Professor
Professional
- Messages
- 653
- Reaction score
- 646
- Points
- 93
PROTECTION FROM HACKERS.
Content:
Enjoy reading!
Botnet - names, the most famous, what they are used for
Pavlovich:
Botnets. How many botnets are on the market now? Because I remember that botnets were large in my time 15-20 years ago. There was "Morepoza" in Spain, 12.7 million computers. What botnets are there now, and their largest name, and what are they used for?
Hacker:
I can't say about large botnets, namely by the number of users who are infected. I can say by the botnets that are on the market, which are sold and which people use everywhere. These are "Smoke", "Loader" bracket botnet, there is also Amadeus and all sorts of lesser-known Triumph, Loader, Diamond Fox botnet, well, and probably all of the most famous ones.
By the way, most of them are modular. Modular is when you can add some additional module to the main botnet. A stealer or key logger module, or a DOS module. Spam. I don’t think I’ve ever seen spam in botnets.
Pavlovich:
Well, what does the scheme look like, that is, a botnet, it turns out, I can create a botnet for myself, yes, that is, I’ll infect a million computers there, let’s say, and I’ll have a million machines under control, I can mine from them, mine crypto, let’s say, I can send spam through them, I can use them as proxy servers, if I need an IP range, I can launch a DOS attack from them. What else did I miss in this list?
Hacker:
You can upload any of your files to them, you can sell installations to other people.
Pavlovich:
That is, this computer that I have, I can sell it to other people?
Hacker:
Yes, you can, it’s not that you won’t sell it, but you’ll upload any file that you’re given to this computer. This is how dishonest install sellers work. Let's say you can infect a thousand computers, and then pour a thousand installs onto these thousand computers 20 times.
It turns out that you sent the same traffic to 20 hands, received super profit, and people are working off what was worked off a long time ago.
Pavlovich:
Well, if it is for different needs, then, in principle, I do not see a contradiction.
Hacker:
And you do not know if there are contradictions between who you are selling to. That is why it does not work out very well.
Pavlovich:
What else can be used and how much does it all cost and where do they look for it? And how do they monetize it in general?
Hacker:
Yes, there are many ways to monetize, starting from what I just said, which is selling installs. If you have a sufficient number of bots and have a good DOS module that wasn't written haphazardly, but a person really got into it, built different methods, then you can organize DOS attacks, accept orders for any servers, sites and take them down.
You can download the miner, control it, mine cryptocurrency, and earn income.
Why do they only mine Monero crypto?
Pavlovich:
By the way, why is the question right away, why do they mainly mine Monero?
Hacker:
But here, in fact, there is a small problem, I don’t know what it is connected with. Maybe the miner coders are not connected with mining, they heard once that Monero is mined, and they all take XMRigMiner, write a loader for it that launches it, and mine only on it. Although there are also video cards on computers, mining Monero on a video card in the realities of 2020 will be crazy, because there is practically no profit on Monero with a GPU.
Monero is specialized in mining on a CPU. On a processor. On a processor, yes.
Why can't coders write the same loader for another crypto, for example, for Ethereum, which has skyrocketed, and mine Monero on the CPU, and download some other miner for the GPU that is better suited for this.
Pavlovich:
For video cards.
Hacker:
Yes, different video cards have different profits on different coins. Ideally, coders should study the video card market, find out what equipment is best for mining which coin and provide a good product to the market that will mine Monero with a processor, because this is one of the more or less adequate options.
There are also all sorts of coins like Locky, Wof Nera, they are also on Crypto Knight, on the Crypto Knight algorithm, which Monero is based on, but their profitability is slightly lower, so Monero is usually mined on the GPU.
Pavlovich:
Well, that is, you simply mine a coin for greater efficiency on the CPU, which is sharpened for mining through processors, on the video card, and with the video card we mine another coin there.
Hacker:
Yes, because GPU mining Monero yields tens of times less than a processor.
Why do they rent out botnets?
Pavlovich:
That's clear. What other uses for a botnet are there, besides mining and DOS attacks?
Hacker:
Well, nothing else comes to mind. You've voiced some basic ways to monetize botnets.
Pavlovich:
So why would the owner of a botnet, he's collected and infected a million or 10 million computers, rent them out to strangers? Wouldn't it be easier to organize these DDoS attacks himself, launch mining on them himself? Or is his imagination just poor, he can't think of any additional ways to monetize them?
Hacker:
You can safely put mining on all these infected computers, you can put your own clipper that will delete competitors' clippers that will monitor the clipboard, if anything, cut off this process. And you just take and non-stop stamp money on your botnet that you were able to raise. Every day... It is much easier for you to sell 20 thousand installations there every day than to look for some buyers for a DOS attack.
But this will take more time. So, you just accepted an order, set a task in this botnet that you need to install on such-and-such computers, let's say on x32 or 64-bit, so many installations.
A plugin with a cashback service, for a million computers, the price
Pavlovich:
But if this, let's say, just now such an exotic thought has matured, if tomorrow I want to install a plugin from my cashback service in the Chrome browser on a million computers, for example. For example, how much will it cost me?
Hacker:
Well, let's say 500 thousand dollars.
Pavlovich:
So, half a dollar per user, right?
Hacker:
Well, if it's some more or less good....
Pavlovich:
It's not malicious software at all?
Hacker:
No, look, it's just that the traffic includes India, Indonesia and other tier-3 countries, they're not valued very highly. If you need more or less solvent clients from the USA, Canada, DE, FR, then you'll have to pay more than for India.
Pavlovich:
And it doesn't matter what I'm installing, a malicious program or a completely legal one. Yes. In short, half a dollar or less, let's say. You took half a dollar for rich countries, right?
Hacker:
Well, look, for the USA they generally take about a dollar or more. In general, if you take such a mix of tier-one and tier-two countries, you'll get around 0.5-0.6 dollars per installation.
Why not make your own botnet?
Pavlovich:
I understand. Why shouldn't I make my own botnet, for example? How should I, if I want to make one tomorrow, what is the best way to act?
Hacker:
Most likely, the problem for a person will be that you need to buy a product, you need to encrypt it, you need to put it on a good bulletproof server so that you don't get banned right away, and it will be quite difficult to find one, because they are all supposedly bulletproof, but in the event of any serious burdens they fly off.
Pavlovich:
Yes, the first complaints, they are bulletproof.
Hacker:
Yes, yes, yes, that's why it's a problem. Now you'll have to spend time until you find all this, until you pass all the tests, which crypto works better, what works, what doesn't, and you'll spend some money on installations. Time equals money. You can get free traffic somewhere on the same YouTube, or spam through soaps, or Discord, Telegram, but that's all time.
During this time, you could have spent some money to immediately get installations.
Pavlovich:
It's just that these computers, if I rent them, they've already been issued for all possible use cases, in fact.
Hacker:
Well, most likely, yes. There are, most likely, some bona fide sellers who sell traffic not to 10 hands, but exclusively to one. But you can't check it in any way. So that, I don't know, you don't spend... More precisely, you'll spend money anyway, no matter what you're going to buy. But there are some products that require good listening.
Or some that do not require it at all. If you have in your, so to speak, malware set Miner, Stiller and Clipper, let's call them three such backbones, then Clipper does not need listening to anyone, practically, except for the crypto. It works on its own, it does not make any requests to the Internet, it does not have any admin panels either.
Pavlovich:
But it is difficult to track, so it does not need to be redone every day, figuratively speaking, right? Yes.
