瑞星研发部门通过对360“安全”浏览(3.5.0.6版本)进行技术分析,发现存在以下2类“特殊”行为:
一:使用黑名单监控用户电脑中竞争对手产品及网吧管理软件。目前发现被监控的软件包括:IE, 搜狗浏览器,遨游,TT浏览器,火狐,Chrome,世界之窗浏览器共7种竞争对手产品。
二:监控百度、GOOGLE(谷歌)搜索引擎的用户使用并诱导分流。
感谢 cnBeta 总编辑部供图
通过分析我们发现360监控用户使用百度和GOOGLE(谷歌)搜索引擎时插入广告,这是典型的劫持搜索引擎行为。
在劫持配置文件1.0.0.1004版中,充值卡、网银相关的劫持URL有108 个。点卡相关的劫持URL有76个。
注: “什么是搜索引擎劫持?”人民问答解释:搜索引擎劫持是指未经用户授权,自动修改第三方搜索引擎结果的软件。通常这类程序会在第三方搜索引擎的结果中添加自己的广告或加入网站链接获取流量等。(出处人民网)
一、使用黑名单监控用户电脑中竞争对手产品及网吧管理软件
在安装360“安全”浏览器时(3.5.0.6)安装程序会监控收集用户电脑上的浏览品竞争产品信息,并上传至360的“云”服务器上。URL为 seupdate.360safe.com/inst.htm
上传的信息包括:用户的身份ID及 使用产品信息
监控竞争产品包括:
IE浏览器 出品公司:微软
搜狗浏览器 出品公司:搜狐
遨游 出品公司:遨游
遨游2 出品公司:遨游
TT浏览器 出品公司:腾讯
火狐 出品公司:谋智网络
Chrome 出品公司:GOOGLE(谷歌)
世界之窗浏览器 出品公司:凤凰工作室
同时监控用户是否是在网吧环境(检测是否安装以下常用的网吧管理软件:PubwinClient,wx2004Clt,i8desk,EYOOCLIENTSTATUS,STVDISKX,iCafe8,XunShanPro)。
以下为上传信息时的抓包截图:
URL:
判断用户是否在网吧环境代码截图:
二、监控百度、GOOGLE(谷歌)搜索引擎的用户使用并诱导分流(劫持搜索引擎)
当用户使用360“安全”浏览器进行百度搜索时,360会监控用户输入的关键字并与“云服务端”更新下载来的监控关键字进行比对,一旦发现用户输入的为监控关键字就按照“云服务端”下载的配置指令文件进行操作(在正常的百度界面中弹出360的插入广告)。
如图:用户搜索“搜狐点卡”时提示特价点卡!
如图:用户搜索“充手机”
配置指令文件。
内容如下:
[main]ver=1.0.0.1004
url= http://se.360.cn/v3/download/addon/pluginbar/data.z
然后根据配置文件指定的下载地址,下载一个纯资源的DLL。
从data.dll中可以提取出一个INI文件,这个INI文件就是流量劫持用的配置文件。
1.0.0.1004版中,充值、网银相关的URL有108 个。点卡相关的URL有76个。
360浏览器每次启动时,都会从http://se.360.cn/v3/download/addon/pluginbar/ver.ini?[数字]下载。
按照1.0.0.1004的配置,当在百度或者谷歌中搜索“充手机”、“充话费”、“中国移动手机充值卡”等关键词的时,就会弹出360手机充 值中心的推广信息。相当吸引眼球。这意味着用户在百度上搜索ini文件中的关键字时,都将被360监控并将流量引导到360自己的网站中。
360监控的用户搜索关键字如下:
[main]maxtip=3
[ExtBank]urlcount=108
url0=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=充话费
url1=http://www.baidu.com/baidu?word=充话费&se=*&ie=utf-8
url2=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=充手机
url3=http://www.baidu.com/baidu?word=充手机&se=*&ie=utf-8
url4=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=充值卡
url5=http://www.baidu.com/baidu?word=充值卡&se=*&ie=utf-8
url6=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=充值卡代理
url7=http://www.baidu.com/baidu?word=充值卡代理&se=*&ie=utf-8
url8=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=充值卡批发
url9=http://www.baidu.com/baidu?word=充值卡批发&se=*&ie=utf-8
url10=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=充值中心
url11=http://www.baidu.com/baidu?word=充值中心&se=*&ie=utf-8
url12=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=冲值卡
url13=http://www.baidu.com/baidu?word=冲值卡&se=*&ie=utf-8
url14=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=电信充值
url15=http://www.baidu.com/baidu?word=电信充值&se=*&ie=utf-8
url16=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=话费不足
url17=http://www.baidu.com/baidu?word=话费不足&se=*&ie=utf-8
url18=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=话费冲值
url19=http://www.baidu.com/baidu?word=话费冲值&se=*&ie=utf-8
url20=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=话费充值
url21=http://www.baidu.com/baidu?word=话费充值&se=*&ie=utf-8
url22=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=话费充值代理
url23=http://www.baidu.com/baidu?word=话费充值代理&se=*&ie=utf-8
url24=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=话费充值平台
url25=http://www.baidu.com/baidu?word=话费充值平台&se=*&ie=utf-8
url26=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=空充
url27=http://www.baidu.com/baidu?word=空充&se=*&ie=utf-8
url28=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=空中充值
url29=http://www.baidu.com/baidu?word=空中充值&se=*&ie=utf-8
