Author: ╰→ Xi Youwei Nǐ QQ: 360325414 QQ Zone: http://user.qzone.qq.com/360325414 http://user.qzone.qq.com/360325414?ADUIN=360325414&ADSESSION=1259825093&ADTAG=CLIENT.QQ.2269_MyTip.0&ptlang=2052
1. Apply for password protection from Tencent, so if the password is pojie-ed or forgotten, it can still be retrieved using the password protection feature.
2. The number of digits in a QQ password must exceed 8, and it should ideally include numbers + letters + special characters. Otherwise, with modern computing power, brute-forcing your QQ password would be as easy as pie. It's also best to change your password every so often.
3. Do not fill in real age, E-mail, or other sensitive information in QQ, and do not tell anyone, always being cautious is the way to go.
4. Do not run files sent by others at will, even if those files look tempting, don't easily run them. Such files often hide secrets and dangers that are not to be disclosed.
5. When surfing the Internet at an Internet cafe, make sure to delete QQ chat records before leaving. It’s best to delete the folder named after your QQ number entirely and empty the recycle bin.
6. Pay attention to using the latest version of QQ. Most attacks on QQ target specific versions, and their updates won’t be faster than QQ’s version upgrades.
7. Hide your real IP address, surf the web through a proxy server to reduce the chances of being discovered, thereby avoiding attacks from others. Of course, this trick doesn't work too well against hacker experts, but fortunately, there aren't many of them.
8. Prepare two commonly used passwords in advance. When logging into QQ, use one, then right-click the QQ icon in the lower-right corner of the screen, choose "Personal Settings" → "Network Security" → "Change Password", input the other pre-prepared password in the "New Password" field, then click "OK" to save the changes. This can prevent most QQ Trojans because they mostly only record the password you input when logging in, but fail to record the password modified before logging off.
—Happy Yi Shop http://shop58557207.taobao.com
Below we firmly and thoroughly crush the conspiracy of QQ account theft.
Many friends have experienced QQ account theft. Even after using the "Password Protection" function to get it back, all Q Coins inside have already been plundered by the thief. In more malicious cases, the thief might delete all your friends, causing your friends to leave you forever. Have you thought about counterattacking? What, counterattack? Don't joke around, we're just rookies, not hackers. We only know how to browse web pages and chat, not even knowing how our QQ accounts were stolen, let alone what we could do to the thieves. Actually, the so-called "hackers" who like stealing accounts merely use some ready-made theft tools. As long as we understand the process of QQ account theft, we can take corresponding precautions, or even turn defense into offense and deliver a fatal blow to the thieves.
I. Know Yourself and Your Enemy - Theft Techniques Are No Longer Mysterious
Nowadays, there are very few continuously updated QQ account theft software left. Among them, the most famous and widely spread one is undoubtedly "Ah La QQ Thief". Currently, the majority of QQ account theft incidents are caused by this software. The usage conditions of the software are very simple, as long as you have an email box that supports smtp sending or a web space that supports asp scripts. Moreover, this Trojan can automatically classify the stolen QQ accounts into beautiful numbers and non-beautiful numbers, and send them to different mailboxes respectively, which is one of the reasons why "Ah La QQ Thief" is so popular. Next, let us first understand its working principle, so as to find a good way to counterattack.
1. Selecting the Account Theft Mode
Download "Ah La QQ Thief", unzip it, and there will be two files: alaqq.exe, Love Eternal, Love Nanny qq.asp. Among them, alaqq.exe is the configuration program of "Ah La QQ Thief", and Love Eternal, Love Nanny qq.asp is the file needed when using the "Website Receipt" mode. Before formal use, it is also necessary to set its parameters.
"Email Receipt" Configuration: Run alaqq.exe, and the program's configuration interface will appear. In the "Mail Sending Mode Selection" option, select "Email Receipt", and fill in the email address in the "Email Receipt" (it is recommended to use the default 163.com NetEase mailbox provided by the program). Here, take the email [email protected] (password n_12345) as an example to introduce the configuration and test in the "Email Receipt" mode. In addition, different email addresses can be filled in the "Recipient Box (Beautiful)" and "Recipient Box (Common)" to receive QQ beautiful numbers and ordinary QQ numbers respectively. Then, select the corresponding smtp server of your email box in the "Mail Sending Server" drop-down box, which is smtp.163.com here. Finally, fill in the sender's account, password, and full name. After setting is complete, we can test whether the filled content is correct by clicking the "Test Email" button below. The program will display the email test status. If all test items show success, the email information configuration can be completed.
"Website Receipt" Configuration: In addition to choosing the "Email Receipt" mode, we can also choose the "Website Receipt" mode, allowing the stolen QQ numbers to be automatically uploaded to the specified website space. Of course, some preparations need to be made before use.