Hacker:
It just is. You encrypt it once a day or a little more often, if you have a lot of installations, so that antiviruses do not start to fly off, nothing else is required. If you have a miner and a stealer, then for the stealer you need a little more maintenance, this is regular downloading of logs from the panel, because who knows, suddenly the coder who wrote the turnkey product that you bought will get scammed, and you will lose the logs.
And if it's your own, which you bought with a one-time payment, then it can be banned. They'll ban the hosting, they'll ban the panel, and you'll lose all your logs. That's why you need to regularly download all the contents. Everything that he stole. Yes. For a miner, no special listening is needed, he's also, in fact, mining for a pool.
The only thing is that there is such a utility for a miner, called XMRigProxy. It is used to prevent the pool from banning you for too many machines. If you have a thousand machines knocking somewhere at once, the pool sees it and thinks whether you've launched a DOS attack on them, or you're using a botnet, and you're banned.
And XMRigProxy, it takes on all your workers, you install this program on the server, it takes on all your thousands, ten thousand workers and sends them to the pool on its own behalf alone.
Pavlovich:
For one IP request.
Hacker:
Yes. Here you need to control the number of machines. Let's say you can't have 100 thousand miners on one server, because Windows and Linux have a limit on the number of starts. In general, there are probably no more actions in servicing this backbone.
Pavlovich:
Well, and these crypters, yes, or as you say, which need to be constantly modified in your software so that antiviruses don't detect it.
Hacker:
Yes, in fact, this is not such a big problem. But there is a well-known protector, a protector-cryptor, called Temida.
Pavlovich:
Temida?
Hacker:
Temida. It can accept commands from the console. You can quite simply write some kind of autocrypter of your own, which will be launched every hour, for example. Tamida will receive your file from the console, which you passed to it, and put the encrypted file somewhere, where you specify.
In such a non-stop mode, right? Yes, this can be set in TaskShelder every hour to execute the task. Every hour your console will start, it will transfer, or rather not a console, but rather a batch file. Transfer your file to Temida, and Temida will protect it, and then you can also use this batch file to pack your file or pack it in SimZip, in an archive, set a password and upload it somewhere to Google Drive, from where users will download it, or to your Apache server, or transfer it via FTP.
With crypto it is not such a big problem, the main thing is to sit for a couple of days with various tests, what settings the mids will give a minimum detection, and then you can, roughly speaking, not deal with crypto for a month, because you will have everything configured.
The richest hackers
Pavlovich:
And who of these different groups there, who is engaged in mining, botnets, what else we have, ransomware and other things, yes, who of them is the richest?
Hacker:
Yes, the richest, in fact, are most likely the owners of ransomware, and of the ordinary people, well, they are also most likely, because the payouts from good traffickers are on the level. If Ravel asks to make $100,000 a week, then, roughly speaking, you are unlikely to be able to make $100 thousand a week on a miner.
Pavlovich:
So you need to infect half the world with your miners, right?
Hacker:
To get it. Yes, there will be even less profit from a miner than these payments from ransomers.
Pavlovich:
And the most famous large groups of these extortionists, are they in the CIS, on a global scale, or still somewhere abroad?
Hacker:
As far as I know, the most famous affiliate program is Ravel, which, I don’t remember what ransomware they took as a basis, they bought someone’s resources, modified them. Sources. Sources, yes. By the way, there was an announcement, there was an announcement from Ravel that they needed to write a morpher for some of their modules.
Morpher is….
Pavlovich:
Which modifies.
Hacker:
Well, yes, roughly speaking, automatically of some kind. And for this they paid 250 thousand dollars for the service. And Revel found a coder who would do it, transferred the money to the guarantor, and the guarantor transferred the money to the exchange, and they cheated him out of 250 thousand dollars.
I have never seen any amounts greater than what Revel brought in on the Russian-language board, so I think we can safely say that the main groups are based here, they are Russian-speaking.
How can hackers be stopped?
Pavlovich:
And how can law enforcement, for example, block the flow of this malicious code, yes, ransomware? Or does it depend more on users, or on the special services, there, of all countries taken together?
Hacker:
It seems to me that it does not depend on users or special services at all, it depends on Microsoft, because all ransomware delete shadow copies and backups automatically and completely from their computers. So how will it delete them?
Pavlovich:
If I...
Hacker:
No, you can, well, if you have Windows, on which they all work, Windows automatically makes backup copies, which you will have to restore in case of problems. But these ransomware, they delete all the backup copies that Windows made for you, and you cannot restore.
For ransomware to cease to exist, either a certain number of years must pass, so that Microsoft prohibits the deletion of these copies, or someone must provide a good, or more profitable source of monetization of all this data.
The main methods of infection
Pavlovich:
The main method, how does a person get this ransomware on their computer and the subsequent blocking of all their files?
Hacker:
Well, it's either Brute or social engineering. Let's say we need to infect a company. We study the employees who work there, find some, let's say, the weakest link, and start to put pressure on it, put pressure, put pressure, get some information from it, and then force it to run a file, after which you get access to the network.
It is not necessary to immediately throw ransomware, you need to throw some botnet, hvnc, so that you have the opportunity to somehow continue moving, some post-exploitation is distributed mainly, probably, I said, by brute force or some target is selected and work is carried out on it.
Pavlovich:
So, but I see this mass in my chats, Arabs constantly spam APK files and other all sorts of files in Telegram. That is, maybe spam via messengers, by mail?
Hacker:
This is some kind of mass spam. Because these are APKs, these are some Android applications, Android applications, these are Android botnets. There are not many of them on the market. At least on the Russian-language market. Probably, there are still some other types of them on foreign markets.
But drawing a conclusion from the fact that even English-speaking people buy products from us on the market, then there are not many of them on their market.
Where do hackers find software for hacking?
Pavlovich:
And where is all this on the network, all this hacker stuff that you are talking about, that is, I will not look for it and I do not advise you to, but where do hackers like you find all this finished product, these affiliate programs, these lockers, shmokers and other cryptos?
Hacker:
Yes, there are somewhere, how many, 5 forums? Hacker Yes, there are some really school ones, this is LolSteam, a little better, no. At the level with LolSteam there is also Darkweb, Blackbees. These are schoolchildren who usually work on the scam on Avito, Yula and sometimes there are some ads about selling a stealer for 200 rubles and a miner for 100.
The products are completely frivolous, most likely, they were just copied from somewhere on GitHub and a builder was simply created, and they sell builders.
Pavlovich:
Anti-chat is also such a form.
Hacker:
Anti-chat is more famous, it is rather a higher level than BHW. WWH is some kind of carder or hacker forum, there are fewer scams on Avito there, although it also exists. After WHF there is exploit, exploit-in, there is also a trading domain, I don’t remember, XSS or DamageLab, wow, they are also good.
It is the same thing. No, these are two different forums, but XSS, if I'm not mistaken, is now headed by the person who previously managed the exploit. The exploit was sold to another person, and the person decided to revive DamageLab and anti-chat after the sale. These three forums, in principle, can be used as a base and for obtaining information.
Why aren't the forums banned by Roskomnadzor (RKN)?
Pavlovich:
Why aren't they banned by Roskomnadzor yet? You can access some via a direct domain.
