The hacker “Xiaoba” is on the police’s radar.
For months, this guy has been spreading Trojan horses, frantically squeezing every last drop of value out of the broiler (hacked machine).
If he plays his trick, the machine will suffer.
First, it was put up with various spam ads, and then the CPU usage of the host soared, becoming the “miners” of virtual coins mined by hackers.
The clipboard will also be monitored, and once a virtual currency transaction is made, the recipient’s address will be replaced by that of the hacker. Finally, trojans lock down computers to extort money and squeeze every last bit of value out of them.
It’s like a robbery, a robbery, and an attempt to rub the victim on the ground. In the eyes of ordinary people, capable of this kind of thing is mostly a “ruthless role”.
But Li Tiejun told me, “It just shows that the person is too young and not good enough.”
Who is Li Tiejun and why dare to say such cool words? Is he the bigger gangster?
No, he is actually an old driver who has been engaged in the Internet security industry for more than 20 years. He started doing security when my brother was still playing in the mud in open-backed pants.
This year he went to Tencent Security and is now a senior security expert at Tencent Computer Butler:
(Li Tiejun, senior security expert of Tencent Computer Butler)
“How many of the characters who are arrogant at the beginning of the movie survive half an episode?”
‘Gangsters are just like gangsters,’ he says. ‘The big guys are always careful and low-key.’
(The picture is taken from the film Kung Fu, and feng’s character dies less than two minutes after the scene appears.)
Sure enough, when police located the hacker as xiaoba, they found he was just a teenage boy.
“The bigger gangs get rich by keeping quiet, and some pay attention to user experience,” Li said.
Oh? Black industry also focus on user experience? It sounds very new.
Under the questioning of my brother, Li Tiejun told the story of another real black production big case, it is full of all kinds of SAO operation:
(1) network management, god, cash cow
Yang Bo has three identities: network manager, god and cash cow.
In the eyes of outsiders, he is just shandong Weifang “time and space net cafe” of a small network management, after college graduation will only play computer all day, do business and do not do, so can only work in Internet cafes to maintain life like this.
However, people familiar with Yang Bo know that he is a self-taught technical genius who earns several times more than his salary on the Internet side business and stays at the Internet cafe for sheer fun.
Yang bo’s first sideline was selling membership cards.
A year ago, he according to the “iQiyi” interface wrote a called “cool art VIP film and television” software, can be arbitrary broadcast youku, IQiyi and other major video site content.
He to year card, month card way to the national Internet cafe to sell their software, borrowed from the “Internet cafe alliance” convenience in the development of dozens of agents in the country, sales cover the country more than 2,000 Internet cafes, a year can sell more than 5,000 cards, earn two hundred thousand yuan is not a problem.
Yang bo’s second sideline is writing game plug-ins.
In the second half of 2017, “Eat chicken game” was on fire. The plug-in he wrote was not only fully functional, stable and more hidden, so it became the “conscience software” in the mouth of bad players (hang B).
Crucially, his plugins are free.
This strategy is well suited to the appetite of many users, plug-ins spread quite widely, creating four or five user groups is not enough.
Also because of this plug, Yang Bo became he Qiang’s eye “cash cow”.
He Qiang is the boss of a network advertising value-added service company in Dalian on the surface, actually secretly engage in network black production, special with normal software to take virus Trojan to make money.
In the second half of 2017, Yang wanted to make money by Posting ads for his plug-in program, and met He Qiang on the Internet Cafe Forum.
He qiang told Yang that as long as he was willing to bundle a software called “58 Xuntui” in the game plug-in, he would get 5 to 10 yuan for each machine according to the number of machines.
At that time, Yang bo controlled more than 30,000 units, which could earn 200,000 to 300,000 yuan. He was intrigued by the video software VIP cards he had sold for a year.
“I said brother ah, your hand machine configuration is good, used to do pop-up advertising is too wasteful, very suitable for mining.”
He Qiang guarantees with him, absolutely does not affect the user’s normal use of computer games, not easy to be found.
Yang Bo was moved, two people reached an agreement, Yang Bo became “58 fast push client” agent, also became he Qiang eyes cash cow.
(2) Buddhist black products
He Qiang did not deceive him, this “58 quick push” does not affect the normal use of users is not easy to be found, pay attention to very.
The software monitors the CPU usage in real time, and when the CPU usage falls below 50%, the mining program silently starts in the background. Once the user starts playing the game and the CPU usage exceeds 50%, the mining program automatically stops.
Compared with malware such as pop-up ads and silent installation, the mining software is indeed very “Buddhist” and users will hardly feel any impact.
However, IT is difficult for me to describe it as “good among thieves”, because the purpose of doing so is nothing more than the fear of being discovered. And even if it doesn’t disrupt usage, mining will dramatically increase power consumption and reimburse machines ahead of time, costs that will ultimately be borne by computer owners.
In order to install these mining programs, Yang Bo needed to combat anti-virus software. His method is simple and effective: simply ask the victim to turn off or uninstall the antivirus software.
“This program belongs to the plug-in program, 100% absolutely non-toxic, but may be mistakenly killed by anti-virus software, please use to close or uninstall anti-virus software, thank you!”
