Home > News content

Shenma search behind the tearing sogou: the past and present of traffic hijacking

via:博客园     time:2018/4/13 12:33:22     readed:734


Another Internet company opened tearing!

This time it was Shenma search and Sogou. The former is backed by UC. It has been doing very well in the field of mobile search. The latter has just been listed, and it has entered the martial arts with the input method.

In the past two days, a number of media have given premonitions to the melon people to throw a good show: Shenma's search and prosecution of Sogou’s illegal hijacking of traffic cases will begin in the Haidian Court next Tuesday.

God horse search said, sogou passedInput word candidate functionsThe search traffic belonging to Shenma was directed to Sogou search and the court was ordered to pay a compensation of 102,490,175.74 yuan (100 million yuan).

Another fierce material is: In this lawsuit, Shenma search provided the court with evidence of hijacked traffic data up to 189 million yuan.

What kind of oil and water can be harvested?

First of all, let's take a look at what is the traffic hijacking. How does the oil and water go?

In simple terms, traffic hijacking is the use of technical means to get you to the B website when you want to go to the A website, or add information to your original website content. For example, you suddenly used Baidu to jump to Sogou. After you read an article on the WeChat public number, you discovered that there were various types of "dogskin plasters" at the end of the text. (Note: Not wide-angle)

As we all know, advertisements are a big source of revenue for browsers. The more users and clicks a browser has, the more advertisements it gets. The house has changed several different browsers to search for "headaches" and two words, deeply understand how the user's clicks become silver.


Lei Feng Net also found that even if the user does not click the ads through the search, they do see the information they want. However, such information will also appear alongside the traffic hijacking to appear various false advertisements.

In fact, the situation of such push-point advertising is still light. What really matters is if hackers get your online banking through traffic hijacking. You think that you point is the official website, but in fact you are hijacked to a fake website that looks exactly the same, you suddenly enter the account password, you are afraid of not afraid!

In fact, as early as December 2015, today's headlines, US Tour comments, 360, Tencent, Sina Weibo, and Xiaomi Six companies jointly issued a statement called “Six companies’ joint statement on resisting illegal acts such as traffic hijacking”. In this statement, the six frequently tormented companies have pulled up their hands in an unusually harmonious manner, condemning the "hijacking" behavior of traffic hijacking.

This shows that these giants holding the flow have been "hijacked" (as to whether or not to hijack others, thief shouting chasing, well ~ everyone to search it, very lively).

However, it is rare to see such a big movement like God horse search.

How to achieve traffic hijacking?

In addition to the word hijacking of Candidate input method, what kinds of hijacking routines are currently faced by innocent users?

The most common hijacking is DNS hijacking, which is domain hijacking.

We usually use the Internet to remember the domain name. For example, if we want to enter Baidu, we will enter www.baidu.com. However, machines will only recognize each other's IP address. They are usually long (213.234.1.XXX), so DNS is equivalent to you and the server. Between the translators, they will translate www.baidu.com into 213.234.1.XXX, let the machine read your appeal, and respond to your corresponding page.


The problem arises here. Every response we get comes from the server. For example, if you want to download a certain application of Xiaomi, Xiaomi's server will return you with a correct download address, but in this section Your request was directed by DNS to an unknown mysterious server, which sent you a downloaded download address.

At this time, there will be two kinds of situations. One is that the application you download is similar to the original application function, that is, the advertisement is multi-point and the use speed is slower; in another case, you directly download a completely unconnected application.

In the PC era, many people have had the experience of downloading a piece of software and being bombarded by advertisements. For domain name hijacking, not only ordinary users have been “bullyed”, but in 2010, Baidu’s domain name was also abducted by the Iranian cyber army for a full eight hours, causing Baidu’s worst server failure in history. Baidu's heart will always hurt.

It may have been hurt too deeply. When Baidu was used as a digital browser later, it was strongly protested by Baidu. It not only demanded compensation for economic losses, but also required to continuously publish apologetic statements on the homepage of its website and delete relevant microblogs, etc. . It is said that the other party applied for settlement out of court but was strongly refused.

The second is data hijacking, which is to secretly add ingredients in the returned content.


Many people have encountered this in the process of using WeChat. For example, the article below the public number is full of the various small advertisements in the figure above.

Previously, the cloud vulnerability platform also exposed WormHole vulnerabilities in a number of apps of its own in 2015. After a certain level of software is installed, hackers can use vulnerabilities to install programs on your mobile phone.

The programmer once conducted the following test:

After installing a certain map, it was detected that Baidu background listened to the 40310 port of the mobile phone. It is doing this:


We don't need to understand the code. Lei Fengnet translates the meaning of the word to the effect that it can not only obtain the APP list, device ID, etc. in your mobile phone, but also add contacts, make phone calls, and send text messages.

It is believed that netizens believe that this loophole is actually a back door that is opened at a certain level and that it is convenient to install other software, but it also inadvertently facilitates attack by hackers.

Of course, to achieve this kind of attack, perhaps the hackers also passed the operator's assistance to make the ghost more convenient.

This is not the first time that Sogou has been sued

In fact, this is not the first time that Sogou was sued because of traffic hijacking. Lei Fengwang discovered that in April 2015, Baidu had sued Sogou for claiming $1.2 million for hijacking Baidu traffic through its input method and browser software. In November of that year, Beijing Haidian Court's first-instance determination of sogou behavior was unfair competition and demanded that it eliminate its influence and reimburse Baidu 500,000 yuan.

This case is basically the same as the content of the two-day search by Shenma. The user uses the Sogou input method to input text in the search engine. The search input box for the search engine automatically displays the search candidate in the form of a pull-down prompt. Click any search. Candidates are all entered on Sogou search results page.


The above picture has been improved. Clicking on the candidate answer will go to Sogou's page.

At that time, in the court’s sentencing, this behavior of Sogou was publicly denied.

Actually, many internet giants have been involved in traffic hijacking. The homestead has discovered that everyone is complaining to each other. In the previous case, how could this kind of situation be decided before the traffic could be hijacked? To shock effect?

Sun Yiwu, a lecturer at the Hangzhou Normal University Law School, has been investigating traffic hijacking cases in recent years. He believes that the search between Shenma and Sogou is similar to that of Baidu and Sogou in 2015. Although there are currently no specific laws and regulations for similar cases, the court’s judgments have provided lessons for the current case..

At that time, the court held that the default opening of the Sogou input search candidate function and the search engine default setting for Sogou search combined with the search query candidate offering of the Sogou input method drop-down prompt vocabulary would make part of the choice and use of the Baidu search engine expected Users, without their knowledge, based on the use habits of the Baidu search engine drop-down list, directly click on the search candidates, and enter the search results page of Sogou.

This violates the original intention of some users to select Baidu search engine to search, interfere with the user's use of Baidu search engine, and will cause some users to confuse the source of search results, but also lead to the loss of part of Baidu's traffic.

Sun Yiwu believes that the previous case has established a “judgment principle” from a judicial perspective. “Requires Sogou” must consider the user’s intention to use Baidu search first to avoid confusion with Baidu’s services. This principle is embodied in the fact that managers have the freedom to operate independently on their own products. However, business operators do not have absolute freedom to conduct business activities on their own products. They provide services to others who have used prior and are familiar with or are familiar with the services of others. There must be certain avoidance obligations in order to avoid consumer confusion, misleading recognition, and improper business opportunities to seize other people’s products or services.

Reference source: know, csdn

China IT News APP

Download China IT News APP

Please rate this news

The average score will be displayed after you score.

Post comment

Do not see clearly? Click for a new code.

User comments