Hacker:
XSS.is, in my opinion, was blocked by Russian surveillance, they made a backup domain .az, but I don't know what forms to access from the regular Internet, especially from your own machine, without a VPN, just forget about it. Download Tor, at least just from Tor and with VPN enabled, go to a regular domain, find an onion domain there and now only go through the onion domain, no other way
because there are people on the same lol steam and bhf, who can check logs from their IP, they also go to the forum from their IP, and all this is logged. At least, on Exploit, it seems, there are logs for the last 60 days. They are available to users, they can see from what devices they went in. And all sorts of lol steams, dark webs, blackbiz, they log for a year or more.
Why do they keep logs? Logs? Well, you could probably say that's how they identify multiple accounts. Scammers of all sorts. But that's not a very good practice, because all your users who are short-sighted, they are under threat. Because if your servers are seized... Sooner or later they will be seized. Most likely, sooner or later they will come to everyone.
If they are seized, they will have problems. Perhaps, this is how the administrators relieve themselves of some kind of irresponsibility. Let's say the Ministry of Internal Affairs comes to you and says that they need to find this person, he is on your forum. You take it, open the logs, look at all the logins, provide them, and thus... You get an indulgence.
Pavlovich:
For further work.
Hacker:
Yes, you have a chance to live as long as they need you. When you are no longer needed, they will take you too. It is easier to leak someone than to have problems.
Are the forum owners "leaking" someone?
Pavlovich:
So, it is possible at the level of suspicion that the forum owners are leaching someone else, right?
Hacker:
Quite. And not only the owners, access to these logs is available to all sorts of moderators and such not very smart people, to whom the authorities can also boldly come, and they will leak without problems, and then they themselves will go to jail.
Pavlovich:
Well, and the data center, of course, where you rent your server has one.
Hacker:
Yes. Yes, doprekhov. I think that if they come to you, and you do not leak what they ask, then you will simply be removed from the server. And they will be given back without problems, because the data center does not need such problems, and you do not particularly need it.
Where are hacker forums "hosted"?
Pavlovich:
And where are such forums usually hosted then? How do they choose the hosting? Well, they assume that someone will come to them, maybe the hoster will be caught in bad faith, the special services can come, or maybe just competitors and they need a hosting that meets all three of these parameters. Where do they look for such hostings?
Hacker:
I think you won’t find such information in the public. Well, even if you make some guesses there, write to the hoster, ask if this site is located there, the hoster will send you away, won’t tell you. These are most likely not white hosters, these are some more or less people in the know who have their own servers somewhere and provide a convenient kind of service.
In essence, their own mini-data center. Yes.
What to do with the found “logs”?
Pavlovich:
Okay, let's say I've set it all up, there's some stealer, he's sold it to thousands of suckers or a million, yeah, he's just uploaded it to a million computers, and now I'm collecting logs, Facebook, I don't know, it's clear that if I steal their cookies and passwords from a crypto wallet, I'll withdraw all of that from Qiwi and other places, I'll also withdraw everything from wherever I can, but the rest of it, I don't do Facebook, for example, or logs, I don't know what's there, Google ads, for example
, I don't do it myself, I can be an arbitrageur, but what else.
Hacker:
What to do with all this good stuff? Well, first of all, it's better never to withdraw money from Qiwi or any other CIS payment systems, because all the data will 100% be leaked to the authorities at the first request. Basically, the logs are either sold to someone or given away for a percentage. Of course, you will most likely work off all your traffic on crypto queries, Less such, less profitable, let's say, from crypto you can take away 10-100 thousand dollars, but from Facebook, most likely, not.
Therefore, Facebook, in order not to waste time, not to check anything, you can give it to arbitrageurs, and Google is bought by arbitrageurs from Google, Google Ads, from Facebook, Facebook
from 4-5 dollars for 1-2 countries, 3-3 cheaper.
Pavlovich:
So it turns out that for a set of these logs from one computer I will get 4-5 dollars?
Hacker:
Yes, if you sell this one log to some person who will touch Facebook, then you will get 4-5. But if you are sure of this person, that he works only on Facebook, you can assemble some kind of your own mini-team, to whom you will give your logs. Let's say you took a person who works Facebook, took a person who works Stick, someone can work Microsoft, knock out Egifts, someone checks games and all the rest.
And you take these logs, distribute them in some order, this brings you the most money. First you gave them under Stick, you were paid a percentage from Stick, then you pass it on to Facebooker, Facer.
Pavlovich:
So you stole information there from someone else's computer and just give it to different groups of your tame, right? These steal from this log, they saw that you stole crypto here yourself, these stole PayPal from it, these stole the entire balance from Facebook, drained it, these eventually sold it on Facebook Instagram account for a couple of dollars.
Hacker:
Yes, you can safely sell, or sell for a certain percentage, no, not a percentage, for a certain amount. Facebook 5, Google 2, PayPal also 5, 7, 10, depending on the country. You can agree with someone on work for a percentage. Roughly speaking, 50 to 50, 60 to 40.
And you just throw off the logs, the person processes them, provides you with some kind of report on the work done and pays what he managed to get from it.
YouTube for malicious purposes
Pavlovich:
Steal, to be honest. How is YouTube involved in this scheme? We are on YouTube, right? How can YouTube be used for such malicious purposes?
Hacker:
First of all, YouTube, you can, well, after being infected with a stealer, you get an account on Google, and Google gives you access to YouTube, you can either upload some of your own videos, well, study them.
Pavlovich:
If you got access to someone else's channel, some normal one, right?
Hacker:
Yes. Only now YouTube, Google is tightening the screws, and you can't just go and upload some video. It will ask you to read a QR code from your phone or connect to WIFI, even if you don't have it, it will force you to go to the settings and turn it on. So you first need to relink this account to yourself. You go to Google, enter messages from Google, YouTube, and everything else into the spam filters so that they go straight to the trash bin, so that you don’t get a notification on your phone.
Then you relink your additional email, relink your mobile phone number, just change your password, clean everything up, and then you can, well, fully, so to speak, for some time until it’s restored, if they can restore it, use the YouTube channel.
You can upload your video from there, study the channel. Let’s say, if it’s gaming-themed, then upload a cheat or a cracked version of the game there and leave a link in the description or in the comments for downloading. If the channel is more technical, with all sorts of programs, it’s the same with programs.
Pavlovich:
So we’re spreading our virus through someone else’s channel and then on, right?
Hacker:
Definitely. You can spread viruses through these hijacked channels, you can try to magnetize them in a different way. Recently there was a topic about crypto scam, so to speak, fake broadcasts were launched, looped, where some famous personalities in the crypto world give some interview. It was placed in one part of the screen, at the top left.
On the right there was, let's say, some microtext. You slightly lower their photos, who is taking the interview, who is giving it. And at the very bottom right part of the screen there was text that send one bitcoin to this wallet, get two back. Only for this you still need to wind up viewers for the broadcast, so that your stream is not somewhere in the top 30, but it is higher.
This gave more trust, wind up likes, dislikes. YouTube accounts are also used for this. They are loaded into the software that you ordered or were able to buy somewhere. And from them, in fact, this broadcast is viewed, which is pushed, and you also get money if someone sends.
Pavlovich:
So it's just a boost, it turns out, of viewers for your Internet stream, YouTube stream.
Hacker:
Yes, you use hijacked accounts to boost a stream and some really cool channel, let's say, which has millions of views, millions of subscribers, you could launch a stream from it on crypto, I don't know, on any program that can bring you traffic and push it up, but with crypto it sounds more solid, because you'll get more money. Than infections.
And here, you know, there are other things. You can advertise a landing page, like your own, which brings traffic. You can have some kind of affiliate program there. There are also all sorts of exploit kits that, when a person enters the site, download and launch a file without his knowledge. This will also bring you traffic.
