Broiler get an insider secret of the use of Trojans and social engineering-vulnerability warning-the black bar safety net

ID MYHACK58:62200924704
Type myhack58
Reporter 佚名
Modified 2009-09-19T00:00:00


For a skilled attacker to say, the chickens get the tactics have varied. However, with all the others, the attacker may also like those that is simple and easy to obtain broiler method. For now, the use of Trojans and social engineering is an attacker who favorite used to obtain broilers in a major way.

1, The use of bundled Trojans and web Trojan to get the broiler

The Trojan, just as a pregnant with a variety of stunt of“martial arts master”, innetworkof the rivers and lakes, will all the bad things done, but still no one can stop it to continue to move forward footsteps. Therefore, the Trojan is that many network attacks are the most like to use the“go getters”in. It does not, for broilers hunter, the Trojans, just as they are with the Hound, able to smell the most sensitive things, through the Trojan horse to get what they want“broiler”in.

Of course, the wood horse itself, its technology there are good and poor. Moreover, Trojan horse technology is not static, it President of the river after the waves pushed before the waves, continuously to the more advanced, high concealment, high-performance direction.

At the same time, Trojan number also in constantly increased. Take to be able to get the broiler of the Trojans, now, in the GOOGLE text box, enter“chicken get software”in the keywords to explore, one not careful will give the N more Get of broiler Trojan software instructions or download links. Snow plum incense had tried two called broiler batch fetching and digging chicken of the software, which name is made very likeness, the function is also quite good, can let one do not understand how much network knowledge, people easily get a lot of chickens, not to mention that online there are many get the broiler to the“instruction manual”and the“instructional video”.

From this you can imagine the Trojans with how terrible the“Kung Fu”is. Then, these Trojans is mainly is by what way to go to get the chickens?

There are two main ways:the

(1), A is the use of a variety of bundled ways

Trojan bundle has always been an attacker most commonly used for distributing Trojans. Can be used to bundle Trojans carriers include spam email attachments, software installation programs, self extracting compressed files, PDF files, MP3, MP4, as well as pictures and so on.

Such a Trojan attack way, is the first of the Trojan bundled the way to join to these the carrier, and then put onto the Internet, successfully luring network users to run the carrier in the Trojan, this host is likely to be turned into the attacker's broiler.

By bundling the Trojan way to get chickens, be the key to success is the idea to let the network users to run is bundled with carrier in the Trojan. The attacker most prefer to use the means, including the Trojans and the yellow picture or video bundled with the free software bundled with the MP3 and PDF files to a bundle, then bundling the Trojan with various files into some normal site or to establish their own puppet on the site, provided to the user download or listen. The attacker will also through QQ, MSN AND other instant communication software, the initiative to send a bundled with Trojan horse pictures, videos, and files to the user to open the execution. Or through the instant chat software to send the winning and other information, to lure users running a carrier of the Trojan. Since these instruments have a high fraudulent, causing many Internet users to be deceived.

(2), another is through a Web hang horse way

The attacker another favorite way is through a Web hang horse. This way is mainly through the Trojan mount or embed to a regular website or create their own website, when the user enters these sites to browse, it will automatically execute the Trojan to activate the script, so that the user of the host into an attacker of broiler chickens.

Now, there is a great Trojan horse to attack the technology, that is, the Trojan is embedded into the QQ chat information, and the user only needs to view the QQ instant messaging can be activated wherein the embedded Trojan.

Web hang horse way than the first way easier to let the user move, the main Is this way is more secretive. The attacker is also more like the Trojan mount or embedded into some well-known large sites. This is because many users believe that these sites, and these sites daily online The number of users and, therefore, when these large sites on some of the pages are mounted or embedded in the Trojan, it will allow a large number of users without knowingly infected with Trojans and the wheel of broiler chickens.

From the above two points is not difficult to find, the use of Trojan horse way to get the broiler, once the network user executes or opens the bundle a Trojan in the file, or browse to the mounted the Trojan website, since now the Trojans are having a very strongfree killability, the user system of antivirus or firewall it is possible for these Trojans powerless, the user host can so easily become hackers broiler chickens.

Although the use of this approach can greatly improve the hackers get the broiler to the speed and success rate, however, some technology-based hackers are reluctant to use this way to get the broiler. Instead, some nothing network technology and programming capabilities of the attacker, they prefer to use this simple and easy way to get the broilers.

But, in the true sense of the hacker number of persons than such an attacker a lot less, therefore, today on the Internet the vast majority of attacks are through the use of Trojans. This is also the reason why the Internet everywhere have embedded Trojans, allowing all network users will not dare step into the“mine pool”is the main reason.

2, The use of social engineering to get the broiler

For some of the attackers to say that they are very willing to use social engineering principles to obtain broilers. By this way, get chickens, and sometimes only need to make a call so simple.

For example, an attacker using a Public telephone, or other user not familiar with the number, posing as atelecommunicationsthe company is a new customer representative to call the user, tell the user due to the telecommunications company's network system is being upgraded, now requires the user to provide its host login account and password, for the user to input information to the telecommunications company's new system, so that the user network is also along together automatically upgrade. For such a phone, there are many network users will without a doubt will easily believe, once we this information will be truthfully told him, then, our host is like a house without lock the door of the house, the attackers want into can into.

In fact, as long as we slightly more wanted to wanted to, so the phone is flawed, because regardless of the Telecom network system how to upgrade, also not related to the user host login account and password.

There are some attackers prefer direct contact with the user a way to control the user's host to become broiler chickens. For example, they will be posing as computer vendors customer service staff, put on a set with the computer vendor of the same or similar work clothes, bring a fake or stolen to the work of the hand, came to the user's home, telling the user that they are to carry out regular on-site maintenance, and tell the user due to some increased activity in the on-site service times, the average user for these more out of the free home maintenance is not refuse. Then, they will ask the user to provide the host login and password so they can enter the system to be checked, in this case, some users will still immediately these important information to tell them, just like that, hacking in to get a user account and password after entering the system and took the opportunity to install a backdoor program, and then dashing to leave, and the user of the host thus became their broiler chickens.

You may think that these social engineering the way you can only get a broiler, that is you don't know how to do it. If an attacker to a long-distance Alliance of the hotel to open a room, he can use the guest house provides free telephone to obtain a large number of broilers, even through this way to give a business the entire internal LAN all hosts.

At the same time, the attacker may also be social engineering and the other two get the broiler of the means to be used in combination to accelerate the acquisition of broilers speed and improve the success rate. For example, the attack can be the first through the social engineering way to get the target IP address, use theOSand other information, and then through weakness scan tool for these target host to be scanned, and then implants Trojans to the target host;or by social engineering ways to tempt the user to run directly bundled with Trojans of various files, etc.

In fact, the attacker in addition to the use of the system vulnerabilities, Trojan horses and social engineering these are the main means to get the chickens outside, they are also constantly developing new methods, for example, write your own batch catch chicken Tool, the use of the undefended Wi-Fi. Therefore, we in the understanding of these commonly used means of at the same time, also should pay attention to a variety of emerging attack vectors and techniques, in order to keep abreast of these new attack tools and techniques to attack the principles, and grasp the appropriate preventive measures to address them.