May 11 2008
8 common tools of the Chinese hacker
I’ve seen a couple of articles like this on common Chinese hacker tools and finally decided to post one. The author points out that these are not the most sophisticated hacking tools in the world but when used correctly, can still be quite effective:
(Warning: I am not very good at tech xlations but will do my best. When possible, I will link to English articles explaining the tools. Hopefully, Jumper will fix, correct, delete if I’m too far off.)
1. Glacier - A [Remote Access] Trojan that opens up a backdoor program that, once installed on a system, permits unauthorized users to remotely perform a variety of operations, such as changing the registry, executing commands, starting services, listing files, and uploading or downloading files. Glacier typically runs from the server files.
2. Wnuke - Uses a loophole in the Windows operating system to transmit information over TCP/IP causing an OOB error and collapse of the system. Win-nuke or wnuke is a denial of service program that used to work on Windows 95-2000 systems.
3. Shed - Software that uses the NetBIOS protocols to attack Windows.
4. Superscan - SuperScan is a powerful TCP port scanner, that includes a variety of additional networking tools like ping, traceroute, HTTP HEAD, WHOIS and more. It uses multi-threaded and asynchronous techniques resulting in extremely fast and versatile scanning. You can perform ping scans and port scans using any IP range or specify a text file to extract addresses from. Other features include TCP SYN scanning, UDP scanning, HTML reports, built-in port description database, Windows host enumeration, banner grabbing and more. [update - changed link to the authors' site, foundstone.com]
5. ExeBind - Hacktool.Exebind is a tool that is used by hackers to bind several executable files into one distributable package. This tool could be used by hackers to create Trojan horses. Binders are programs that pack a malicious program of any sort in with a legitimate one. For example, you could take a backdoor like Glacier and bind it with minesweeper or something. When the victim launches the program, minesweeper starts along with the backdoor.
6. Mailbox Terminator - E-mail bomb that does not allow user to receive or send e-mail. This program creates a denial of service condition by flooding the victim’s mailbox with garbage messages. These programs (email bombs) aren’t widely used anymore because they are easily countered.
7. Liuguang - Software written by Little Rong (famous Chinese hacker) that allows neophyte hacker to scan POP3、FTP、HTTP、PROXY、FORM、SQL、SMTP、IPC$Content$nbsp for loopholes vulnerabilities. It is also capable of retrieving user passwords through these loopholes. [update]: Online, remote password guessing programs are widely used by Chinese hackers, especially website defacers. I’m pretty sure that Liuguang only attempts to guess passwords and does not exploit vulnerabilities.
8. Suxue - Another program written by Little Rong that uses exploits ASP, CGI on free mailboxes, forums, chat rooms to scan for user passwords. It relies on user’s birthdays and easy English passwords, it has a success rate of between 60-70 percent.
Gotta find out a bit more about this little Rong (小榕)…
UPDATE (MAY 12 0336GMT): I made some changes - Jumper.
UPDATE: Damn, looks like some of my college papers…at least it wasn’t in red. - Heike 
