Leaked privacy training Hacker network underground economic chain shocking

The intermediary transaction SEO diagnoses Taobao guest stationmaster buys the Cloud host technology Hall

"Famous brand" Trojan Horse selling online

"Happy Home", "Army Day Software", "Big Miss", "Assassin", "" Gentleman "," No Horse "," Panama "," Bole "," Bizart horse "," Real Madrid "," gentle horse ", see so strange name, ordinary people do not think, these are famous Trojan virus on the net. and the organizations and individuals who make use of these Trojans have formed a full-scale black underground industry.

"Black Critical" is a veteran Trojan developer on the Internet, he has a specialized development of software and Trojans studio, there is a variety of hacker business sites, business content including hacking technology training, selling a variety of Trojans, attack sites and so on.

When the reporter asked him whether there is a "big miss" Trojan sale, "Black critical" dismissive: "The horse is the same, can be stolen number is a good horse, can not kill (not be killed by anti-virus software) is a better horse." We are the development of their own, do not sell other people's horse, and say, ' Miss Big ' long dead, there is also false, the author himself has not done! "

He revealed that the sale of other people write Trojan program can not make money, because to update still have to find the person who wrote the program. He developed his own, customers want what kind of Trojan can be custom-made, copyright is the customer, customers need to pay development costs.

He said that he developed a can steal an online payment tool and network Bank account of the two-in-one Trojan, this trojan can be stolen to the network Banks Password card and Alipay certificate. With the bank's password card, you can turn the money directly.

He said the Trojan price of 4000 yuan, the two-in-one trojan, the user of a poison equivalent to two. "Black critical" means to steal the net account of the Trojan, this is not high.

For some "rookie", "black critical" there is a better service: direct purchase of money laundering. Is that he will sell some of the stolen Alipay or Internet bank account password, let the buyer take out the money themselves. "I have to pay the treasure account number of a sale of 2500 yuan, guaranteed income, and some accounts have 6000 yuan, some more than 10,000 yuan." "We are not doing it once, the credibility is very important!" I am open the website, the studio has been open for several years, is not a bully, buy number can see the number, buy a horse can see horse. ”

In addition to the direct sale of the trojan, there are some people specialize in selling "boxes". (Thieves by the Trojan hanging on the Web page, when the player accidentally browsed the webpage after the Trojan horse, log in after the game will record the player's game account password, and then sent to the name of a designated place.) This place is called a box. Box is a pile of online account and password. The "box" Price is based on the number of days to collect money. 350 Yuan a week, one months 900 yuan, three months 2500 yuan.

After payment, the purchaser gets the address of a box and then modifies the initial password to use it. If the buyer is willing to provide ID number, address, mobile phone and QQ, and then buy any paragraph "box" can enter the VIP group, become a VIP, in the group of hackers will also talk about the course of Trojans and how to manage "box."

Symantec China Security Technology and Response Center manager Bai Fan introduced, with the previous transmission by floppy disk is not the same, in the network era of Trojans and other viruses are mainly through the Web page to attack. Attacks using traditional vulnerabilities are decreasing, while attacks via site vulnerabilities multiply.

Nowadays, many people have the heart to the unfamiliar website, let some hackers want to spread the virus by the yellow and so on bad website the desire to be frustrated. Now the hackers have figured people out, and they are starting to exploit the vulnerabilities of reputable websites. Attackers may attack a well-known web site of the server, the server poisoned after the user active access to the site, hackers by attacking the well-known web site of malicious software will automatically infect the user's computer.

How hacker training can accumulate

"Can you install the software?", "You will use the mailbox?" If both answers are "yes", congratulations, you have the potential to be a hacker.

This is a training hacker course "Tao Tao Studio" advertising words. The 32-Year-old Tao is the so-called "hacker teacher", his class has "network security basic Class", "intermediate Hacker Overflow Class", "Advanced Script Invasion Class", "Trojan Special class", "Software cracking class", "Software Kill class" and so on, whether it is Windows system or LUnix system, " can easily invade. His courses are also stunning, web intrusion, server intrusion and attacks, personal PC intrusion, intrusion Internet cafes, brush all kinds of telecom value-added services, brush a variety of game currency.

The so-called "training" is to set up a QQ group, the Trojan Horse and a series of software are placed in the space inside, into the group to learn the people themselves to see, there will not ask Tao Tao. However, to join this group need to pay a certain fee, learn a full set of words 500-1000 yuan, short-term 300 yuan. Learn six months to make money.

Tao Tao said, his enrollment target is: "Preferably students or network management (and nothing all day surfing the kind of, but also interested in this, not halfway!")

Tao Tao has been engaged in this "training" industry for three years, now has created 10 groups, a total of 561 students. He received 10 apprentices a month, if too many to teach. April 2005 he brought 40 disciples, earning 23000 yuan. A "hacker home" Netizen said, counterfeiting Trojan 1.5 months income can cross million.