Use FTP software to upload Love Eternal, Love Nanny qq.asp to a space that supports ASP scripts, run alaqq.exe, and enter the URL address of Love Eternal, Love Nanny qq.asp in the "Asp Interface Address". Then, when the Trojan intercepts QQ number information, it will save it in the qq.txt file under the same directory as Love Eternal, Love Nanny qq.asp.
2. Setting Trojan Additional Parameters
Next, we perform advanced settings. If you check "Close QQ after running", once the other party runs the Trojan generated by "Ah La QQ Thief", QQ will automatically close after 60 seconds. When the other party logs into QQ again, his QQ number and password will be intercepted by the Trojan and sent to the thief's email or website space. In addition, if you hope that the Trojan can be used in the Internet cafe environment, you need to check "Restore Spirit Auto Transfer" to ensure that the Trojan can still run after the system restarts. Except for these two, keep the rest default.
3. Stealing QQ Number Information
After configuring "Ah La QQ Thief", click "Generate Trojan" in the program interface to generate a Trojan program that can steal QQ numbers. We can disguise this program as pictures, small games, or bundle it with other software for distribution. Once someone runs the corresponding file, the Trojan will hide in the system. When there is a QQ login in the system, the Trojan will start working, intercepting relevant numbers and passwords, and sending these information to the email or website space according to the previous settings.
II. Sharpening Our Eyes - Letting the Trojan Have Nowhere to Hide in the System
Now, we have understood the general process of "Ah La QQ Thief". So, how can we discover "Ah La QQ Thief" in the system? Generally speaking, if you encounter any of the following situations, you should be careful.
· QQ closes automatically.
· A program disappears after running.
· Antivirus software closes automatically after running a certain program.
· Browser closes automatically when visiting antivirus software websites.
· If the antivirus software has mail monitoring function, a warning box appears indicating that a program is sending mail.
· If a network firewall (such as SkyNet Firewall) is installed, a warning appears indicating that NTdhcp.exe is accessing the network.
If one or more of the above situations occur, the system may have been infected with "Ah La QQ Thief". Of course, being infected with a Trojan is not scary, we can also clear it out of the system.
1. Manually removing the Trojan. After discovering that the system is infected with "Ah La QQ Thief", we can manually remove it. "Ah La QQ Thief" generates a file named NTdhcp.exe in the system32 folder of the system directory after running, and adds the Trojan's key value to the startup item in the registry, so that the Trojan can run every time the system starts. First, we need to run "Task Manager" and end the Trojan process "NTdhcp.exe". Then open the "Folder Options" in the Explorer, select the "View" tab, and uncheck the "Hide protected operating system files" option. Then enter the system32 folder in the system directory and delete the NTdhcp.exe file. Finally, enter the registry and delete the NTdhcp.exe key value, which is located at HKEY_LOCAL_MACHINE Software Microsoft Windows Currentversion Run.
2. Uninstalling the Trojan. Uninstalling "Ah La QQ Thief" is very simple, just download the configuration program of "Ah La QQ Thief", run it, and click the "Uninstall Program" button to completely remove the Trojan from the system.
III. Retreat to Advance - Delivering a Fatal Blow to the Thieves
After all the hard work, we have finally completely removed "Ah La QQ Thief" from the system. So, facing the hateful account thieves, shouldn't we give them a lesson?
1. Exploiting Vulnerabilities - Turning Defense into Offense
Here, the so-called "offense" does not mean directly intruding into the thief's computer. I believe such "technical jobs" are not suitable for everyone. Here, we just start from the vulnerabilities that almost all theft software has, thus giving the thief a lesson.
So what is this vulnerability?
From the previous analysis of "Ah La QQ Thief", we can see that the email account and password for receiving QQ number information are filled in the configuration part, and both the email account and password are saved in plain text in the Trojan program. Therefore, we can find the thief's email account and password from the generated Trojan program. Thus, we can easily control the thief's email, making the thief lose instead of gain.
Note: The above vulnerability only exists in Trojans that send QQ number information via email. If the "Website Reception" method is selected during the configuration of "Ah La QQ Thief", this vulnerability does not exist.
2. Network Sniffing - Reclaiming the Thief's Email
When the Trojan intercepts QQ numbers and passwords, it sends this information to the thief's email in the form of emails. We can start from here and intercept the network data packets during the Trojan's email sending process. The captured data packet contains the account and password of the thief's email. We can use some network sniffing software to capture data packets, and these sniffing software can easily capture data packets and automatically filter out password information.
· x-sniff
x-sniff is a command-line sniffing tool with powerful sniffing capabilities, especially suitable for sniffing password information in data packets.
Unzip the downloaded x-sniff to a certain directory, for example "c:", then run "Command Prompt", enter the directory where x-sniff is located in "Command Prompt", and then enter the command "xsiff.exe -pass -hide -log pass.log" (command meaning: run x-sniff in the background, filter out password information from the data packet, and save the sniffed password information to the pass.log file in the same directory).
