We can't say that two pieces of chicken are useless.

We can't say that two pieces of chicken are useless.

People often want it, but if you don't want it right, it's hard to steal rice. Let's talk about two things we have seen recently:

Remote control does not kill 360-same as it is true

My colleague found that someone posted a post on a hacker forum titled [Signature-free killing] the latest version of remote control Ghost RAT over 360 Kingsoft manager rising Baidu.

After reading it, I felt so flustered. Hurry up and come back to test it. In the past, the remote control generator should first run to generate a remote control client, and then test the Interception Capability of the remote control client. However, what is incredible is that this sample is run after it is downloaded, and there is no interface for generating the client, so I have to analyze it.

The program displays and obtains its own file handle, and then reads data cyclically.

Then, various files are released to the % ProgramFiles % \ bing directory:

After the release is complete, start the main program named GoTop, and then ...... No ...... This program was quietly deployed to play with this batch of files and then exited ......

This Gotop also sent some basic information of my local machine to the server for statistics, and then started the gotopbr under the browser directory to start refreshing its traffic ~~

As a practitioner of information security, the use of virtual machines for testing has become a natural task. Think about the so-called "hackers" who want to get away with the so-called "hackers" who want to control other people's machines without killing the major mainstream and killing the soft ones ...... It turned out to be a profitable tool for others ......

Plug-ins turn into screen lock dogs

Coincidentally, another friend also told me about one forum. This is just a game plug-in launched, and the spread of malicious programs has been deleted, just look at the title:

Find a friend to find the original program. Run it and check it out. Don't say, it's really a plug-in:

But secretly engaged in some sideline services. A file named ddr2.dll is released in the root directory of the C drive:

Ddr2.dll creates a Base. ini file under system32.

Run the Base. ini file that appears to be a configuration file.

Base. ini is simply and rudely a download Trojan ---- download & run:

When the downloaded dvfsxf.exe file is downloaded, another netipv96.dll file is downloaded to call it:

It is a pity that I am still a little late-maybe I have deleted the post to make the other Party feel something, so I disabled the server:

But we can still reply from the Forum until what he did at that time-a typical barrier Trojan:

Don't be greedy

In our opinion, this kind of thing is actually very common, such as plug-ins, Trojan generators, hacking tools ...... Trojans are everywhere. What the other party uses is your greed. Do you want to get it for nothing? I will give you a tool and use it. The result is that you become a tool for others' profits.