url30=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=空中冲值
url31=http://www.baidu.com/baidu?word=空中冲值&se=*&ie=utf-8
url32=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=联通充值
url33=http://www.baidu.com/baidu?word=联通充值&se=*&ie=utf-8
url34=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机充值
url35=http://www.baidu.com/baidu?word=手机充值&se=*&ie=utf-8
url36=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机充值卡
url37=http://www.baidu.com/baidu?word=手机充值卡&se=*&ie=utf-8
url38=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机充值卡代理
url39=http://www.baidu.com/baidu?word=手机充值卡代理&se=*&ie=utf-8
url40=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机充值卡批发
url41=http://www.baidu.com/baidu?word=手机充值卡批发&se=*&ie=utf-8
url42=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机充值平台
url43=http://www.baidu.com/baidu?word=手机充值平台&se=*&ie=utf-8
url44=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机冲值
url45=http://www.baidu.com/baidu?word=手机冲值&se=*&ie=utf-8
url46=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机冲值卡
url47=http://www.baidu.com/baidu?word=手机冲值卡&se=*&ie=utf-8
url48=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机冲值卡代理
url49=http://www.baidu.com/baidu?word=手机冲值卡代理&se=*&ie=utf-8
url50=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机冲值卡批发
url51=http://www.baidu.com/baidu?word=手机冲值卡批发&se=*&ie=utf-8
url52=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机冲值平台
url53=http://www.baidu.com/baidu?word=手机冲值平台&se=*&ie=utf-8
url54=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机费
url55=http://www.baidu.com/baidu?word=手机费&se=*&ie=utf-8
url56=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机话费
url57=http://www.baidu.com/baidu?word=手机话费&se=*&ie=utf-8
url58=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机话费充值
url59=http://www.baidu.com/baidu?word=手机话费充值&se=*&ie=utf-8
url60=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机话费冲值
url61=http://www.baidu.com/baidu?word=手机话费冲值&se=*&ie=utf-8
url62=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机网上充值
url63=http://www.baidu.com/baidu?word=手机网上充值&se=*&ie=utf-8
url64=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=手机在线充值
url65=http://www.baidu.com/baidu?word=手机在线充值&se=*&ie=utf-8
url66=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=淘宝话费充值
url67=http://www.baidu.com/baidu?word=淘宝话费充值&se=*&ie=utf-8
url68=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=外地充值
url69=http://www.baidu.com/baidu?word=外地充值&se=*&ie=utf-8
url70=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=网上充值
url71=http://www.baidu.com/baidu?word=网上充值&se=*&ie=utf-8
url72=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=网上充值话费
url73=http://www.baidu.com/baidu?word=网上充值话费&se=*&ie=utf-8
url74=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=网上交话费
url75=http://www.baidu.com/baidu?word=网上交话费&se=*&ie=utf-8
url76=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=网上手机充值
url77=http://www.baidu.com/baidu?word=网上手机充值&se=*&ie=utf-8
url78=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=移动冲值
url79=http://www.baidu.com/baidu?word=移动冲值&se=*&ie=utf-8
url80=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=移动充值
url81=http://www.baidu.com/baidu?word=移动充值&se=*&ie=utf-8
url82=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=移动充值卡
url83=http://www.baidu.com/baidu?word=移动充值卡&se=*&ie=utf-8