After the sniffing software is set up, we can normally log in to QQ. At this point, the Trojan also starts running, but since we have already run x-sniff, all the information sent by the Trojan will be intercepted. After a while, enter the folder where x-sniff is located and open pass.log, and you can find that x-sniff has successfully sniffed the email account and password.
· sinffer
Many friends may have a sense of fear about command-line stuff, so we can use graphical sniffing tools to sniff. For example, sinffer suitable for beginners.
Before running sinffer, we need to install WinPcap driver, otherwise sinffer will not run properly.
Run sinffer. First, we need to specify a network card for sinffer.exe, click the network card icon on the toolbar, select the network card you are using in the pop-up window, and click "OK" to complete the configuration. After confirming the above configuration, click the "Start" button on the sinffer toolbar, and the software will start sniffing.
Next, we normally log in to QQ. If sniffing is successful, captured data packets will appear in the sinffer interface, and the email account and password information will be clearly listed.
After obtaining the email account and password of the thief, we can delete all the QQ number information emails in it, or modify his email password, to give the thief a lesson, letting us rookies also be righteous.
Finally, introduce cleverly setting QQ passwords - infuriatingly overbearing malware
Blog: http://blog.sina.com.cn/u/1147175175
One should not have harmful intentions, but should not lack caution either! In today's era of rampant hackers, improving one's own level of vigilance is the top priority. But it cannot just stay as a slogan, strict technical means must be adopted. Taking the various passwords we use most frequently as an example, how can we both prevent prying eyes and avoid being secretly checked by hacking software? This article teaches you a great trick to make your password safer!
For safety reasons, the input and storage of passwords in computers are displayed as "*" signs. This way, others cannot see the content of the password. Many users think this allows them to sleep soundly, but the reality is cruel. This method of password protection only prevents honest people, not dishonest ones. Some people with ulterior motives usually use remote screen monitoring methods, combined with password viewing software, to easily restore the password. Reality forces us to adopt stricter measures.
We can use fonts that cannot be displayed by default in the system as the source characters of the password. Taking Windows 2000/XP as an example, by default, the system displays text in "SimSun", with the character set being "Simplified Chinese GB2312". If characters not included in GB2312 (such as SimSun - Founder Super Large Character Set installed with Office XP) are chosen as password characters, the system cannot correctly display these passwords, and only displays them as "□", "space", or "?" etc., even when using password viewing software, thus achieving the purpose of preventing hackers from stealing passwords. The principle is not complicated, but practical operations involve knowledge in many aspects.
1. Creating Password Characters
(1) First, obtain password characters through the "SimSun - Founder Super Large Character Set" in Office XP. Click "Start" → "All Programs" → "Accessories" → "System Tools" → "Character Map", after opening the window, select "SimSun - Founder Super Large Character Set" in the font list. Then scroll down to the "Display CJK Extension A" character range (Note: you can see the prompt at the bottom of the window), select and double-click the characters you want to use as passwords, then click "Copy", and send the password characters to the clipboard.
Small Tip: For insurance, you can first paste these characters into Notepad to confirm that the system cannot display them.
(2) Open the application that needs to set the password, and paste the above characters into the password box. For example, the characters shown in Figure 2 can be used as the QQ login password, so you don't have to worry about hackers monitoring your screen, even if he enables password viewing software, all he can see is a string of question marks.
Small Tip: Some websites, forums, or emails do not support the use of such characters as passwords, so do not use the above method to set passwords.
2. Managing Passwords
Since general input methods cannot directly input CJK extension characters, for convenience, you can use Word's hyperlink function to store or manage passwords. First, select "SimSun - Founder Super Large Character Set" from Word XP and paste the password characters into the document. Then add a hyperlink to this character, linking to the QQ program. Next time you need to change the QQ login password, just click the hyperlink in the document to start QQ, then paste this password character into the password box. In addition, this Word document should be encrypted and saved.
3. Preventing Password Reverse Decryption
To prevent people familiar with this method from reverse decrypting, you can also use the system's built-in zone code input method to input characters not encoded in the system font library, so that even if you choose "Founder Super Large Character Set", the password cannot be displayed normally (only displayed as spaces).
(1) Open Control Panel, double-click "Regional and Language Options", click "Language → Details", select "Simplified Chinese (Internal Code)" in the list of installed services, click "Add", and add it to the input method list.
(2) In places where you need to input the password, choose the internal code input method, and input codes between aaa1-afff (such as aaa2, aaa3,...), since the system font library does not have these coded characters, the system will display them as spaces. However, since the specific characters cannot be displayed, it will be more troublesome to change the password again, and you need to remember the codes entered at the time.