What do hackers mean when they often say broiler? What does it do?

What is a computer "broiler"

The so-called computer broiler is a remote computer with administrative rights. That is, a remote computer controlled by someone else. A broiler can be a variety of systems, such as win, linux, unix, etc.; it can also be a server of a company, enterprise, school or even a government army. Generally speaking, a broiler is a Win2K system server with port 3389 opened, so It is best to close port 3389 when there is no need to open it.

Broiler chickens are generally sold by hackers at prices ranging from 0.08, 0.1 yuan to 30 yuan.

To log in to the broiler, you must know three parameters: the IP of the remote computer, user name, and password.

When it comes to broilers, we have to talk about remote control. Remote control software such as Gray Pigeon, Shangxing, etc.

Broilers are not the kind that are eaten. They are machines that are infected with Trojan horses or have backdoors and can be controlled remotely. Many people now call machines with WEBSHELL permissions "broilers".

No one wants their computer to be controlled by others, but many people's computers are almost undefended and can easily be completely controlled by remote attackers. Your computer therefore becomes meat on someone else's chopping board, and others can eat it as they please, hence the name broiler (machine).

[Edit this paragraph] How to detect whether you have become a broiler

Pay attention to the following basic situations:

1: Abnormal login reminders from QQ and MSN ( The system prompts that the last login IP does not match)

2: When logging in to an online game, it is found that the equipment is missing or does not match the location when it was last offline, or even unable to log in with the correct password.

3: Sometimes you will suddenly find that your mouse does not obey your commands. When you don't move the mouse, the mouse will move and you will click the relevant buttons to operate.

4: When surfing the Internet normally, it suddenly feels very slow and the hard disk light is flashing, just like you are usually COPYing files.

5: When you are about to use the camera, the system prompts that the device is in use.

6: When you are not using network resources, you find that the network card light keeps flashing. If you set it to display status after connection, you will also find the network card icon in the lower right corner of the screen flashing.

7: A suspicious process service was issued from the service queue.

8: Users with broadband connections receive abnormal data packets when the hardware is turned on but not connected. (There may be programs connecting in the background)

9: The firewall has lost control of some ports.

10: The computer restarts while surfing the Internet.

11: A splash screen appears when uninstalling some programs such as anti-virus software and firewalls (the uninstallation interface flashes by, and then reports completion.)

12: Some programs that users trust and frequently use (QQ`antivirus) after uninstalling. The catalog text still exists and will be automatically generated after deletion.

13: An inexplicable dialog box pops up while the computer is running or when it is turned on.

The above phenomenon is basically subjective and not very accurate, but you need to be reminded to pay attention.

14: You can also enter NETSTAT -AN under CMD to check whether there are suspicious ports, etc.

Next, we can use some software to observe network activities to check whether the system has been Invasion.

1. Pay attention to check the working status of the firewall software

For example, Kingsoft Internet Security. On the network status page, the currently active network connections will be displayed. Check the relevant connections carefully. If you find that software you are not using is connecting to a remote computer, be careful.

2. It is recommended to use tcpview, which can clearly view the current network activity status.

The results of general Trojan connections can be viewed through this tool.

The general Trojan connection mentioned here is different from some carefully constructed rootkit Trojans that use more advanced hiding techniques and are not easy to be discovered.

3. Use Kingsoft cleaning experts for online diagnosis, paying special attention to the process items of comprehensive diagnosis

Cleaning experts will conduct a security assessment on each item. When encountering unknown items, you need to Be especially careful.

4. Clean up the process manager of the expert treasure box

It can search for suspicious files and help you simply check where dangerous programs are located

[Edit this paragraph] How to avoid Your own computer becomes a "broiler"

1. Close high-risk ports:

In the first step, click the "Start" menu/Settings/Control Panel/Administrative Tools, double-click to open "Local Security" Policy", select "IP Security Policy, on local computer", right-click the mouse in a blank space in the right pane, a shortcut menu will pop up, select "Create IP Security Policy", and a wizard will pop up. Click the "Next" button in the wizard to name the new security policy; click "Next" again, the "Secure Communication Request" screen will be displayed. On the screen, remove the check mark to the left of "Activate Default Corresponding Rules" and click " Done button creates a new IP security policy.

