remote arbitrary code execution” an important loophole, the loopholes of the concrete implementation process is: the industrial and commercial bank of online banking controls every time in the installation and startup, automatically checks online banking environment, then it will be your website address is added to the list of trusted sites in IE, and the “have not marked as safe execution of the script ActiveX control initialization and execute a script” switch is set to start. Popular point is the IE can be set to execute the risk of unsafe code.

cloud platform, according to the description of this change is the core of this vulnerability, once you enable this option, credit site in the list of web sites can be high risk code, without user permission which can perform such as open any program, reading and writing a local file. Not only that, a lot of activex will to write their own domain name into the list of “trusted”, lead to actual site very much, with the rights of part of the domain name or even using HTTPS, decrease the difficulty of the hacker attacks resulting in risk. So when a user access to a list of “trusted” (online), when the site will likely encounter malicious attacks (hackers use XSS attacks, DNS hijacking, Wifi fishing technique, such as network environment risk is particularly acute in public), by performing any malicious code, bring high risk to the computer. And because it has to do with online banking, the most direct economic loss is caused by the influence of the users.

according to the test results show that in addition to the industrial and commercial bank, huaxia bank, construction bank and other security controls are affected by this problem.

to this, the baidu antivirus team for the first time start the coping strategies, and pioneered the repair plan aimed at the flaw detection, the user can go to baidu antivirus website to download the latest version, scanned check list as soon as possible and a key to “fix”. Baidu safety will continue to keep watch on the impact of subsequent events, continue to provide better solution and protection.

in recent years, the network security problem day by day serious, the relevant report pointed out that Internet users for Internet fraud, garbage information, personal information leakage of tort phenomena such as loss of one hundred billion yuan. Baidu security experts remind users, access to the Internet at ordinary times need to form a good habit, lest leave safe hidden trouble, and for such ordinary users is difficult to prevent or identify the important loophole, can normal installation, professional security software maximum protect Internet security.