The Basics of Hacking and Viruses
THIS IS FOR EDUCATIONAL PURPOSES ONLY (although I know readers will ignore this)
In the hacking world, there are 3 groups of hackers, distinguishable by their nonexistent colored hats:
- White Hat
- These are the "good guys" who help people out with their computer problems.
- Grey Hat
- A mixture of white and black, these hackers can either do both white and black hat hacking, or black hat hacking and then white hat hacking. For example, let's say a website has an exploit. The grey hat would use the exploit to hack into their website, but wouldn't cause any harm; only notify the admin that there is an exploit on their site.
- Black Hat
- The worst of them all, Black Hats hack to steal and steal to hack... if that makes any sense at all. They're the ones who could possibly steal your credit card info, crash your website, etc. You don't want to get on the bad side of these guys.
There are hundreds of different things to hack, and there are hundreds of ways to hack them. Here are the basics:
- Exploiting/Injection - Using problems or holes/faults in the victim to gain access.
- Flooding/DoS/DDoS - Using programs or multiple computers to send trillions of bytes to one location in an attempt to overload it.
- Brute Forcing - Using programs to try to access protected areas by guessing the password from a list or by words in the alphabet thousands of times a second.
- Cracking - Changing code inside the victim to gain access.
- Phishing - Tricking victims into entering personal data about themselves.
- RATing - Using programs called RATs to gain access to a victim's computer through a back door and control it.
All exploiting and injecting I can think of is used on websites. To exploit, hackers use scripts that trick the website into thinking the hacker is admin, or doing something only an admin can do, going the hacker power over parts or all of the site.
Exploiting/injecting can be done with programming code such as PHP, SQL, Javascript, basically anything that can write a website can be used to exploit a site. Example seen at right (drawn by me, like those drawing skillz?)
Flooding/DoS/DDoS
DoS (Denial of Service) and DDoS (Distributed Denial of Service) are powerful attacks that can be dangerous when used correctly. What it is, is basically the hacker sends trillions of billions of data to one location in an attempt to slow or shut the victim down. the victim can be a website, computer, or anything that has an IP address.
The difference between DoS and DDoS attacks is DoS attacks are by one person, whereas DDoS attacks are Distributed, as in across many computers. In DDoS attacks the hacker usually has control over all the victim's computers, nicknamed "Zombies". The Zombie are controlled by the hacker, the "Leader". The Leader sends commands to all the Zombies to ping, or send data to, one location. DDoS attacks are MUCH stronger than DoS simply because there are so many more attackers.
Example drawing of control at left, and example DoS program at right (the creator of that program mistakenly typed DDoS at the title instead of DoS since it can't control zombie computers).
Brute Forcing
Brute Forcing is slow, ineffective, and easily detected by a victim. A hacker would most likely use this as their last resort to attack a victim.
It's so ineffective because it needs to use either a dictionary (giant list of words in a text document), or guess random letters/numbers. Rarely do you ever see someone get brute forced, because they get caught so easily. The brute forcer tries to guess THOUSANDS of passwords per second, so of course the victim would know the hacker is trying to brute force because they look at the logs and see that someone tried to log in thousands of times.
Cracking
Used mostly on programs, cracking can be either patches (modifications to a program that can be downloaded and installed) or manual code changing (often with hex editors). hex (Hexadecimal) is a number system that counts by 16 values, in contrast to the decimal system that counts by 10 values (0-10), and uses the alphabetic letters A-F to represent the 6 values past 9. For example, counting in hex would be:
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0A, 0B, 0C, 0D, 0E, 0F, 10.
All computer files are able to be edited in a hex editor, and when in hex, the file contains such code like:
48 65 6C 6C 6F 2C 20 79 6F 75 72 20 61 72 65 20 72 65 61 64 69 6E 67 20 74 68 69 73 20 74 65 78 74 20 6F 6E 20 4F 63 74 6F 70 69 27 73 20 62 6C 6F 67 2E(That text said "Hello, your are reading this text on Octopi's blog.") Most files can be edited in hex and able to be executed again, but some cannot. I'm not very knowledgeable about hex editing, but it requires a lot of knowledge on how to do it.