url84=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=移动冲值卡
url85=http://www.baidu.com/baidu?word=移动冲值卡&se=*&ie=utf-8
url86=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=移动话费充值
url87=http://www.baidu.com/baidu?word=移动话费充值&se=*&ie=utf-8
url88=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=移动话费网上充值
url89=http://www.baidu.com/baidu?word=移动话费网上充值&se=*&ie=utf-8
url90=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=移动手机充值
url91=http://www.baidu.com/baidu?word=移动手机充值&se=*&ie=utf-8
url92=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=移动手机充值卡
url93=http://www.baidu.com/baidu?word=移动手机充值卡&se=*&ie=utf-8
url94=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=移动手机网上充值
url95=http://www.baidu.com/baidu?word=移动手机网上充值&se=*&ie=utf-8
url96=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=中国移动话费充值
url97=http://www.baidu.com/baidu?word=中国移动话费充值&se=*&ie=utf-8
url98=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=中国移动手机充值
url99=http://www.baidu.com/baidu?word=中国移动手机充值&se=*&ie=utf-8
url100=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=中国移动手机充值卡
url101=http://www.baidu.com/baidu?word=中国移动手机充值卡&se=*&ie=utf-8
url102=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=中国移动网上充值
url103=http://www.baidu.com/baidu?word=中国移动网上充值&se=*&ie=utf-8
url104=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=自动充值
url105=http://www.baidu.com/baidu?word=自动充值&se=*&ie=utf-8
url106=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=自动充值软件
url107=http://www.baidu.com/baidu?word=自动充值软件&se=*&ie=utf-8
tiptype=1
tiptitle=360手机充值中心 安全快速省钱
tiptext=话费1分钟到账 享充值折扣还可返点
tiplapse=10
tipurl=http://cz.360.cn/shouji/index.html?a=7081
tipicon=http://se.360.cn/v3/download/addon/pluginbar/shouji.ico
wndname=360ExtWnd_ExtBank
btntext=充值|网银
statid=5
[ExtBank1]urlcount=76
url0=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=网游点卡
url1=http://www.baidu.com/baidu?word=网游点卡&se=*&ie=utf-8
url2=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=网游直冲
url3=http://www.baidu.com/baidu?word=网游直冲&se=*&ie=utf-8
url4=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=特价点卡
url5=http://www.baidu.com/baidu?word=特价点卡&se=*&ie=utf-8
url6=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=直冲点卡
url7=http://www.baidu.com/baidu?word=直冲点卡&se=*&ie=utf-8
url8=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=点卡直冲
url9=http://www.baidu.com/baidu?word=点卡直冲&se=*&ie=utf-8
url10=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=点卡充值
url11=http://www.baidu.com/baidu?word=点卡充值&se=*&ie=utf-8
url12=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=点卡充值平台
url13=http://www.baidu.com/baidu?word=点卡充值平台&se=*&ie=utf-8
url14=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=游戏点卡
url15=http://www.baidu.com/baidu?word=游戏点卡&se=*&ie=utf-8
url16=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=魔兽世界点卡充值
url17=http://www.baidu.com/baidu?word=魔兽世界点卡充值&se=*&ie=utf-8
url18=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=搜狐点卡
url19=http://www.baidu.com/baidu?word=搜狐点卡&se=*&ie=utf-8
url20=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=盛大游戏点卡
url21=http://www.baidu.com/baidu?word=盛大游戏点卡&se=*&ie=utf-8
url22=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=魔兽世界点卡
url23=http://www.baidu.com/baidu?word=魔兽世界点卡&se=*&ie=utf-8
url24=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=wow点卡