White Sail said that before the virus author is a college student, write a virus just to show off his technology; now write the virus is very lucrative things, do this industry are also professional. In the United States, these people are aiming at the online bank password, in China, these are mainly to steal online games player's account.

He revealed that Symantec had monitored two famous Chinese bank websites for being hanged. In China, the popularity of internet banking allows many hackers to see new profit "Business opportunities", and CCTV "3 15" party exposure of the Internet bank account theft incident, only to uncover the iceberg of this huge interest chain.

How social networks vent their privacy

In the school net, the People's University canteen master and campus security have become popular, and happy net also swept white-collar workers last year. 　　Today, young people who do not play social networking sites cannot be called fashionable youth, who are not registered on one or two social networking sites? But who knows, behind a network of popular social networking sites, is there a black hand coming in? Qin Bin (a pseudonym) once in an insurance company for a period of time salesman, according to him, the insurance company often from some websites to buy user information. When you fill out a resume online, you often encounter one: is it public? If you tick ' yes ', they can sell it. "Qin Bin said. He also saw site owners to promote user information.

Website-specific information is not only sold to a company, they will sell their information unlimited time. Qin Bin sometimes call in the past, the other side will be very impatient to say: "How to call ah?" Just one such company called. ”

March 30, rising company released "Internet privacy and social networking site Security Report (2009)", for the current very popular social networking site users issued a security warning. The report pointed out that netizens registered personal data in social networking sites, it is very easy to encounter mobile phone number leakage, MSN and email account password stolen Seven major security risks, and the use of various ways to cheat netizens personal data for profit, has become a major source of profit for social networks.

Social networking sites are required to register the user's real name, otherwise it is difficult to enjoy many of the site's functions, such as credit is not high. and real-name registration for the site to collect a large number of users to provide the true information convenience.

Rising reports that the current domestic Internet users of personal privacy disclosure has reached a considerable degree, and the main cause of this situation, has been from the "Trojan virus small theft" gradually into commercial companies for purposeful collection.

"Hi, I recently joined a XX website, very fun, you also try it?" A lot of people in the MSN mailbox that a letter from the Friends of the invitation to worry, in the end who sent the mail? These letters may be from the user's registered dating site. When registering on a social networking site, they will remind you to enter your MSN, QQ, or email account password to see who has been registered. When the user fills out, their MSN, QQ or mailbox number has been collected by the website, they will automatically send invitations to these mail contacts.

In addition, rising also announced other risks to social networking sites: Through the game integral reward, the preferential enjoyment new function and so on way, encourages the user to fill out own real situation, encourages the netizen to bind the website account and the handset, establishes the mobile phone information base, exists the privacy leakage risk; Frequently harass the registered user MSN, the Mail contact person, Trick them into registering their own web site, even outright defrauding private information, and pushing ads.

How to be armed in the Internet age

White sail introduced, many attacks are the use of social engineering technology, also known as confidence scam, deceive users to execute the program would not be executed. For example, when users visit some sites, they will jump out of the installation dialog box, asking the user to download the new player or the latest version of the software, etc., in fact, this is a malicious software.

And some malicious ads, spam, spam blog is also everywhere traps, once visited, the computer on the "recruit."

According to Symantec's survey data, China is the largest zombie-infected country in the Asia-Pacific region and Japan, accounting for 78%, and is the most rejected country in the region. In terms of phishing attacks, China has the second-highest number in the region, with 42% per cent of its malicious activity.

Although many people have already installed anti-virus software on the computer, but this is only the virus rampant Trojan rampant network on the most basic step.

"Password policy is important. "White Sail said, to regularly replace the password, many people password for many years do not change, will give hackers an opportunity." NET silver, online games and chat tools do not set the same password, the password is best with uncommon symbols. Furthermore, users try to separate the machines for entertainment and work. Now home generally have two computers, to play games and QQ words with entertainment machines, if you want to use internet banking, to ensure that the work of the computer is clean.

He suggested that if the use of Internet banking, to set a consumption limit, such as setting a daily transaction of 100 yuan, more than 100 yuan will need to call to confirm, let others get your password can not be, so as to minimize the loss.

Rising engineers suggest that try not to fill out too detailed personal data on social networking sites. Especially their income level, marital status, whether they buy stocks, funds and other personal privacy.

Do not easily add MSN Friends, QQ friends, SNS website friends. With the development of SNS website, these personal data often have centralism, integration trend, for example, once you add someone for MSN Friend, he will automatically become your friend in many SNS websites.

When using SNS website, should make full use of its security mechanism. Through SNS website invite friend, if entered own MSN account password, mailbox account password, after use this function must revise the password immediately.