However, there are many patches of programs that can be downloaded off of the internet such as Photoshop, Vegas Pro, Call of Duty, etc. Most of them are ILLEGAL because it's allowing people to use programs for free that should be paid for. Plus, most of cracks of programs are disguised as viruses or RATs (see the section on RATs below), so make sure that if you decide to use a crack, download from a reliable location. ThePirateBay.org is a torrent site that provides pretty clean cracks.
Phishing
Phishing, like it's name suggests, "hooks" victims like a fish to give the hacker their personal information. The victim gets tricked into thinking it's the legitimate website, but it's actually the hacker's website. When they attempt to log in, the website sends those credentials to the hacker.
Most phishing attacks are done by the hacker mass emailing thousands of random emails a fake website account email. Almost everyone who has an email gets spam, and I'm sure you've gotten one of those emails that say, "Your bank account has had suspicious activity! Log on here: http://www.hackersite.com/bankofamerica". That is a phishing attempt.
It's pretty easy to tell if an email is a phishing attempt, by following these rules:
- If the email has spelling/grammatical errors, it may be an attempt.
- If the URL of the website the email sends you is fraudulent, then it's definitely a phishing attempt.
- To tell if a URL is fake, make sure that the domain is real.
- Real: http://login.wellsfargo.com/
- Fake: http://wellsfargologin.qibgh3.com/
- ALWAYS check the subdomain and domain before visiting a suspicious link.
- For example, if you get an email from Wells Fargo, make sure the DOMAIN is Wells Fargo, not something else.
- A email without images that tries to get you to log into a website is usually the case of a phishing attempt. However, hackers are getting smarter and disguising their emails with images that make the email appear real. But remember, ALWAYS check the URL.
This type of hacking is my favorite :D RATs are programs that install trojans on victims computers, giving the hacker access to them. Once they get access, they can do basically whatever they want, whether it's harassing them, changing their background, watching their screen, or even wiping their hard drive.
Most RATs are easy to detect because they're used so often, but hackers now use crypters to stop anti-virus programs from detecting that it's a hacking program. For example, scanning an infected file would come up in a result like this:
File server.exe received on 2010.01.18 07:16:13 (UTC) Antivirus Version Last Update Result a-squared 4.5.0.50 2010.01.18 Riskware.Win32.DelfInject!IK AhnLab-V3 5.0.0.2 2010.01.16 - AntiVir 7.9.1.142 2010.01.17 TR/Spy.Gen Antiy-AVL 2.0.3.7 2010.01.12 - Authentium 5.2.0.5 2010.01.16 W32/Downloader.C.gen!Eldorado Avast 4.8.1351.0 2010.01.17 Win32:Buzus-IV AVG 9.0.0.730 2010.01.17 Generic15.AZNC BitDefender 7.2 2010.01.18 Generic.Malware.SPV!PkWk!.92DC6447 CAT-QuickHeal 10.00 2010.01.18 Trojan.Mepaow.jty ClamAV 0.94.1 2010.01.17 Trojan.Killav-109 Comodo 3621 2010.01.18 Heur.Packed.Unknown DrWeb 5.0.1.12222 2010.01.18 Trojan.Apocalyps.1 eSafe 7.0.17.0 2010.01.17 - eTrust-Vet 35.2.7243 2010.01.18 