In the second step, right-click the IP security policy, in the "Properties" dialog box, remove the check mark to the left of "Use Add Wizard", then click the "Add" button to add a new rule, and then The "New Rule Properties" dialog box pops up, click the "Add" button on the screen, and the IP filter list window pops up; in the list, first remove the check mark on the left side of "Use Add Wizard", and then click the "Add" button on the right side. Add new filter.

The third step is to enter the "Filter Properties" dialog box. The first thing you see is addressing. Select "Any IP Address" for the source address and "My IP Address" for the destination address; click "Protocol" " tab, select "TCP" in the drop-down list of "Select protocol type", then enter "135" in the text box under "To this port", click the "OK" button (as shown on the left), and add A filter that blocks TCP 135 (RPC) port is installed, which can prevent the outside world from connecting to your computer through port 135.

Click "OK" and return to the filter list dialog box. You can see that a policy has been added. Repeat the above steps to continue adding TCP 137, 139, 445, 593 ports and UDP 135, 139, 445 port and establish corresponding filters for them.

Repeat the above steps to add the blocking policy for TCP ports 1025, 2745, 3127, 6129, and 3389, establish the filter for the above ports, and finally click the "OK" button.

The fourth step, in the "New Rule Properties" dialog box, select "New IP Filter List", then click on the circle to the left to add a dot to indicate that it has been activated, and finally click "Filter" Operations tab. In the "Filter Action" tab, uncheck the "Use Add Wizard" checkbox, click the "Add" button, and add the "Block" action (picture on the right): In the "Security Measures" of "New Filter Action Properties" tab, select "Block" and click the "OK" button.

The fifth step is to enter the "New Rule Properties" dialog box and click "New Filter Action".

A dot will be added to the circle on the left to indicate that it has been activated. Click "Close" button to close the dialog box; finally return to the "New IP Security Policy Properties" dialog box, check the left box of "New IP Filter List", and press the "OK" button to close the dialog box. In the Local Security Policy window, right-click the newly added IP security policy and select Assign.

After restarting, the above-mentioned network ports in the computer will be closed. Viruses and hackers can no longer connect to these ports, thus protecting your computer.

2. Apply patches in time and upgrade the anti-virus software

Broiler predators usually use the "Gray Pigeon" virus to control your computer. It is recommended to use the Gray Pigeon special killing software to kill the virus. .

3. Check the system frequently

Always check the anti-virus software, firewall directory, services, registry and other related items on your computer.

Hackers often hide or plant Trojans into these programs by taking advantage of users' trust in them.

Be wary of system-property DLLs appearing in these directories. (May be used for DLL hijacking)

Be wary of pagefile.sys. (This file is originally a virtual page swap file. It can also be used to hide files. Check the system's page file. Do the drive letters correspond to them?)

4. There is a huge risk in pirated Windows XP

If your operating system is installed by other technicians, or it may be pirated XP, such as when it is installed on your computer The latest version of the merchant, Tomato Garden XP, Rainwood Forest Wind XP, Tornado XP, etc. Many of these systems are installed unattended. The installation steps are very simple. You put the CD into your computer, go out to have tea, and when you come back you may find that the system has been installed.

What is the biggest flaw of such a system? It is obvious that the administrator password of such a system is blank and the system logs in automatically. In other words, anyone can try to log in to your system with an empty password, and distance is no obstacle to the Internet at all.

5. Use mobile storage devices with caution

Before the development of the Internet, the spread of viruses relied on floppy disks, which later gave way to the Internet. Nowadays, the public increasingly uses mobile storage devices (mobile hard drives, USB flash drives, digital memory cards) to transfer files, and these mobile storage devices have become an important channel for the spread of Trojans. Computer users usually call such viruses [1][2][3]U disk viruses or AUTO viruses. This means that the action of inserting a USB flash drive can spread the virus from one USB flash drive to another computer.

