Current location - Music Encyclopedia - Today in History - What should I do if I become a broiler?
What should I do if I become a broiler?
No chicken! Check the hidden "broiler" -4 tips to find the Trojan horse hidden in the computer.

Tianya (issue 19, May 4, 2007)

Trojans are rampant on the internet, and we will become broilers in the hands of hackers if we are not careful. At that time, my computer will become a puppet controlled by hackers, and my personal privacy will be completely exposed. Refuse hacker control, my computer is my call. After the May Day holiday, the time for hackers to catch broilers began. According to the characteristics of Trojans, we used 4 tricks to avoid becoming hacker chickens.

Tip: Broiler is actually a Trojan horse attacked by hackers, or a computer with a backdoor program installed. Hackers can do all the operations on broilers like computer administrators. Nowadays, many people call the remote host with WEBSHELL permission a broiler.

The first trick: the system process distinguishes authenticity.

In order to hide themselves better, the popular Trojan horse uses many methods to hide itself, the most common of which is process hiding. This method is not only difficult for people to find through common inspection methods, but also may delete system processes if users operate improperly, leading to system instability or even collapse. Common Trojan programs include Grey Dove, Watcher and Up to the Star Troy.

Self-checking method

In order to disguise Trojan horse better, hackers often set the Trojan horse's name very similar to the system process name. Usually, system processes are loaded by system users. If we find that a "system process" is loaded by the current user, then there must be something wrong with this "system process".

In addition, we can also distinguish from the path of the system process. For example, the normal system process svchost.exe should be in the "c:\Windows\system32" directory. If users find their paths in other directories, there is a problem with the process.

In addition, the current Trojan pays great attention to protecting its own server programs. We may not be able to see Trojan's server process through Task Manager, because Trojan hides the server program through techniques such as thread insertion.

Here the tree tree suggests that you use IceSword (download address: /zsgj/GPDetect.exe)

Panda burning incense zhuansha tool

Jinshan:/db/download/othertools/dubatool _ whboy.bat

Wheat shadow virus killing tool

Jiang Min: /bzsoft/), because its scanning speed is very fast. Click the "Run" command in the start menu, enter "cmd" to open the command prompt window, and then enter the following command: stcp192.168.192.168.

Figure 1

The front and back IP addresses indicate the start and end addresses of scanning, and the back 135 indicates the scanned port, and 100 indicates the number of threads scanned. The bigger the number, the faster the speed. In particular, the default thread limit of many Windows systems is 10, so we need to use modification tools to adjust this limit.

Tip: For example, we can open bitspirit's installation directory, run BetterSP2.exe in it, set it to 256 in the "Change Limit to" option in the pop-up window, and finally click the "Apply" button to restart the system.

Step 2: Filter the targets that can be invaded from the computer with the 135 port open. First, open the IP address file Result.txt in the directory of S scanner, and delete more information in the text file, leaving only the content related to the IP address. Then run the cracking tool NTScan (download address: /bzsoft/) to crack the remote system (Figure 2).

Figure 2

Set the IP address file in "Host File" of NTScan window, select the WMI scan type, and then set it to 135 in "Scan Port". Finally, click the "Start" button to crack, and all the successfully cracked host addresses are saved in NTScan.txt.

Step 3: Now use the tool Recton to upload our Trojan horse program (download address: /bzsoft/). Click the "Planting" tab in the window, find an address in NTScan.txt, and then add it to the "Remote Host Settings" option. Then select the "Http Download" option, set the webpage link address of the Trojan horse program in the "File Directory", and finally click the "Start Execution" button (Figure 3).

Figure 3

In this way, the Trojan horse program was uploaded to the remote host through the 135 port and has been running quietly in the background of the system. This method does not need the participation of remote users, so its concealment and success rate are high, and it is suitable for batch capture of broilers, but the uploaded Trojan horse program must be treated without killing.

Tip: When running hacking tools, you need to turn off antivirus software first, because antivirus software will delete them as viruses.

Third, prevention skills.

1. Use the network firewall to shield the 135 port in the system, so that the hacker intrusion will fail from the first step. In addition, ports like 139, 445, and 3389 are also terminal products that we want to shield.

2. Enhance the strength of the administrator account password in the current system. For example, the password must be at least 6 digits, including numbers, uppercase and lowercase letters, etc. In this way, hacker tools can't easily crack our account password, so even scanning our 135 port will not help.

It is a cliche to install the latest version of antivirus software and update the virus database to the latest. If possible, users should use anti-virus software with active defense function.

Offensive and defensive game

Hacker: Using port 135 can really capture a large number of broilers, but it takes more time. With the continuous updating of the operating system and the strengthening of people's prevention of 135 port, this method has gradually become a novice, and real experts are dismissive. There are many ways for hackers to catch chickens. For example, we can also use thunder to spread the binding Trojan, which is a popular way to catch chickens.

Anti-editing: Since hackers use 135 port to invade, we only need to prohibit or restrict related functions. In addition, for hackers to use Thunder to spread and bind Trojans, in addition to using the security function of Thunder to detect during the download process, you can also use the tool "Web Trojan Interceptor". Whether it is a webpage Trojan or a bundled Trojan, as long as it runs, it will be intercepted and remind users to pay attention.

-

Ps: The above content is quoted from Computer Newspaper.

Don't panic, positive response is the best policy. )