Top 10 hacker software exposure on the Internet

Top 10 hacker software exposure on the Internet

Hacker websites on the Internet are everywhere, and hacking software is getting increasingly hacked. I will expose these hacking software in different categories and propose corresponding solutions to prevent them from happening before they happen.

I. Ancient winnuke
Platform: Windows 95 (including osr2)
Principle: An OOB error occurs when a piece of information is sent to a remote machine through the TCP/IP protocol using a Windows 95 system vulnerability, causing it to crash.
Symptom: a blue-white text prompt is displayed on the computer screen: "An exception occurs in the system." Press ESC and return to the original state, or the system crashes.
Hazard: affects normal operations.
Countermeasure: Create a text file with a WordPad or other editing software named oobfix. Reg. The content is as follows:
Regedit4
[Hkey_local_machinesystemcurrentcontrolset servicesvxdmstcp]
"Bsdurgent" = "0 ″
Start the resource manager and double-click the file.

Ii. Network genie NetSpy
Platform: Windows 95/Windows 98/Windows NT/Windows 2000
Principle: NetSpy is a simple file transfer software based on TCP/IP. In fact, you can regard it as an enhanced FTP server without permission control. With this feature, hackers can upload and upload arbitrary files on the target machine, and perform some special operations.

Symptom: a dialog box named "courier service" appears strangely on the screen. The content of the dialog box is specified by the hacker on the monitoring terminal; normally executed programs (games, Internet browsers, netterm, AutoCAD, word, and so on) are closed in silence; suddenly shut down; some programs are executed abnormally; press CTRL + ALT + DEL. The NetSpy process is displayed in the displayed taskbar.

Hazard: Data Security on machines is affected by the threat Association. System processes and user processes in the system can be created or killed at will ). The screen is monitored by hackers.
Countermeasure: in the registry, delete the NetSpy. EXE key value in [hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservice or run.

Iii. super hacker Bo 2000
Platform: Windows 95/Windows 98/Windows 2000
Principle: Bo 2000 (Back Orifice) is the most comprehensive hacker tool for TCP/IP architecture. In addition to all functions of NetSpy 2.0, it also supports modifying the registry of the client computer. Supports multimedia operations. The data uses encrypted UDP packets. The principle is similar to that of NetSpy V2.0 (in fact, NetSpy is a simplified version of Bo 2000 after being compiled using Visual C ++ ).

Symptom: everything is in silence. The hard disk is always strange.
Hazard: hackers become super users completely under the control of others. All your operations can be recorded as "videotape" by Bo 2000's "secret camera ". Keyboard keys in all windows other than msdos are recorded in different categories.

Countermeasure: Go to the Registry and delete the bogui. EXE and boclient key values in [hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservice or run.

Iv. Garbage King hdfill
Platform: Windows 95/Windows 98/Windows NT/Windows 2000
Principle: computer enthusiasts always like to execute setup. EXE or install. EXE to see what the software hdfill is a "Trojan Horse". On the surface, it looks like an installer. In fact, 999999999 variable-length files are generated during the "installation" process, until you fill up your hard disk.

Phenomenon: Cute installation screen. When you find out, there is too much garbage in the hard disk.
Hazard: the workload for clearing 999999999 files is too large. Otherwise, only format is used to format the hard disk.
Countermeasure: Use hackerscan v0.69 to scan unknown software.

V. keyboard ghost keyboardghost
Platform: Windows 95/Windows 98/Windows NT/Windows 2000
Principle: Windows is an operating system based on message loop. The core area of the system retains certain bytes as the buffer for keyboard input. The data structure is queue. The keyboard ghost records the password entered on the keyboard (an asterisk is displayed on the screen) by directly accessing this queue.

Symptom: generate an implicit file named kg. dat in the root directory of the system.
Hazard: your email address, proxy account, and password will be recorded. In short, all the symbols involved in the password window displayed in the form of a star will be recorded.
Countermeasure: in the registry, delete the one-key value [hkey_local_machinesoftwaremicrosoftwindowscurrentversionrunservice] → kg. EXE and delete the file kg. EXE from the Windowssystem directory. The C: kg. dat file also needs to be deleted.

Vi. eye-catching viewpwd
Platform: Windows 3.x/ Windows 95/Windows 98/Windows NT/Windows 2000
Principle: access the private data in the window to obtain information, so that the asterisks and passwords encrypted on the screen are "authentic ".
Symptom: none.
Hazard: leakage of personal information may cause economic losses.
Countermeasure: Clear the asterisks in software such as Foxmail and jetcar in time.

7. tianxing assassin
Platform: Windows 95/Windows 98
Principle: You can monitor specified machines by stealing unencrypted information from routers. Extremely high level.
Symptom: None
Hazard: Your userid and password in E-mail will be stolen by hackers, and your FTP and BBS login usernames and passwords will also be stolen.
Countermeasure: Try to use FTP commands in ms dos and telnet commands in windows, and use Foxmail, jetcar, dlexpert, and netant to intercept your proxy password. Try to use browsers like IE or Netscape because they encrypt your important data.

8. Thieves proxythief
Platform: Windows 95/Windows 98/Windows NT
Principle: by setting your computer as a proxy server, you can pay the network fee and use your IP address to connect to the Internet. As a result, you become a "scapegoat ". The premise is that hackers must execute proxythief directly on your machine, or remotely execute it through NetSpy or Bo 2000. The installation of proxythief is performed in the background and you cannot notice it.

Phenomenon: occasionally, the machine's Internet access speed slows down. If no program is executed on an empty machine, the hard disk will be turned around for no reason. Use netinspect V1.0 (network monitoring) to scan the machine from Port 0 to port 9999 to find the free proxy! Generally, inexperienced hackers do not modify the default value 8080. If your machine is not a gateway or proxy, your port has been stolen by hackers.

Hazard: hackers are hidden from economic losses.
Countermeasure: Start Regedit. EXE, search for the keyword "proxythief", and delete all related keys and key values.

9. Parasite exebind
Platform: Windows 3.x/ Windows 95/Windows 98/Windows NT/Windows 2000
Principle: the applet binds the specified hacker program to any popular software, so that when the host Program is executed, the parasitic Program (hacker program) is also executed in the background. Multiple bindings are also supported. In fact, it is implemented by splitting files multiple times and calling sub-processes from the parent process multiple times.

Symptom: almost none.
Hazard: NetSpy, hdfill, and Bo 2000 are normally transmitted over the Internet through this form.
Countermeasure: Use hackerscan v0.69 to scan, identify and delete the bundled program.

10. Port hunter porthunter
Platform: Windows 95/Windows 98
Principle: The software occupies a large number of socks for port search, reducing LAN transmission efficiency and endangering network security. By using the negligence of system management personnel, the SMTP port is used to send e-mail (: 119), the proxy port without a password is stolen (: 8080), and the internal FTP port used (: 25 ).

Phenomenon: the LAN slows down, the browser cannot access the network, and the BBS is offline.

Hazard: the port of your machine is stolen by hackers, even in the "free proxy" column on some personal homepages. This will bring together a bunch of "worms" to use the Internet on your port, send anonymous e-mails, "fill water" on FTP, use "email bombs", and send online calls. By then, you will not be able to access the Internet, nor even play games.

Countermeasure for the LAN of the Novell Network, we can restrict the running of specific programs, such as proxyhunter, xhunter, sockshunter, portter, and porthunter. For LAN users of other frameworks, you can also disable the running of some hacker programs on the server. But this is just a trick to lie to the child, because as long as you change proxyhunter. EXE to 123abc. EXE, you can "black" again.