And from Google you can send to such an infected landing page, your share of traffic will bring more traffic, so to speak, you will have it endlessly.
Someone else's account for adult content
Pavlovich:
So you either leak ads from hijacked Facebook and Google accounts to your own page with an exploit pack, and thus infect even more user computers?
Hacker:
Yes, only these exploit packs work on Internet Explorers. Google Chrome, Mozilla, Opera, they are protected from this. Previously, there were probably RCE and others that allowed you to do this in Chrome, but now there are probably some 0-day methods, but they are unknown, and if they are known, no one sells them because it is profitable to use them yourself.
And Internet Explorer has not been updated for a long time, nothing happens to it, because Microsoft Edge was released.
Pavlovich:
But some people still have Internet Explorer, right?
Hacker:
Yes, some percentage of people have Internet Explorer, and you can drive traffic this way.
Pavlovich:
Well, you can transfer ads from other people's Facebook and Google accounts to an affiliate program, I don't know, they sell Viagra, some generic Viagra, or to porn traffic, that is, where you get paid for each subscription. That is, well, it's not a problem, right? If you already have someone else's advertising account, then you can transfer it to anything there very quickly.
Hacker:
Yes, they are mainly bought by all sorts of arbitrageurs in large quantities, they swing it, warm it up and transfer the traffic. Or there are some smart links to affiliate programs that sell something, which themselves analyze the user and offer him what he is most likely to like and, in fact, opens such a page.
How to protect yourself from viruses?
Pavlovich:
But there are smart links in affiliate programs, for example, there is a sex dating type, they open there from the side you need, analyze, that is... Yes-yes-yes. And how can an ordinary user, like me, protect himself, yes, and all this and the virus on this evil spirit.
Hacker:
It seems to me that first of all it is necessary not to download hacked programs from the Internet.
Pavlovich:
Well, so you mean looking for Microsoft Office and Photoshop on torrents or what?
Hacker:
It's not worth it. It's better to resort to Google Sheets or some Google Docs. If you need an office, Google provides an excellent service. If you can't afford to buy it, then look for some analogues that are completely white, no need to look for any keygens and download cracked versions. Either buy it or look for a free adequate analogue.
Pavlovich:
When I had a keygen, any, recently, my assistant needed to install Microsoft Office, well, he downloaded a generator of these serial numbers for the office, for Microsoft Office, from a tracker, I threw it on VirusTotal, it showed me 35 different viruses there.
Hacker:
Well, yes, secondly, if you still decide to download some cracked software, throw the keygen on VirusTotal and look at the detections that are written there because there will probably be all sorts of HackTool. HackBox, keygens are normal detections for this software, because it obviously carries something like that.
But you should pay attention to the detections that are marked as miner, stealer, gen-32 and so on.
Pavlovich:
So you mean that when we throw the keygen itself, this serial number generator, onto the Total virus, because of its slightly such nature it bypasses these office protections, that is, in any case, even if it does not create any third-party viruses, the Total virus will define it as a malicious program, right?
Hacker:
Yes, it will have some number of detections. But you should be wary of gluing this keygen with malware. Then the number of detections will either be off the charts if the person does not monitor the crypto, and if he does, it will be low. You can't trust this either, so you need a good antivirus on your computer so that you can run it. Even if you believed there, there are all sorts of antiviruses with a firewall, they will tell you what, where this software makes a request.
Let's say, the software after launching starts sending some packets to an unknown resource. Something is wrong here. Or this software is thrown onto a virtual machine, ideally to watch the traffic, sniff it with a wireshark.
Pavlovich:
But an ordinary user is unlikely to do this.
Hacker:
It will, well, at least install a virtual machine, run this software there, if it opens, if it performs its function, then okay, you can still run it on the main machine.
Pavlovich:
Well, what other methods?
Hacker:
Also, if... I'm not sure that people who do not have Russian, Ukrainian and other CIS layouts listen to and watch us, it is useless to install them, because we already have them, this would protect us from those who do not work on the CIS.
Pavlovich:
Those more or less conscientious hackers, right?
Hacker:
Yes, all sorts of Chinese have already learned to add a Russian layout so that they don't get infected. Second, you need to stop saving passwords in your browsers, print kipas, lastpas and other products that serve as a password manager. Put your own separate password on it, which only you know, preferably a good one, so that, I don't know, someone doesn't come and want to get your access.
Add all your important links to resources and logins and passwords there. Then you will protect yourself from your data falling into the wrong hands.
Dubious sites
Pavlovich:
That is, it turns out that we don't download any cracked software, any keygens and the like, we use either free analogs or pay for a licensed image of Microsoft Office. Then we add a keyboard, a Russian language layout and keyboards to our computer, like if some conscientious Russian hackers hack us or try to infect us with these cryptolockers, encrypt our files and extort money, they will see that there is a Russian layout and their virus will not work automatically.
And the third thing, you say, is not to visit any dubious sites. Maybe more?
Hacker:
You shouldn't visit dubious sites from Internet Explorer. You should use some more or less adequate browser, Google Chrome, Mozilla, Opera, install Adblock or some similar one there, so that potentially unwanted resources do not open for you.
Pavlovich:
Well, and don't save passwords in the browser, yes, don't put save there, but use some password manager like keypass, lastpass and so on, which is protected by a separate password, and copy all your passwords from there, right?
Hacker:
Yes, this is the main and perhaps almost the most important rule. If you are afraid of stealers, well, you should be afraid of this, because what can't people do when they get access to your Gmail account, to your bank account.
Two-factor authentication and other methods of protection
Pavlovich:
Well, I would add there, put two-factor authentication everywhere, like I have on my YouTube channel, I have it, that is, I constantly receive all sorts of confirmations on my phone, I have to confirm the same action that I do on the computer from the phone. Well, and for banking, too, accordingly.
Hacker:
Well, absolutely. If, for example, with YouTube, even if you have two-factor authentication, authorization is set to log in to your account with Google, then if your passwords, cookies were fresh at the time the virus worked, and the person also promptly logs in there for, I don’t know, a week, two, three, then they will automatically let him into your account. Perhaps he won’t be able, as I said, to delete your videos there or upload a new one, because they will knock him out of there, but to read the reply, mail opens in 99 percent of cases.
You can study the person, what he sends to whom. Also, if you have an Android smartphone, most likely, your photos are uploaded to Google Photos, you can open Google Photos, scroll through them, there may be all sorts of photos of bank cards, contacts, everything.
Yes, there is also your contact list, which is saved on the phone, so it most likely will not save.
Pavlovich:
Well, you should also install an antivirus, although it won't save you from some kind of ZRD vulnerability, some very rare, still unknown one.
Hacker:
Well, I don't think that's a threat to ordinary users.
Pavlovich:
But in general, it would be better to buy a Mac, because Macs are not as common as Windows computers, and they are simply hacked much less often, right?
Hacker:
Yes.
Aren't you afraid of going to jail?
Pavlovich:
And the last question. Aren't you afraid to sit down?
Hacker:
Put on bracelets? No. Why? Well, I have an adequately built security chain, and I'm not worried that Russian special services will be able to do anything about it.
Pavlovich:
Those who work on Ru - they come to them in the morning! Thank you!
Content:
- Botnet - names, the most famous, what they are used for
- Why do they only mine Monero crypto?
- Why rent botnets?
- Plugin with cashback service, for a million computers, price
- Why not make your own botnet?
- The Richest Hackers
- How to stop hackers?