6. Safe Internet surfing

One of the important reasons for becoming a broiler is to browse unsafe websites and distinguish which websites are safe and which are unsafe. For ordinary users, is very difficult. There is also the possibility that a normal website may be invaded and a Trojan horse installed, and there is also the risk that any web page visited will download a Trojan horse after being attacked by ARP.

There is always a chance of downloading Trojans from the Internet. No one can avoid it and can only mitigate this risk.

The security of browsers needs special attention. Vulnerabilities in browsers and browser plug-ins are the favorites of hackers. Flash player vulnerabilities are plug-in vulnerabilities. This kind of vulnerability is cross-browser platform, any This risk may exist wherever flash player is used.

[Edit this paragraph] Self-rescue methods after becoming a broiler

1. Users who are surfing the Internet should disconnect immediately if they find an abnormality

If you find IE often asks you whether to run certain ActiveX controls, or generates inexplicable files, or asks about debugging scripts, etc. You must be vigilant, you may have been tricked. There are two typical cases of Internet intrusion:

First, the default home page or title of the browser is modified when browsing some web pages with malicious code, which is considered light; You can format the hard drive or make your Windows keep opening windows until it runs out of resources and crashes - this situation is much worse, and your unsaved and already placed data on the hard drive may be partially or completely lost.

The second is the potential outbreak of Trojan horses or worm viruses, which will allow your machine to continuously send your privacy to the outside world, or use your name and email address to send spam to further spread the virus; There are also manual intrusions by hackers, snooping into your privacy or deleting and destroying your files.

Self-rescue measures: Disconnect immediately, so as to reduce your own losses and avoid spreading the virus to more online computers. Please do not restart the system or shut down the system immediately. Please refer to the following article for further handling measures.

2. After being infected, you should immediately back up and transfer documents, emails, etc.

It is natural to run anti-virus software after being infected, but in order to prevent the anti-virus software from accidentally killing or deleting you You should back up unfinished documents and important emails to other storage media first. Some files with long file names and unprocessed emails require backup under Windows, so the author above recommends that you do not exit Windows yet, because once the virus attacks, you may not be able to enter Windows.

Regardless of whether these files are poisonous or not, you should back them up and mark them as "for investigation" with a label. Because some viruses are specifically designed for a certain anti-virus software and will destroy other files as soon as they are run, backing up first is a preventive measure. After you clear the virus from your hard drive, it would be more appropriate to slowly analyze and process these additional backup files.

3. You need to run the software to kill CIH under Windows first (even in a virus-contaminated environment)

If a CIH virus is found, be careful not to follow the usual newspapers and manuals The recommended measures are to shut down the computer first, cold-start and then use the system disk to boot and then kill the virus. Instead, run the software specifically designed to kill CIH once in a virus-containing environment. If you do this, the anti-virus software may report that some files are read-write protected and cannot be cleaned. However, the actual purpose of running with the virus is not to completely remove the virus, but to minimize the damage the CIH will cause the next time it is turned on to prevent it from being used again. When the computer is turned on again, the BIOS hardware of the motherboard will be destroyed, resulting in a black screen and making it impossible to carry out the next step of anti-virus work.

4. You need a clean DOS boot disk and anti-virus software under DOS

By now, you should follow the standard manuals of many anti-virus software to do it step by step. That is, cold start after shutting down and booting with a clean DOS boot disk; in addition, since Windows may have destroyed some key files after being poisoned, illegal operations will be frequently reported, so the anti-virus software under Windows may not be able to run. So please prepare an anti-virus software for DOS just in case.

Even if you can run anti-virus software under Windows, please use two or more tools for cross-cleaning. In most cases, Windows may need to be reinstalled because viruses can destroy some files and slow down the system or cause frequent illegal operations. For example, even if CIH is killed, Microsoft's Outlook email program still responds slowly. It is recommended not to be biased against a certain type of anti-virus software. Due to the different focus during development and the use of different anti-virus engines, various anti-virus software have their own strengths and weaknesses, and the cross-use effect is ideal.

