Many of my friends have experienced QQ account theft. After using the "password protection" function to find it, the qcoins in it have also been ranked by hackers and have been attacked by more vicious hackers, you will also delete all your friends and friends will always leave you. Have you ever thought about counterattack? What, counterattack? Don't make a joke. We are just cainiao, not a hacker. We only look at the web pages and chat. We don't even know how the QQ number was stolen. What about the hacker? In fact, the so-called "hackers" who like to steal accounts only use some ready-made hacking tools. As long as we understand the process of QQ account theft, we can take appropriate measures to prevent such attacks, or even guard against attacks, a fatal blow to the hacker.
I. Know Yourself And know yourself, And the hacking technology is no longer mysterious
Currently, the number of QQ account theft software that is still being updated is few, the most famous of which is not the "QQ account theft". At present, the vast majority of QQ account theft incidents are caused by this software. The usage of the software is very simple, as long as you have a mailbox that supports SMTP sending or a Web page space that supports ASP scripts. In addition, the Trojan can automatically divide the stolen QQ number into two types: nickname and non-nickname, and send them to different mailboxes respectively. This is also one of the reasons why "QQ theft" is so popular. Next, let's take a look at how it works to find the alternative.
1. Select the account theft mode.
Download "ah la QQ thief", decompress the package, there are two files: alaqq.exe, love forever, love Nanny QQ. asp. Among them, alaqq.exe is the configuration program of "ah la QQ grand theft". Love forever, love Nanny QQ. asp is the file used when "website reception" mode is used. Before using it, you must set its parameters.
"Email receiving" configuration: Run alaqq.exe. The configuration page of the program appears. Select "email receiving" in the "mail mode selection" option, and fill in the email address in "email receiving" (we recommend that you use the default 163.com Netease mailbox ). Here, the mailbox n12345@163.com (password n_12345) as an example to introduce the "Mailbox" mode configuration, and the following test. In addition, you can enter different email addresses in "inbox (pretty)" and "inbox (general)" to accept QQ nickname and normal QQ number. Then select the SMTP server corresponding to your mailbox in the "Mail Server" drop-down box, which is smtp.163.com. Enter the account, password, and full name of the mailbox.
After the configuration is complete, we can test whether the entered content is correct. Click the "test mailbox" button below, and the program will display the mailbox test status. If all the items in the test are successfully displayed, you can complete the mailbox information configuration.
"Website email receiving" configuration: in addition to the "email receiving" mode, we can also select the "website email receiving" mode to automatically upload the stolen QQ number to the specified website space. Of course, some preparation work is also required before use.
In the hosts file.
2. Set additional Trojan Parameters
Next we will perform advanced settings. If you select "Disable QQ after running", once the other party runs the trojan generated by "ah la QQ.com", QQ will be automatically disabled 60 seconds later. After the other party logs on to QQ again, the QQ number and password will be intercepted by Trojans and sent to the account or website space of the hacker. In addition, if you want the Trojan to be used in the internet cafe environment, you need to check "Restore genie automatic transfer" so that the Trojan can still run after the system restarts. Keep the default values.
3. Stealing QQ number information
After configuring "ah la QQ grand theft", click "generate Trojan" on the program interface to generate a trojan program that can steal QQ numbers. We can disguise the program as a picture, a small game, or bundle it with other software for dissemination. When someone runs the corresponding file, Trojan horse will be hidden in the system. When there is a QQ login in the system, Trojan Horse will start to work and intercept the relevant number and password, and send the information to the mailbox or website space according to the previous settings.
2. Train your eyes to ensure that Trojans are nowhere to escape in the system
Now that we know the general process of "ah la QQ thieves", how can we find "ah la QQ thieves" in the system? In general, if you encounter the following situations, you should be careful.
· QQ is automatically disabled.
· A program disappears after it runs.
· Anti-virus software is automatically disabled after a program is run.
· The browser is automatically closed when you access the anti-virus software website.
· If the anti-virus software has the mail monitoring function, a warning box is displayed for sending emails.