- Main methods of infection
- Where do hackers find software for hacking?
- Why are forums not banned by Roskomnadzor (RKN)?
- Are forum owners "leaking" someone?
- Where are hacker forums "hosted"?
- What to do with the found "logs"?
- YouTube for malicious purposes
- Someone else's account for adult content
- How to protect yourself from viruses?
- Doubtful sites
- Two-factor authentication and other security methods
- Aren't you afraid of going to jail?
Enjoy reading!
Botnet - names, the most famous, what they are used for
Pavlovich:
Botnets. How many botnets are on the market now? Because I remember that botnets were large in my time 15-20 years ago. There was "Morepoza" in Spain, 12.7 million computers. What botnets are there now, and their largest name, and what are they used for?
Hacker:
I can't say about large botnets, namely by the number of users who are infected. I can say by the botnets that are on the market, which are sold and which people use everywhere. These are "Smoke", "Loader" bracket botnet, there is also Amadeus and all sorts of lesser-known Triumph, Loader, Diamond Fox botnet, well, and probably all of the most famous ones.
By the way, most of them are modular. Modular is when you can add some additional module to the main botnet. A stealer or key logger module, or a DOS module. Spam. I don’t think I’ve ever seen spam in botnets.
Pavlovich:
Well, what does the scheme look like, that is, a botnet, it turns out, I can create a botnet for myself, yes, that is, I’ll infect a million computers there, let’s say, and I’ll have a million machines under control, I can mine from them, mine crypto, let’s say, I can send spam through them, I can use them as proxy servers, if I need an IP range, I can launch a DOS attack from them. What else did I miss in this list?
Hacker:
You can upload any of your files to them, you can sell installations to other people.
Pavlovich:
That is, this computer that I have, I can sell it to other people?
Hacker:
Yes, you can, it’s not that you won’t sell it, but you’ll upload any file that you’re given to this computer. This is how dishonest install sellers work. Let's say you can infect a thousand computers, and then pour a thousand installs onto these thousand computers 20 times.
It turns out that you sent the same traffic to 20 hands, received super profit, and people are working off what was worked off a long time ago.
Pavlovich:
Well, if it is for different needs, then, in principle, I do not see a contradiction.
Hacker:
And you do not know if there are contradictions between who you are selling to. That is why it does not work out very well.
Pavlovich:
What else can be used and how much does it all cost and where do they look for it? And how do they monetize it in general?
Hacker:
Yes, there are many ways to monetize, starting from what I just said, which is selling installs. If you have a sufficient number of bots and have a good DOS module that wasn't written haphazardly, but a person really got into it, built different methods, then you can organize DOS attacks, accept orders for any servers, sites and take them down.
You can download the miner, control it, mine cryptocurrency, and earn income.
Why do they only mine Monero crypto?
Pavlovich:
By the way, why is the question right away, why do they mainly mine Monero?
Hacker:
But here, in fact, there is a small problem, I don’t know what it is connected with. Maybe the miner coders are not connected with mining, they heard once that Monero is mined, and they all take XMRigMiner, write a loader for it that launches it, and mine only on it. Although there are also video cards on computers, mining Monero on a video card in the realities of 2020 will be crazy, because there is practically no profit on Monero with a GPU.
Monero is specialized in mining on a CPU. On a processor. On a processor, yes.
Why can't coders write the same loader for another crypto, for example, for Ethereum, which has skyrocketed, and mine Monero on the CPU, and download some other miner for the GPU that is better suited for this.
Pavlovich:
For video cards.
Hacker:
Yes, different video cards have different profits on different coins. Ideally, coders should study the video card market, find out what equipment is best for mining which coin and provide a good product to the market that will mine Monero with a processor, because this is one of the more or less adequate options.
There are also all sorts of coins like Locky, Wof Nera, they are also on Crypto Knight, on the Crypto Knight algorithm, which Monero is based on, but their profitability is slightly lower, so Monero is usually mined on the GPU.
Pavlovich:
Well, that is, you simply mine a coin for greater efficiency on the CPU, which is sharpened for mining through processors, on the video card, and with the video card we mine another coin there.
Hacker:
Yes, because GPU mining Monero yields tens of times less than a processor.
Why do they rent out botnets?
Pavlovich:
That's clear. What other uses for a botnet are there, besides mining and DOS attacks?
Hacker:
Well, nothing else comes to mind. You've voiced some basic ways to monetize botnets.
Pavlovich:
So why would the owner of a botnet, he's collected and infected a million or 10 million computers, rent them out to strangers? Wouldn't it be easier to organize these DDoS attacks himself, launch mining on them himself? Or is his imagination just poor, he can't think of any additional ways to monetize them?
Hacker:
You can safely put mining on all these infected computers, you can put your own clipper that will delete competitors' clippers that will monitor the clipboard, if anything, cut off this process. And you just take and non-stop stamp money on your botnet that you were able to raise. Every day... It is much easier for you to sell 20 thousand installations there every day than to look for some buyers for a DOS attack.
But this will take more time. So, you just accepted an order, set a task in this botnet that you need to install on such-and-such computers, let's say on x32 or 64-bit, so many installations.
A plugin with a cashback service, for a million computers, the price
Pavlovich:
But if this, let's say, just now such an exotic thought has matured, if tomorrow I want to install a plugin from my cashback service in the Chrome browser on a million computers, for example. For example, how much will it cost me?
Hacker:
Well, let's say 500 thousand dollars.
Pavlovich:
So, half a dollar per user, right?
Hacker:
Well, if it's some more or less good....
Pavlovich:
It's not malicious software at all?
Hacker:
No, look, it's just that the traffic includes India, Indonesia and other tier-3 countries, they're not valued very highly. If you need more or less solvent clients from the USA, Canada, DE, FR, then you'll have to pay more than for India.
Pavlovich:
And it doesn't matter what I'm installing, a malicious program or a completely legal one. Yes. In short, half a dollar or less, let's say. You took half a dollar for rich countries, right?
Hacker:
Well, look, for the USA they generally take about a dollar or more. In general, if you take such a mix of tier-one and tier-two countries, you'll get around 0.5-0.6 dollars per installation.
Why not make your own botnet?
Pavlovich:
I understand. Why shouldn't I make my own botnet, for example? How should I, if I want to make one tomorrow, what is the best way to act?
Hacker:
Most likely, the problem for a person will be that you need to buy a product, you need to encrypt it, you need to put it on a good bulletproof server so that you don't get banned right away, and it will be quite difficult to find one, because they are all supposedly bulletproof, but in the event of any serious burdens they fly off.
Pavlovich:
Yes, the first complaints, they are bulletproof.
Hacker:
Yes, yes, yes, that's why it's a problem. Now you'll have to spend time until you find all this, until you pass all the tests, which crypto works better, what works, what doesn't, and you'll spend some money on installations. Time equals money. You can get free traffic somewhere on the same YouTube, or spam through soaps, or Discord, Telegram, but that's all time.
During this time, you could have spent some money to immediately get installations.
Pavlovich:
It's just that these computers, if I rent them, they've already been issued for all possible use cases, in fact.
Hacker:
Well, most likely, yes. There are, most likely, some bona fide sellers who sell traffic not to 10 hands, but exclusively to one. But you can't check it in any way. So that, I don't know, you don't spend... More precisely, you'll spend money anyway, no matter what you're going to buy. But there are some products that require good listening.
