Beruflich Dokumente
Kultur Dokumente
A cow was lost in Jan 14th 2003. If you know where it is, please contact with me. My QQ number is 87881405.
QQ is one of the most popular IM in China.
Number of cases
16000 14000 12000 10000 8000 6000 4000 2000 0
13650
11614
6633
4545
2000
2700
2001
2002
2003
2004
51%
45%
27%
20%
73%
80%
2003
2004
10
20
30
Hacking case: HOW? Major categories of intrusion technology used by hackers in the cases we investigated
70 60 50 40 30 20
XSS Vulnerability of Server (Buffer overflow, Format String, Weak password...) Social Engineer Vulnerability of Client Software SQL injection
10 0
DDOS
vulnerability of client software Large-scale intrusion by decoying users to install malicious code through P2P, IM, Email network
Case example
A virus on QQ (a most popular IM) were created to spread malware in order to creat an IRC botnet: 60,000 hosts were infected. Wi.ourmid.com Please visit
wi.ourmidi.com
Buy(download) exploit code and malicious code from other one Buy victim hosts from other one
Netbank accounts were stolen. The suspect intruded into a website and put malicious code on the main webpage. When users browsing the website, the malicious code will be installed automatically onto the users hosts. The malicious code will steal all kind of Netbank accounts and post onto another website hacked by the suspect.
However:
The suspect know nothing about hacking technology. The suspect bought the malicious code and victim websites totally
from other hackers. The suspect only working step by step according to the manual provided by other hackers.
Preference of hackers
Damage to Internet Security Small damage Less profit. (Newbie) Small Damage More Profit (Experienced hacker) Severe damage Less profit. ( Exploit buyer) Severe damage More profit. (Almost none)
Profit
Current protection technology have not successfully protect against following attack yet.
Sql injection XSS Distribute malware over P2P/IM network Social engineering
identity, Netbank account, online stock account, online game account etc. Most of them dont realized that there activity cause severe damage to Internet security.
virus this year. However, the detail information about the virus were published and the suspect never access the related network resource anymore. If you reporting to us beforehand, the source of most identity stealing malicious code can be revealed.
trace the source of the malicious code. However, malicious codes on a lot of victim hosts were killed by the anti-virus software.
virus.
list, there time stamp and hash value. When the user report an incident to anti-virus company, you will get more chance to collect the malicious code.
Integrate antivirus technology into popular P2P, IM, Email and WEB server.
Just kill the malicious code on personal computer fail
to throttle the spread of malicious code. The malicious code distributed through P2P, IM, Email and WEB server can hardly be monitored and throttled.
Game Over
Bye bye!