· Install a network fire wall (for example, the Skynet fire wall) to warn you of ntdhcp.exe network access.
If one or more of the above situations occur, the system may have been infected with "ah la QQ ". Of course, infected Trojans are not terrible. We can also clear them from the system.
1. manually scan and kill Trojans. If the system is infected with "ah la QQ", we can manually clear it. After the installation, a file named ntdhcp.exe is generated under the System32 file in the system directory, and the trojan key value is added to the startup Item of the Registry, so that the Trojan can be run every time the system starts. First, we need to first run the task manager, and then use ntdhcp.exe ". Open the "Folder Options" in resource manager, select the "View" tab, and remove the check box before the "Hide protected operating system files" option. Access the System32 folder in the system directory and delete the ntdhcp.exe file. Delete the ntdhcp.exe key value from the last entry to the registration table. The key value is in HKEY_LOCAL_MACHINE
/Software/Microsoft/Windows/CurrentVersion/run.
2. Uninstall the Trojan. It is very easy to uninstall "ah la qq". You only need to download the configuration program of "ah la qq" and click the "uninstall program" button to clear the Trojan horse from the system.
3. Give the hacker a fatal blow
After busy for a long time, I finally wiped out the "ah la QQ thief" in the system. Should we give him a lesson in the face of the hateful hacker?
1. Attackers can exploit the vulnerability to switch from defender to defender.
The so-called "attack" here is not a direct intrusion into the hacker's computer. I believe this "technical activity" is not suitable for everyone. This is just to start with the vulnerabilities in almost all the software, so as to give hackers a lesson.
So what is this vulnerability?
From the previous analysis of "ah la QQ grand theft", we can see that the configuration section contains the email account and password for receiving QQ number information emails, while the account and password of the mailbox are saved in the Trojan program in plain text. Therefore, we can find the account and password of the hacker from the generated Trojan program. In this way, attackers can easily control their email addresses, so that hackers cannot attack the virus.
Tip: The above vulnerability only exists in sending QQ number information as a Trojan by email. If you select to use the website Receiving Method When configuring "ah la QQ stealing", this vulnerability does not exist.
2. Network sniffing, anti-hacker email
After the trojan intercepts the QQ number and password, it will send the information to the hacker's email address. We can start from here, when a Trojan sends an email, the network packet is intercepted. The intercepted packet contains the account and password of the hacker's email address. Some network sniffing software can be used to intercept data packets. These sniffing software can easily intercept data packets and automatically filter out password information.
· X-sniff
X-sniff is a command line sniffing tool with powerful sniffing capabilities. It is especially suitable for sniffing the password information in data packets.
Decompress the downloaded X-sniff to a directory, such as "C:/Example
-Pass-hide-Log
Pass. log (command meaning: run X-sniff in the background, filter out the password information from the data packet, and save the sniffing password information to the pass in the same directory. log File ).
After the sniffing software is set up, we can log on to QQ normally. At this time, the trojan starts to run, but since we have run X-sniff, all information sent by the trojan will be intercepted. After a moment, go to the folder where X-sniff is located, open pass. log, and you will find that X-sniff has successfully sniffed the account and password of the mailbox.
· Sinffer
Many of our friends may have a sense of fear about the things in the command line, so we can use a graphical sniffing tool for sniffing. For example, sinffer suitable for beginners.
Before Running sinffer, We need to install the Winpcap driver. Otherwise, sinffer will not work properly.
Run sinffer. First, specify a network card for sinffer.exe, click the network card icon on the toolbar, select your own network card in the pop-up window, and click "OK" to complete the configuration. After confirming the above configuration, click "start" in the sinffer toolbar, and the software starts sniffing.
Next, we can log on to QQ normally. If the sniffing succeeds, the captured data packet will appear on the sinffer interface, and the email account password information is clearly listed.
After obtaining the account number and password of the hacker, we can delete all the QQ number emails, or modify the password of the hacker to give the hacker a lesson, so that the hacker can make us more reasonable.