Or some that do not require it at all. If you have in your, so to speak, malware set Miner, Stiller and Clipper, let's call them three such backbones, then Clipper does not need listening to anyone, practically, except for the crypto. It works on its own, it does not make any requests to the Internet, it does not have any admin panels either.
Pavlovich:
But it is difficult to track, so it does not need to be redone every day, figuratively speaking, right? Yes.
Hacker:
It just is. You encrypt it once a day or a little more often, if you have a lot of installations, so that antiviruses do not start to fly off, nothing else is required. If you have a miner and a stealer, then for the stealer you need a little more maintenance, this is regular downloading of logs from the panel, because who knows, suddenly the coder who wrote the turnkey product that you bought will get scammed, and you will lose the logs.
And if it's your own, which you bought with a one-time payment, then it can be banned. They'll ban the hosting, they'll ban the panel, and you'll lose all your logs. That's why you need to regularly download all the contents. Everything that he stole. Yes. For a miner, no special listening is needed, he's also, in fact, mining for a pool.
The only thing is that there is such a utility for a miner, called XMRigProxy. It is used to prevent the pool from banning you for too many machines. If you have a thousand machines knocking somewhere at once, the pool sees it and thinks whether you've launched a DOS attack on them, or you're using a botnet, and you're banned.
And XMRigProxy, it takes on all your workers, you install this program on the server, it takes on all your thousands, ten thousand workers and sends them to the pool on its own behalf alone.
Pavlovich:
For one IP request.
Hacker:
Yes. Here you need to control the number of machines. Let's say you can't have 100 thousand miners on one server, because Windows and Linux have a limit on the number of starts. In general, there are probably no more actions in servicing this backbone.
Pavlovich:
Well, and these crypters, yes, or as you say, which need to be constantly modified in your software so that antiviruses don't detect it.
Hacker:
Yes, in fact, this is not such a big problem. But there is a well-known protector, a protector-cryptor, called Temida.
Pavlovich:
Temida?
Hacker:
Temida. It can accept commands from the console. You can quite simply write some kind of autocrypter of your own, which will be launched every hour, for example. Tamida will receive your file from the console, which you passed to it, and put the encrypted file somewhere, where you specify.
In such a non-stop mode, right? Yes, this can be set in TaskShelder every hour to execute the task. Every hour your console will start, it will transfer, or rather not a console, but rather a batch file. Transfer your file to Temida, and Temida will protect it, and then you can also use this batch file to pack your file or pack it in SimZip, in an archive, set a password and upload it somewhere to Google Drive, from where users will download it, or to your Apache server, or transfer it via FTP.
With crypto it is not such a big problem, the main thing is to sit for a couple of days with various tests, what settings the mids will give a minimum detection, and then you can, roughly speaking, not deal with crypto for a month, because you will have everything configured.
The richest hackers
Pavlovich:
And who of these different groups there, who is engaged in mining, botnets, what else we have, ransomware and other things, yes, who of them is the richest?
Hacker:
Yes, the richest, in fact, are most likely the owners of ransomware, and of the ordinary people, well, they are also most likely, because the payouts from good traffickers are on the level. If Ravel asks to make $100,000 a week, then, roughly speaking, you are unlikely to be able to make $100 thousand a week on a miner.
Pavlovich:
So you need to infect half the world with your miners, right?
Hacker:
To get it. Yes, there will be even less profit from a miner than these payments from ransomers.
Pavlovich:
And the most famous large groups of these extortionists, are they in the CIS, on a global scale, or still somewhere abroad?
Hacker:
As far as I know, the most famous affiliate program is Ravel, which, I don’t remember what ransomware they took as a basis, they bought someone’s resources, modified them. Sources. Sources, yes. By the way, there was an announcement, there was an announcement from Ravel that they needed to write a morpher for some of their modules.
Morpher is….
Pavlovich:
Which modifies.
Hacker:
Well, yes, roughly speaking, automatically of some kind. And for this they paid 250 thousand dollars for the service. And Revel found a coder who would do it, transferred the money to the guarantor, and the guarantor transferred the money to the exchange, and they cheated him out of 250 thousand dollars.
I have never seen any amounts greater than what Revel brought in on the Russian-language board, so I think we can safely say that the main groups are based here, they are Russian-speaking.
How can hackers be stopped?
Pavlovich:
And how can law enforcement, for example, block the flow of this malicious code, yes, ransomware? Or does it depend more on users, or on the special services, there, of all countries taken together?
Hacker:
It seems to me that it does not depend on users or special services at all, it depends on Microsoft, because all ransomware delete shadow copies and backups automatically and completely from their computers. So how will it delete them?
Pavlovich:
If I...
Hacker:
No, you can, well, if you have Windows, on which they all work, Windows automatically makes backup copies, which you will have to restore in case of problems. But these ransomware, they delete all the backup copies that Windows made for you, and you cannot restore.
For ransomware to cease to exist, either a certain number of years must pass, so that Microsoft prohibits the deletion of these copies, or someone must provide a good, or more profitable source of monetization of all this data.
The main methods of infection
Pavlovich:
The main method, how does a person get this ransomware on their computer and the subsequent blocking of all their files?
Hacker:
Well, it's either Brute or social engineering. Let's say we need to infect a company. We study the employees who work there, find some, let's say, the weakest link, and start to put pressure on it, put pressure, put pressure, get some information from it, and then force it to run a file, after which you get access to the network.
It is not necessary to immediately throw ransomware, you need to throw some botnet, hvnc, so that you have the opportunity to somehow continue moving, some post-exploitation is distributed mainly, probably, I said, by brute force or some target is selected and work is carried out on it.
Pavlovich:
So, but I see this mass in my chats, Arabs constantly spam APK files and other all sorts of files in Telegram. That is, maybe spam via messengers, by mail?
Hacker:
This is some kind of mass spam. Because these are APKs, these are some Android applications, Android applications, these are Android botnets. There are not many of them on the market. At least on the Russian-language market. Probably, there are still some other types of them on foreign markets.
But drawing a conclusion from the fact that even English-speaking people buy products from us on the market, then there are not many of them on their market.
Where do hackers find software for hacking?
Pavlovich:
And where is all this on the network, all this hacker stuff that you are talking about, that is, I will not look for it and I do not advise you to, but where do hackers like you find all this finished product, these affiliate programs, these lockers, shmokers and other cryptos?
Hacker:
Yes, there are somewhere, how many, 5 forums? Hacker Yes, there are some really school ones, this is LolSteam, a little better, no. At the level with LolSteam there is also Darkweb, Blackbees. These are schoolchildren who usually work on the scam on Avito, Yula and sometimes there are some ads about selling a stealer for 200 rubles and a miner for 100.
The products are completely frivolous, most likely, they were just copied from somewhere on GitHub and a builder was simply created, and they sell builders.
Pavlovich:
Anti-chat is also such a form.
Hacker:
Anti-chat is more famous, it is rather a higher level than BHW. WWH is some kind of carder or hacker forum, there are fewer scams on Avito there, although it also exists. After WHF there is exploit, exploit-in, there is also a trading domain, I don’t remember, XSS or DamageLab, wow, they are also good.
It is the same thing. No, these are two different forums, but XSS, if I'm not mistaken, is now headed by the person who previously managed the exploit. The exploit was sold to another person, and the person decided to revive DamageLab and anti-chat after the sale. These three forums, in principle, can be used as a base and for obtaining information.
Why aren't the forums banned by Roskomnadzor (RKN)?
Pavlovich:
Why aren't they banned by Roskomnadzor yet? You can access some via a direct domain.