url25=http://www.baidu.com/baidu?word=wow点卡&se=*&ie=utf-8
url26=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=魔兽点卡
url27=http://www.baidu.com/baidu?word=魔兽点卡&se=*&ie=utf-8
url28=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=盛大一卡通
url29=http://www.baidu.com/baidu?word=盛大一卡通&se=*&ie=utf-8
url30=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=网易一卡通
url31=http://www.baidu.com/baidu?word=网易一卡通&se=*&ie=utf-8
url32=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=久游一卡通
url33=http://www.baidu.com/baidu?word=久游一卡通&se=*&ie=utf-8
url34=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=搜狐一卡通
url35=http://www.baidu.com/baidu?word=搜狐一卡通&se=*&ie=utf-8
url36=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=巨人一卡通
url37=http://www.baidu.com/baidu?word=巨人一卡通&se=*&ie=utf-8
url38=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=大承一卡通
url39=http://www.baidu.com/baidu?word=大承一卡通&se=*&ie=utf-8
url40=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=武神
url41=http://www.baidu.com/baidu?word=武神&se=*&ie=utf-8
url42=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=成吉思汗
url43=http://www.baidu.com/baidu?word=成吉思汗&se=*&ie=utf-8
url44=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=征途
url45=http://www.baidu.com/baidu?word=征途&se=*&ie=utf-8
url46=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=蜀门
url47=http://www.baidu.com/baidu?word=蜀门&se=*&ie=utf-8
url48=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=刀剑英雄
url49=http://www.baidu.com/baidu?word=刀剑英雄&se=*&ie=utf-8
url50=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=龙之谷
url51=http://www.baidu.com/baidu?word=龙之谷&se=*&ie=utf-8
url52=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=kami
url53=http://www.baidu.com/baidu?word=kami&se=*&ie=utf-8
url54=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=点卡
url55=http://www.baidu.com/baidu?word=点卡&se=*&ie=utf-8
url56=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=直冲
url57=http://www.baidu.com/baidu?word=直冲&se=*&ie=utf-8
url58=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=卡密
url59=http://www.baidu.com/baidu?word=卡密&se=*&ie=utf-8
url60=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=一卡通
url61=http://www.baidu.com/baidu?word=一卡通&se=*&ie=utf-8
url62=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=魔兽世界
url63=http://www.baidu.com/baidu?word=魔兽世界&se=*&ie=utf-8
url64=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=巫妖王之怒
url65=http://www.baidu.com/baidu?word=巫妖王之怒&se=*&ie=utf-8
url66=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=QQ红钻
url67=http://www.baidu.com/baidu?word=QQ红钻&se=*&ie=utf-8
url68=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=Q币
url69=http://www.baidu.com/baidu?word=Q币&se=*&ie=utf-8
url70=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=天龙八部
url71=http://www.baidu.com/baidu?word=天龙八部&se=*&ie=utf-8
url72=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=穿越火线
url73=http://www.baidu.com/baidu?word=穿越火线&se=*&ie=utf-8
url74=http://www.google.com.hk/search?client=*&forid=1&ie=utf-8&oe=UTF-8&q=成吉思汗
url75=http://www.baidu.com/baidu?word=成吉思汗&se=*&ie=utf-8
tiptype=1
tiptitle=360充值中心每周一款特价点卡
tiptext=更多点卡特价抢购中!
tiplapse=10
tipurl=http://cz.360.cn/game.html?a=5221
tipicon=http://se.360.cn/v3/download/addon/pluginbar/youxi.ico
wndname=360ExtWnd_ExtBank
btntext=充值|网银
statid=5