Hackers can easily make millions of dollars by using mining Trojans? Here's how to avoid becoming a hacker's "zombie"

The most destabilizing factors in the digital currency market are nothing more than three: regulation, scammers, and hackers. Regulation and scammers are easy to understand. The proliferation of scam air coins and scam exchanges has led to regulatory crackdowns, causing market turmoil. The mysterious hackers who come and go without a trace in the digital world are indeed more unpredictable than the former two. They are the "biggest worry" for people holding digital assets, who are always worried that they have become "zombies" without knowing it.

1. What is a broiler chicken?

"Zombie chickens" refer to Internet-connected devices that have been hijacked and controlled by others without the owner's authorization, such as computers, mobile phones, website servers and other Internet-connected devices. These devices are like chickens waiting to be slaughtered in hacker cages.

Here we need to make a distinction. Some people think that if a Trojan virus is infected, it will become a "zombie". In fact, "planting Trojans" is just a means for hackers to gain control of related devices or achieve a certain purpose. Due to their functional relationship, some Trojans are not very harmful and cannot hijack control, so they will not become "zombies".

In fact, you don’t need to be infected with a Trojan virus to become a “zombie machine”. Many times, certain system functions or normal software from regular companies in your computer or mobile phone already carry “viruses” that turn the device into a “zombie machine”.

1. Types of broiler chickens
On the dark web or in some open and aboveboard places, "zombie chickens" are also categorized and clearly marked with prices. The "hacker industry chain" has a clear division of labor, with those responsible for producing Trojan viruses, those responsible for spreading Trojan viruses, those responsible for catching "zombie chickens", those responsible for buying, selling and using "zombie chickens", and those responsible for selling stolen goods.

There are many types of "zombies". According to the device type, they can be divided into personal computer zombies, mobile phone zombies, website server zombies, etc.; they can also be divided according to the types of popular Trojan viruses that control the "zombies".

As shown in the picture below, there are 265 "broiler trading information" in the forum of a well-known domestic community (this is just a small and open trading corner).

"Broiler chicken business" in broad daylight

I guess many people don’t quite understand what some of the words in the picture mean. Let me explain:

Shell: This refers to WebShell, which is a "server that has been granted access" or "zombie" in layman's terms. That is to say, after gaining access to the server, hackers who know how to use it can modify the web pages on the server at will, and visitors will visit the web pages that have been tampered with by hackers. The web pages may prompt you to upload your private key or password, or continue to plant a personal computer Trojan virus on the web page, and the visitor's computer will also become a "zombie".

2. How did the term “broiler chicken” come about?

How we become "zombies" is actually the "catching broilers" link that hackers love to talk about, and it is also a crucial link in the entire black industry chain. There are countless ways to plant Trojans in bulk, download apps with Trojans, visit websites with Trojans, use browser vulnerabilities to download and run Trojans, attack the servers of regular software to make the clients of regular software automatically download Trojans, spread through phishing emails...

Some software even appear to be doing legitimate business, but secretly place "backdoors" in private. For example, the pirated Windows system installation package used by many people may have various modified versions (with Trojans and viruses) on the Internet. In other words, the systems installed by many people themselves carry Trojans and viruses "backdoors", and the modified devices have become "zombies" when the system is installed.

Some friends often find that some software shortcuts suddenly appear on their computer desktops, and they are browsers and other applications from the same company. In fact, this is the behavior of "Trojan" backdoors. Although you do not actively allow them to automatically download and install, they secretly download and install software. At this time, the computer becomes a "zombie". If you download their software, such as some anti-virus software, they can control your computer in the cloud and let you download viruses. It is simply impossible to prevent. However, due to the law, some companies dare not do something obvious and do something harmful.

Here is a less common example:

• Step 1: Use scanning tools. If the target is a personal computer, the hacker can specify the IP segment of the individual's Internet access to scan on the network.
  If the target is a website, most of the time, a large number of URLs are obtained by searching some websites with "keyword" features through search engine keywords, and then the web pages under a large number of websites are batch scanned or detected.
  What to scan? Scan open ports and vulnerabilities on personal computers, scan program vulnerabilities on some websites, and server vulnerabilities, etc.

• The second step is the simplest example of vulnerability exploitation and intrusion. For example, if some personal computers have port "3389" open, after being scanned in batches, hackers can enter through the default empty password or weak password, or try to log in through the guest account and then elevate permissions. Once hackers successfully log in, it is like being "remotely controlled by QQ", and hackers can do whatever they want. Because port "3389" is the default port for the remote assistance function that comes with the Windows operating system, the opening of this port means that the remote assistance function is open. Many people never use this function, but in the early years this function was turned on by default, and many people installed the system with the default account name and empty password. (No need to worry now, this vulnerability has been fixed long ago, this is just an example)

• The third step is to place the Trojan "backdoor"
  At this step, no matter it is a personal computer or a website server that has been scanned for vulnerabilities, as long as the hacker can successfully invade, he will have the operating authority to download and plant (install) the Trojan virus. After the Trojan virus backdoor is configured, the computer will start to send information to the network device specified by the hacker or be directly controlled by the hacker. At this time, the "Trojan horse" hidden in your device can control your computer at any time to do anything within the permissions it has obtained.