Hacker:
XSS.is, in my opinion, was blocked by Russian surveillance, they made a backup domain .az, but I don't know what forms to access from the regular Internet, especially from your own machine, without a VPN, just forget about it. Download Tor, at least just from Tor and with VPN enabled, go to a regular domain, find an onion domain there and now only go through the onion domain, no other way
because there are people on the same lol steam and bhf, who can check logs from their IP, they also go to the forum from their IP, and all this is logged. At least, on Exploit, it seems, there are logs for the last 60 days. They are available to users, they can see from what devices they went in. And all sorts of lol steams, dark webs, blackbiz, they log for a year or more.
Why do they keep logs? Logs? Well, you could probably say that's how they identify multiple accounts. Scammers of all sorts. But that's not a very good practice, because all your users who are short-sighted, they are under threat. Because if your servers are seized... Sooner or later they will be seized. Most likely, sooner or later they will come to everyone.
If they are seized, they will have problems. Perhaps, this is how the administrators relieve themselves of some kind of irresponsibility. Let's say the Ministry of Internal Affairs comes to you and says that they need to find this person, he is on your forum. You take it, open the logs, look at all the logins, provide them, and thus... You get an indulgence.
Pavlovich:
For further work.
Hacker:
Yes, you have a chance to live as long as they need you. When you are no longer needed, they will take you too. It is easier to leak someone than to have problems.
Are the forum owners "leaking" someone?
Pavlovich:
So, it is possible at the level of suspicion that the forum owners are leaching someone else, right?
Hacker:
Quite. And not only the owners, access to these logs is available to all sorts of moderators and such not very smart people, to whom the authorities can also boldly come, and they will leak without problems, and then they themselves will go to jail.
Pavlovich:
Well, and the data center, of course, where you rent your server has one.
Hacker:
Yes. Yes, doprekhov. I think that if they come to you, and you do not leak what they ask, then you will simply be removed from the server. And they will be given back without problems, because the data center does not need such problems, and you do not particularly need it.
Where are hacker forums "hosted"?
Pavlovich:
And where are such forums usually hosted then? How do they choose the hosting? Well, they assume that someone will come to them, maybe the hoster will be caught in bad faith, the special services can come, or maybe just competitors and they need a hosting that meets all three of these parameters. Where do they look for such hostings?
Hacker:
I think you won’t find such information in the public. Well, even if you make some guesses there, write to the hoster, ask if this site is located there, the hoster will send you away, won’t tell you. These are most likely not white hosters, these are some more or less people in the know who have their own servers somewhere and provide a convenient kind of service.
In essence, their own mini-data center. Yes.
What to do with the found “logs”?
Pavlovich:
Okay, let's say I've set it all up, there's some stealer, he's sold it to thousands of suckers or a million, yeah, he's just uploaded it to a million computers, and now I'm collecting logs, Facebook, I don't know, it's clear that if I steal their cookies and passwords from a crypto wallet, I'll withdraw all of that from Qiwi and other places, I'll also withdraw everything from wherever I can, but the rest of it, I don't do Facebook, for example, or logs, I don't know what's there, Google ads, for example
, I don't do it myself, I can be an arbitrageur, but what else.
Hacker:
What to do with all this good stuff? Well, first of all, it's better never to withdraw money from Qiwi or any other CIS payment systems, because all the data will 100% be leaked to the authorities at the first request. Basically, the logs are either sold to someone or given away for a percentage. Of course, you will most likely work off all your traffic on crypto queries, Less such, less profitable, let's say, from crypto you can take away 10-100 thousand dollars, but from Facebook, most likely, not.
Therefore, Facebook, in order not to waste time, not to check anything, you can give it to arbitrageurs, and Google is bought by arbitrageurs from Google, Google Ads, from Facebook, Facebook
from 4-5 dollars for 1-2 countries, 3-3 cheaper.
Pavlovich:
So it turns out that for a set of these logs from one computer I will get 4-5 dollars?
Hacker:
Yes, if you sell this one log to some person who will touch Facebook, then you will get 4-5. But if you are sure of this person, that he works only on Facebook, you can assemble some kind of your own mini-team, to whom you will give your logs. Let's say you took a person who works Facebook, took a person who works Stick, someone can work Microsoft, knock out Egifts, someone checks games and all the rest.
And you take these logs, distribute them in some order, this brings you the most money. First you gave them under Stick, you were paid a percentage from Stick, then you pass it on to Facebooker, Facer.
Pavlovich:
So you stole information there from someone else's computer and just give it to different groups of your tame, right? These steal from this log, they saw that you stole crypto here yourself, these stole PayPal from it, these stole the entire balance from Facebook, drained it, these eventually sold it on Facebook Instagram account for a couple of dollars.
Hacker:
Yes, you can safely sell, or sell for a certain percentage, no, not a percentage, for a certain amount. Facebook 5, Google 2, PayPal also 5, 7, 10, depending on the country. You can agree with someone on work for a percentage. Roughly speaking, 50 to 50, 60 to 40.
And you just throw off the logs, the person processes them, provides you with some kind of report on the work done and pays what he managed to get from it.
YouTube for malicious purposes
Pavlovich:
Steal, to be honest. How is YouTube involved in this scheme? We are on YouTube, right? How can YouTube be used for such malicious purposes?
Hacker:
First of all, YouTube, you can, well, after being infected with a stealer, you get an account on Google, and Google gives you access to YouTube, you can either upload some of your own videos, well, study them.
Pavlovich:
If you got access to someone else's channel, some normal one, right?
Hacker:
Yes. Only now YouTube, Google is tightening the screws, and you can't just go and upload some video. It will ask you to read a QR code from your phone or connect to WIFI, even if you don't have it, it will force you to go to the settings and turn it on. So you first need to relink this account to yourself. You go to Google, enter messages from Google, YouTube, and everything else into the spam filters so that they go straight to the trash bin, so that you don’t get a notification on your phone.
Then you relink your additional email, relink your mobile phone number, just change your password, clean everything up, and then you can, well, fully, so to speak, for some time until it’s restored, if they can restore it, use the YouTube channel.
You can upload your video from there, study the channel. Let’s say, if it’s gaming-themed, then upload a cheat or a cracked version of the game there and leave a link in the description or in the comments for downloading. If the channel is more technical, with all sorts of programs, it’s the same with programs.
Pavlovich:
So we’re spreading our virus through someone else’s channel and then on, right?
Hacker:
Definitely. You can spread viruses through these hijacked channels, you can try to magnetize them in a different way. Recently there was a topic about crypto scam, so to speak, fake broadcasts were launched, looped, where some famous personalities in the crypto world give some interview. It was placed in one part of the screen, at the top left.
On the right there was, let's say, some microtext. You slightly lower their photos, who is taking the interview, who is giving it. And at the very bottom right part of the screen there was text that send one bitcoin to this wallet, get two back. Only for this you still need to wind up viewers for the broadcast, so that your stream is not somewhere in the top 30, but it is higher.
This gave more trust, wind up likes, dislikes. YouTube accounts are also used for this. They are loaded into the software that you ordered or were able to buy somewhere. And from them, in fact, this broadcast is viewed, which is pushed, and you also get money if someone sends.
Pavlovich:
So it's just a boost, it turns out, of viewers for your Internet stream, YouTube stream.
Hacker:
Yes, you use hijacked accounts to boost a stream and some really cool channel, let's say, which has millions of views, millions of subscribers, you could launch a stream from it on crypto, I don't know, on any program that can bring you traffic and push it up, but with crypto it sounds more solid, because you'll get more money. Than infections.
