May 11 2008

8 common tools of the Chinese hacker

Published by at 8:34 pm under Chinese Malware

I’ve seen a couple of articles like this on common Chinese hacker tools and finally decided to post one. The author points out that these are not the most sophisticated hacking tools in the world but when used correctly, can still be quite effective:

(Warning: I am not very good at tech xlations but will do my best. When possible, I will link to English articles explaining the tools. Hopefully, Jumper will fix, correct, delete if I’m too far off.)

1. Glacier – A [Remote Access] Trojan that opens up a backdoor program that, once installed on a system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry, executing commands, starting services, listing files, and uploading or downloading files. Glacier typically runs from the server files.

2. WnukeUses a loophole in the Windows operating system to transmit information over TCP/IP causing an OOB error and collapse of the system. Win-nuke or wnuke is a denial of service program that used to work on Windows 95-2000 systems.

3. Shed - Software that uses the NetBIOS protocols to attack Windows.

4. SuperscanSuperScan is a powerful TCP port scanner, that includes a variety of additional networking tools like ping, traceroute, HTTP HEAD, WHOIS and more. It uses multi-threaded and asynchronous techniques resulting in extremely fast and versatile scanning. You can perform ping scans and port scans using any IP range or specify a text file to extract addresses from. Other features include TCP SYN scanning, UDP scanning, HTML reports, built-in port description database, Windows host enumeration, banner grabbing and more. [update - changed link to the authors' site, foundstone.com]

5. ExeBindHacktool.Exebind is a tool that is used by hackers to bind several executable files into one distributable package. This tool could be used by hackers to create Trojan horses. Binders are programs that pack a malicious program of any sort in with a legitimate one.  For example, you could take a backdoor like Glacier and bind it with minesweeper or something.  When the victim launches the program, minesweeper starts along with the backdoor.

6. Mailbox TerminatorE-mail bomb that does not allow user to receive or send e-mail. This program creates a denial of service condition by flooding the victim’s mailbox with garbage messages.  These programs (email bombs) aren’t widely used anymore because they are easily countered.

7. Liuguang – Software written by Little Rong (famous Chinese hacker) that allows neophyte hacker to scan POP3、FTP、HTTP、PROXY、FORM、SQL、SMTP、IPC$Content$nbsp for loopholes vulnerabilities. It is also capable of retrieving user passwords through these loopholes. [update]:  Online, remote password guessing programs are widely used by Chinese hackers, especially website defacers.  I’m pretty sure that Liuguang only attempts to guess passwords and does not exploit vulnerabilities.

8. Suxue - Another program written by Little Rong that uses exploits ASP, CGI on free mailboxes, forums, chat rooms to scan for user passwords. It relies on user’s birthdays and easy English passwords, it has a success rate of between 60-70 percent.

Gotta find out a bit more about this little Rong (小榕)…

UPDATE (MAY 12 0336GMT): I made some changes – Jumper.

UPDATE: Damn, looks like some of my college papers…at least it wasn’t in red. – Heike :)

One response so far

One Response to “8 common tools of the Chinese hacker”

  1. [...] list of “hacker tools” is brought to us by Dark Visitor. We should probably be keeping any eye out for any of these tools [...]