3. The dangers of becoming a "broiler chicken"

• Monitor and collect all text you input and transmit, including: any account password, private key, mnemonic phrase, verification code.
  

• View and download any file on your computer, including: private photos, documents, digital currency wallet data, ID photos...
  

• Use "zombies" to occupy the CPU and GPU for "mining".
  

• Using a "zombie machine" as a proxy network springboard means using the "zombie machine"'s IP to do illegal things. After the incident is exposed, the police are not looking for the hacker, but the owner of the machine.
  

• In the most private space, use the camera of the "chicken" to take private photos of the legal owner of the "chicken".
  

• Use a mobile phone "zombie" to make calls and send and receive text messages.
  

• When a large number of bots are controlled, powerful attacks can be launched on blockchain networks and exchanges, thereby affecting the price of digital currencies.

Why can hackers succeed so easily?

1. Developing the "broiler chicken" business for more than 20 years

This story started more than 20 years ago. The development of the Internet was accompanied by various system loopholes, and various hackers who exploited loopholes were born. Just like the DOS operating system with a certain technical threshold used in early computers, the early hacker threshold may have been very high. With the emergence of graphical Windows, graphical hacker tools were also born, and the hacker threshold was instantly lowered. Even basic computer knowledge is needed to operate various tools.

Early hacker tools (zombie-style) were designed by some network administrators to facilitate the management of a large number of machines on the network. However, like "cleavers", these tools become dangerous when they fall into the hands of people with ulterior motives. Technology is innocent, and the evil ones are those who use technology to do bad things.

In 2001, a remote control tool software called "Gray Pigeon" was born. It is a graphical network management tool that allows one machine to act as a server and manage a large number of machines (clients) at the same time. Yes, this is the most well-known, popular and shocking "zombie" control tool in China.

Don't worry about the powerful "Gray Pigeon" client. The virus has been blocked by major antivirus software manufacturers in the past few years and is basically no longer a threat.

It was originally a normal tool, but some people with ulterior motives and certain software decompilation skills modified it and added a protective shell to the generated client virus, making it impossible for antivirus software to detect and kill it. In the following years, the number of variants of the "Grey Pigeon" Trojan virus exceeded 3,000. It was not until after 2005 that the huge losses and special events caused by the "Grey Pigeon" virus attracted media attention, and then the public's attention. However, the "Grey Pigeon" virus continued to spread and develop for many years.

Those events that caused uproar in the media and public opinion

2. Vulnerabilities are everywhere

In fact, in the final analysis, the reason why hackers can easily succeed, and succeed in large numbers, is mainly because of the vulnerabilities of various systems. Among the thousands of vulnerabilities, when a major vulnerability is discovered, it takes a long time to patch or upgrade all systems. During this period, hackers have a carnival. For example, the "3389" vulnerability mentioned above can exist for several years. When the old vulnerabilities are patched, new vulnerabilities emerge. Some vulnerabilities are not discovered until more than ten years later! In the figure below, the largest Windows system vulnerability in history has been discovered, affecting the range from Win95 to Win10, for more than 20 years.

3. Careless users and network administrators
In fact, many system vulnerabilities are not entirely due to defects. They were originally just normal functions, but because users are lazy and want to save trouble, coupled with a careless network administrator, a large loophole is formed for hackers to exploit.

Various Windows systems without passwords, simple digital passwords that can be guessed at random, random downloads of various cracked and pirated software, random opening of email attachments from strangers, etc., these are not system vulnerability issues, but security awareness issues. In recent years, universities, enterprises, hospitals and other institutions have been repeatedly invaded by Bitcoin ransomware viruses, mostly due to the carelessness of their network administrators and the lack of attention of users to security issues.

How to refuse to become a broiler

Important website URLs must be checked to see if they have HTTPS and confirm whether they are normal. It is best to remember important URLs and use HTTPS:

Regarding the above situation where the correct URL may be a fake website, if we pay attention to using HTTPS to access it after confirming that the URL is correct, if the URL entered is https://xxxxx.com instead of directly entering xxxx.com; then the webpage that comes out will definitely not be a fake website. Because in addition to encrypting the transmission of data content, HTTPS also has an authentication function. If a website wants to open https service, it needs to apply for a certificate. When a domain name corresponds to a certified server, the browser will usually prompt for safe access, otherwise the browser will prompt you that the server you are currently visiting does not match the certificate and is not a safe website. So you will find that some important websites, banks, exchanges, wallets, all use https secure links.

When the domain name access or DNS is hijacked, the website will prompt that it is unsafe and refuse to display the web page.

After returning to normal, you can see the security prompt and the correct web page is displayed