And here, you know, there are other things. You can advertise a landing page, like your own, which brings traffic. You can have some kind of affiliate program there. There are also all sorts of exploit kits that, when a person enters the site, download and launch a file without his knowledge. This will also bring you traffic.
And from Google you can send to such an infected landing page, your share of traffic will bring more traffic, so to speak, you will have it endlessly.
Someone else's account for adult content
Pavlovich:
So you either leak ads from hijacked Facebook and Google accounts to your own page with an exploit pack, and thus infect even more user computers?
Hacker:
Yes, only these exploit packs work on Internet Explorers. Google Chrome, Mozilla, Opera, they are protected from this. Previously, there were probably RCE and others that allowed you to do this in Chrome, but now there are probably some 0-day methods, but they are unknown, and if they are known, no one sells them because it is profitable to use them yourself.
And Internet Explorer has not been updated for a long time, nothing happens to it, because Microsoft Edge was released.
Pavlovich:
But some people still have Internet Explorer, right?
Hacker:
Yes, some percentage of people have Internet Explorer, and you can drive traffic this way.
Pavlovich:
Well, you can transfer ads from other people's Facebook and Google accounts to an affiliate program, I don't know, they sell Viagra, some generic Viagra, or to porn traffic, that is, where you get paid for each subscription. That is, well, it's not a problem, right? If you already have someone else's advertising account, then you can transfer it to anything there very quickly.
Hacker:
Yes, they are mainly bought by all sorts of arbitrageurs in large quantities, they swing it, warm it up and transfer the traffic. Or there are some smart links to affiliate programs that sell something, which themselves analyze the user and offer him what he is most likely to like and, in fact, opens such a page.
How to protect yourself from viruses?
Pavlovich:
But there are smart links in affiliate programs, for example, there is a sex dating type, they open there from the side you need, analyze, that is... Yes-yes-yes. And how can an ordinary user, like me, protect himself, yes, and all this and the virus on this evil spirit.
Hacker:
It seems to me that first of all it is necessary not to download hacked programs from the Internet.
Pavlovich:
Well, so you mean looking for Microsoft Office and Photoshop on torrents or what?
Hacker:
It's not worth it. It's better to resort to Google Sheets or some Google Docs. If you need an office, Google provides an excellent service. If you can't afford to buy it, then look for some analogues that are completely white, no need to look for any keygens and download cracked versions. Either buy it or look for a free adequate analogue.
Pavlovich:
When I had a keygen, any, recently, my assistant needed to install Microsoft Office, well, he downloaded a generator of these serial numbers for the office, for Microsoft Office, from a tracker, I threw it on VirusTotal, it showed me 35 different viruses there.
Hacker:
Well, yes, secondly, if you still decide to download some cracked software, throw the keygen on VirusTotal and look at the detections that are written there because there will probably be all sorts of HackTool. HackBox, keygens are normal detections for this software, because it obviously carries something like that.
But you should pay attention to the detections that are marked as miner, stealer, gen-32 and so on.
Pavlovich:
So you mean that when we throw the keygen itself, this serial number generator, onto the Total virus, because of its slightly such nature it bypasses these office protections, that is, in any case, even if it does not create any third-party viruses, the Total virus will define it as a malicious program, right?
Hacker:
Yes, it will have some number of detections. But you should be wary of gluing this keygen with malware. Then the number of detections will either be off the charts if the person does not monitor the crypto, and if he does, it will be low. You can't trust this either, so you need a good antivirus on your computer so that you can run it. Even if you believed there, there are all sorts of antiviruses with a firewall, they will tell you what, where this software makes a request.
Let's say, the software after launching starts sending some packets to an unknown resource. Something is wrong here. Or this software is thrown onto a virtual machine, ideally to watch the traffic, sniff it with a wireshark.
Pavlovich:
But an ordinary user is unlikely to do this.
Hacker:
It will, well, at least install a virtual machine, run this software there, if it opens, if it performs its function, then okay, you can still run it on the main machine.
Pavlovich:
Well, what other methods?
Hacker:
Also, if... I'm not sure that people who do not have Russian, Ukrainian and other CIS layouts listen to and watch us, it is useless to install them, because we already have them, this would protect us from those who do not work on the CIS.
Pavlovich:
Those more or less conscientious hackers, right?
Hacker:
Yes, all sorts of Chinese have already learned to add a Russian layout so that they don't get infected. Second, you need to stop saving passwords in your browsers, print kipas, lastpas and other products that serve as a password manager. Put your own separate password on it, which only you know, preferably a good one, so that, I don't know, someone doesn't come and want to get your access.
Add all your important links to resources and logins and passwords there. Then you will protect yourself from your data falling into the wrong hands.
Dubious sites
Pavlovich:
That is, it turns out that we don't download any cracked software, any keygens and the like, we use either free analogs or pay for a licensed image of Microsoft Office. Then we add a keyboard, a Russian language layout and keyboards to our computer, like if some conscientious Russian hackers hack us or try to infect us with these cryptolockers, encrypt our files and extort money, they will see that there is a Russian layout and their virus will not work automatically.
And the third thing, you say, is not to visit any dubious sites. Maybe more?
Hacker:
You shouldn't visit dubious sites from Internet Explorer. You should use some more or less adequate browser, Google Chrome, Mozilla, Opera, install Adblock or some similar one there, so that potentially unwanted resources do not open for you.
Pavlovich:
Well, and don't save passwords in the browser, yes, don't put save there, but use some password manager like keypass, lastpass and so on, which is protected by a separate password, and copy all your passwords from there, right?
Hacker:
Yes, this is the main and perhaps almost the most important rule. If you are afraid of stealers, well, you should be afraid of this, because what can't people do when they get access to your Gmail account, to your bank account.
Two-factor authentication and other methods of protection
Pavlovich:
Well, I would add there, put two-factor authentication everywhere, like I have on my YouTube channel, I have it, that is, I constantly receive all sorts of confirmations on my phone, I have to confirm the same action that I do on the computer from the phone. Well, and for banking, too, accordingly.
Hacker:
Well, absolutely. If, for example, with YouTube, even if you have two-factor authentication, authorization is set to log in to your account with Google, then if your passwords, cookies were fresh at the time the virus worked, and the person also promptly logs in there for, I don’t know, a week, two, three, then they will automatically let him into your account. Perhaps he won’t be able, as I said, to delete your videos there or upload a new one, because they will knock him out of there, but to read the reply, mail opens in 99 percent of cases.
You can study the person, what he sends to whom. Also, if you have an Android smartphone, most likely, your photos are uploaded to Google Photos, you can open Google Photos, scroll through them, there may be all sorts of photos of bank cards, contacts, everything.
Yes, there is also your contact list, which is saved on the phone, so it most likely will not save.
Pavlovich:
Well, you should also install an antivirus, although it won't save you from some kind of ZRD vulnerability, some very rare, still unknown one.
Hacker:
Well, I don't think that's a threat to ordinary users.
Pavlovich:
But in general, it would be better to buy a Mac, because Macs are not as common as Windows computers, and they are simply hacked much less often, right?
Hacker:
Yes.
Aren't you afraid of going to jail?
Pavlovich:
And the last question. Aren't you afraid to sit down?
Hacker:
Put on bracelets? No. Why? Well, I have an adequately built security chain, and I'm not worried that Russian special services will be able to do anything about it.
Pavlovich:
Those who work on Ru - they come to them in the morning! Thank you!
