Laday Lotte network reported on March 3rd
Baidu announced today, respond to "Baidu's website hidden malicious code hijack user computer crazy" harvesting "flow" of the report, confirmed its website hidden malicious code has been investigated, and apologize to the user.
Baidu said that in the first time conducted an emergency investigation, unfortunately, found that the relevant reports of the real situation.
"The computer will be affected by the use of browser hijacking, site navigation, hurt the user experience at the same time, also in disguise tampering, website alliance links, cheat Baidu traffic revenue, causing economic losses to the Baidu brand and."
In specific terms, Baidu said after the investigation:
1) the above site provides hao123 software download, the third party outsourcing team development, the use of network black production, from the Baidu alliance;
2) after receiving the report, immediately have investigation and clean up the related malicious code, and will provide the information synchronization of killing 360, NSFocus, Tencent and other manufacturers, users can download from the hao123 in March 4th;
3) has been reported to the public security organs on the matter, will assist the regulatory authorities to follow up;
4) Baidu promised to strengthen the regulatory mechanism to prevent such incidents from happening again.
Previously, the third party security agencies tinder security laboratory claimed that users of Baidu's two website to download any software, will be implanted malicious code.
According to the introduction, when the user from Baidu's http://www.skycn.net/ and http://soft.hao123.com/ these two sites to download any software, will be implanted malicious code.
The malicious code into the computer, through various means to prevent loading the driver is unloaded, and long latency and ready to be the "cloud" of remote control, to hijack the navigation station, the electricity supplier website, advertising and other traffic.
In the analysis of the infected computer, to extract multiple suspicious files and traffic hijacking related: HSoftDoloEx.exe, bime.dll, MsVwmlbkgn.sys, LcScience.sys, WaNdFilter.sys, these suspicious files contain Baidu signature.
Tinder security laboratory, which contains malicious code suspicious files, is located to the name of a nvMultitask.exe release, when the user in the http://www.skycn.net/ and http://soft.hao123.com/ of the two download site to download any software, will be bound to download the release device, and then to the user computer into these suspicious files.
Needs to be emphasized is that will immediately release silently in the background and implementation of release nvMultitask.exe download operation, malicious code, even if the user does not do any operation directly off the download, malicious code will be implanted.
According to the analysis and traceability, the most late in September 2016, these malicious code that is completed. Manipulation of traffic hijacking "remote switch" in the near future is open, the infected computer will be in accordance with the regional and time conditions, or random is "choose" out of safety traffic hijacking called for "cloud control".
As a result, these malicious code into the user's computer has long been remotely controlled broiler".
The malicious code is remotely activated, will hijack a variety of Internet traffic, the user's browser, home, navigation station will be hijacked, the flow of traffic to the hao123 navigation station. At the same time, but also tamper with the electricity supplier website, web site advertising links, such as access to these sites are divided into revenue.
See the statement of apology after Baidu, tinder security laboratory director Ma Gang said today, thanks to Baidu's courage and tolerance, ah, well, this time we did not say the pengci.
-- -- -- -- -- ---
Laday net founded by Lei Jianping senior media people, the headline signing authors, if reproduced please specify the source.