Similar methods are used in game plugins, crack software, video software time and again.
On some adult sites, even if the anti-virus software warning, in most cases will be ignored or removed, you know why. (This used to be a headache for security firms, and it felt like a pig teammate.)
In order to get more commissions, Yang began to promote his plugins everywhere. Community forums, union channels and social groups are good channels to spread the word, and because plug-ins are really free and easy to use, his business is booming.
On a forum for eating Chicken, Yang’s post was followed by the character “Huo”, which has been viewed and downloaded more than 10,000 times.
(One post was cut by ten thousand people and earned Nearly 100,000 yuan for Yang Bo)
At the same time, some unknown download sites are also frantically spreading this plug-in program, as long as you search the Internet “eat chicken”, “jedi Survival”, “auxiliary” and other keywords, will be directed to these download sites, slightly higher traffic has more than 100,000 downloads.
Group after group, unable to hold the people who came to deliver the money.
By December 2017, the mining Trojan had reached its peak, with 200,000 computer hosts affected that day alone, according to later statistics.
3. Praying a mantis fights a cicada
Looking at the 268,000 yuan, Yang Bo was in a mixed mood.
Although it was a lot of money, he checked the currency price at that time and found that he Qiang and their money was much more than his own.
Yang Bo came up with a plan to eat black.
He modified the program and embedded his OWN HSR coin mining code, which would be automatically transferred to his HSR wallet when the accused host mined mining coins.
He Qiang they earn a cut, a bet hundreds of thousands of hosts for their own MINING HSR coins, very comfortable.
In addition, Yang Bo also put his previous development of “cool art VIP film and TELEVISION” also installed mining procedures, so as to control more hosts for their own “mining”.
In just three months, Yang found 8,551.9 HSR coins.
Around December 2017, the price of HSR just peaked at 252 yuan per coin. According to the currency price at that time, Yang Bo’s coin was worth 2.13 million yuan.
A wave of black eat black, so that Yang Bo’s earnings increased 10 times.
However, at this point, he could only be happy, not know that a technical analysis report has been handed over to the police, he is facing prison.
Nor is it known whether the $2 million-plus price added to his later sentence.
The report was made by Tencent Guardian Project security team.
More than a month ago, Tencent computer Manager’s Secure Brain system captured a sample of programs with unusual behavior.
The researchers found that after running the sample program, it ran a blacklist check, and if there were listed programs on the host, it first prompted users to shut them down and uninstall them.
And this blacklist, most of them are anti-virus software, including some of our familiar names: QQpcmgr, 360SD, Tinder Sword, Wireshark…
When the antivirus software is turned off, the program pulls the mining program up and down from three remote servers and sets it to boot.
This is the Trojan’s most typical “white plus black” behavior, using a seemingly normal program to download and activate another suspect program.
After layers of analysis, the researchers figured out how the suspect program worked and submitted all clues in the form of a report to the Police in Weifang, Shandong province.
Finally, the public security authorities first controlled Yang Bo, and then transferred more than 50 elite forces rushed to Dalian, suspected of illegally controlling the computer information system he, Chen and other 16 people arrested.
At the same time, the task force quickly sorted out the offline of Dalian Shengping Network Technology Co., Ltd. and launched the arrest:
April 18, hit in Harbin Xun Bo network technology Co., LTD., arrested Zhang, Gao two suspects
On April 19, the suspect Du mou was arrested in Foshan and seized a DLL mining program…
…
An illegal control of 3.89 million computer host, illegal profit more than 15 million yuan gang collapsed, waiting for them will be a long prison sentence.
(Photo: Police arrest scene photo)
Note: In this article, Yang Bo, He Qiang, spacetime Internet cafe are aliases, others are real names
Afterword.
After talking about the case, Li Tiejun told me that to some extent, the emergence of digital currency has changed the way some black businesses collect money.
“Today’s black farmers can make money directly by digging a mine with their chickens. In the past, they were used for DDoS attacks, traffic fraud, extortion…
On the face of it, the emergence of digital currency makes the chain of cash of black property shorter, and the bad guys don’t need to hurt others directly to profit, which sounds good.
But it’s hard for me to say whether this has made the online world better or worse.
The changes of “gangsters” on the Internet are just like the changes of gangsters in the real world. They fold their edge and become introverted and cunning. This kind of evolution is just like the biological evolution, which is never good or bad, but the survival of the fittest.
What do you say?
References:
Most of this article is dictated by Li Tiejun
Qilu Evening News. Weifang Public Security Cracked the Case of Extremely Illegal Control Computer Information System
Freebuf. Install game assist Ben want to eat chicken, in the mining virus stuck to the crash”
The picture is taken from the Godfather Part II.
Finally introduce myself, I am Xie Yao, science and technology popular science author, daily is a variety of lofty technical knowledge, black science and technology speak popular and interesting. If you have any interesting technical questions, you can use Zhihu @Xie Yao or add my personal account dexter0.
Don’t want to get lost, please pay attention to [shallow black technology]!
—- Click on the image to read more great articles at —-
—- To read more, click below at —-
Light black technology, let the technology be read