5. If you have a backup of Ghost, partition table, and boot area, it is safest to use it to restore once.

If you usually use Ghost backup to make Windows, use it to restore it. Mirror once and the operating system you get is the safest. In this way, even potential Trojan programs that have not been killed are also cleaned up. Of course, this requires that your Ghost backup is absolutely reliable. If the Trojan is also "backed up" when running Ghost, there will be endless troubles.

6. After restoring the system again, change your network-related passwords

Including the user name and password for logging into the network, email password and QQ password, etc. to prevent hackers from using the last password The password obtained during the intrusion enters your system. In addition, because many worm attacks will randomly send your information out, it is necessary to change it in time.

[Edit this paragraph] The commercial value of computer broilers

1. Stealing the virtual property of “broiler” computers

The virtual properties include: online game ID, account, equipment , Q coins in QQ account, Lianzhong’s virtual honor value, etc.

Virtual property can be cashed into real currency, no matter how much, and when accumulated, it becomes wealth.

2. Stealing the real property in the "broiler" computer

The real property includes: online banking, the popular version can make small payments. Once your online banking account is stolen, most The only thing is to pay for other people's consumption. In addition, there are many Trojans for online stock trading, such as Securities Thief. Attackers can easily obtain online stock trading accounts. Unlike bank transactions, attackers cannot directly benefit from stolen stock trading accounts. This is because of the Determined by the particularity of the transaction. Otherwise, online stock trading will definitely become a nightmare for investors.

Quite a number of ordinary computer users dare not use online banking because they do not know how to protect the security of their online banking accounts. In fact, online banking is much safer than online stock trading. When online banking is used correctly, security and convenience are guaranteed.

3. Stealing other people’s private data

Regarding the Edison Chen incident, I believe everyone knows that if ordinary people’s confidential photos and documents are posted on the Internet, the consequences will be very serious. There are many cases of using stolen victims’ private information for fraud and extortion.

There are also attackers who are keen to remotely control other people's cameras to meet the evil purpose of peeking into other people's privacy.

If business information on the victim's computer, such as financial statements and personnel files, is stolen, the attacker can seek illegal benefits.

4. The victim’s personal connections can be used to obtain illegal benefits

You may think that your QQ account is insignificant, and you have no QQ show or Q coins. In fact, this is not the case. Your QQ friends, your email contacts, and mobile phone contacts are all targets of attackers. Attackers can pretend to be you and carry out various illegal activities. Everyone’s personal connections are commercial. of value.

The most common examples are 12590 using stolen QQ accounts to send spam messages in groups to defraud money, and the MSN virus, which automatically sends messages to your contacts to defraud illegal benefits.

5. Plant rogue software on broiler computers and automatically click on ads to make money

In this case, it will affect your online experience. I believe everyone hates automatic pop-ups on computers. advertising. After controlling a large number of broilers, attackers can force pop-up advertisements to collect advertising fees from advertisers. One of the reasons for the proliferation of rogue software is that many companies purchase advertisements from rogue software developers.

Some attackers use broiler computers to secretly click on ads in the background to make money. Of course, the victim is the broiler computer.

6. Use the broiler computer as a springboard (proxy server) to launch attacks on other computers

Any attack by a hacker may leave traces. In order to better hide yourself, you must After many agent jumps, the broiler computer acted as an intermediary and scapegoat. In order to spread more Trojans, attackers may use your computer as a Trojan download site. Computers with fast Internet speeds and good machine performance are more likely to be used as proxy servers.

7. "Brother" computers are the pawns that launch DDoS attacks

DDoS can be understood as cyber gangs or cyber wars. The initiators of the war can gain profits. Some people will Acquire these internet thugs. These cyber gang members can also directly attack the target host and then extort money. "Chicken" computers are just pawns in the hands of these Internet gangs, and DDoS attacks have become a cancer on the Internet.

In short, "broiler" computers are the source of wealth for attackers. In the attacker's circle, "broiler" computers are sold around like cabbage. At the high end of the black industry chain, the controllers of these huge "broiler" computer groups have built an equally large and dark Trojan horse empire.