Win32/Dowque.AXR F-Prot 4.5.1.85 2010.01.17 W32/Downloader.C.gen!Eldorado F-Secure 9.0.15370.0 2010.01.18 - Fortinet 4.0.14.0 2010.01.18 - GData 19 2010.01.17 Generic.Malware.SPV!PkWk!.92DC6447 Ikarus T3.1.1.80.0 2010.01.18 VirTool.Win32.DelfInject Jiangmin 13.0.900 2010.01.18 Trojan/Mepaow.gv K7AntiVirus 7.10.949 2010.01.16 - Kaspersky 7.0.0.125 2010.01.18 - McAfee 5864 2010.01.17 BackDoor-EIL McAfee+Artemis 5864 2010.01.17 BackDoor-EIL McAfee-GW-Edition 6.8.5 2010.01.17 Trojan.Spy.Gen Microsoft 1.5302 2010.01.18 VirTool:Win32/DelfInject.gen!L NOD32 4781 2010.01.18 a variant of Win32/Lypserat.A Norman 6.04.03 2010.01.17 - nProtect 2009.1.8.0 2010.01.18 Trojan/W32.Mepaow.73216.G Panda 10.0.2.2 2010.01.17 Suspicious file PCTools 7.0.3.5 2010.01.18 Trojan.IRCBot Prevx 3.0 2010.01.18 Medium Risk Malware Rising 22.31.00.03 2010.01.18 Backdoor.Win32.Undef.fcl Sophos 4.49.0 2010.01.18 Mal/Behav-010 Sunbelt 3.2.1858.2 2010.01.17 RiskTool.Win32.ProcessPatcher.Nor!cobra (v) Symantec 20091.2.0.41 2010.01.18 W32.IRCBot.Gen TheHacker 6.5.0.6.154 2010.01.18 - TrendMicro 9.120.0.1004 2010.01.18 PAK_Generic.001 VBA32 3.12.12.1 2010.01.17 Trojan.Win32.Mepaow.jrk ViRobot 2010.1.18.2141 2010.01.18 - VirusBuster 5.0.21.0 2010.01.17 -
Whereas a crypted RAT would return results like this:
As you can see, it can be dangerous when crypted files are sent out to the public. That's why its always good to have an anti-virus on your computer (I recommend AVG), because you don't always know when there's a virus on your computer.
File Keygen.exe received on 2010.02.03 07:09:18 (UTC) Antivirus Version Last Update Result a-squared 4.5.0.50 2010.02.03 - AhnLab-V3 5.0.0.2 2010.02.03 - AntiVir 7.9.1.156 2010.02.02 - Antiy-AVL 2.0.3.7 2010.02.02 - Authentium 5.2.0.5 2010.02.03 - Avast 4.8.1351.0 2010.02.02 - AVG 9.0.0.730 2010.02.02 Dropper.Small.CGH BitDefender 7.2 2010.02.03 - CAT-QuickHeal 10.00 2010.02.03 - ClamAV 0.96.0.0-git 2010.02.03 - Comodo 3802 2010.02.03 - DrWeb 5.0.1.12222 2010.02.03 - eSafe 7.0.17.0 2010.02.02 - eTrust-Vet 35.2.7278 2010.02.03 - F-Prot 4.5.1.85 2010.02.01 - F-Secure 9.0.15370.0 2010.02.03 - Fortinet 4.0.14.0 2010.02.03 - GData 19 2010.02.03 - Ikarus T3.1.1.80.0 2010.02.03 - K7AntiVirus 7.10.963 2010.02.02 - Kaspersky 7.0.0.125 2010.02.03 - McAfee 5880 2010.02.02 - McAfee+Artemis 5880 2010.02.02 - McAfee-GW-Edition 6.8.5 2010.02.02 - Microsoft 1.5406 2010.02.03 - NOD32 4830 2010.02.03 a variant of MSIL/TrojanDropper.Agent.T Norman 6.04.03 2010.02.02 - nProtect 2009.1.8.0 2010.02.03 - Panda 10.0.2.2 2010.02.02 - PCTools 7.0.3.5 2010.02.03 Trojan.Generic Prevx 3.0 2010.02.03 - Rising 22.33.02.03 2010.02.03 - Sophos 4.50.0 2010.02.03 - Sunbelt 3.2.1858.2 2010.02.03 - TheHacker 6.5.1.0.177 2010.02.03 - TrendMicro 9.120.0.1004 2010.02.03 - VBA32 3.12.12.1 2010.02.02 - ViRobot 2010.2.3.2169 2010.02.03 - VirusBuster 5.0.21.0 2010.02.02 -
Here's a few screenies of different RATs.
3 comments:
GREAT POST sorry about the caps lock lols. but are you saying that youd be able to get COD or photoshop for free through hacking?
Don't get any ideas Austin...
Yep. But it's completely illegal, and if caught you will be fined thousands of dollars, or, put in prison.
But if you don't, that's cool. :D
Post a Comment