2004, year of the Chinese hacker

by Chris McNab

The first real public glimpse we had of Chinese technical prowess relating to hacking and security was in 2001, when the damning Code Red worm propogated, changing HTML to contain the 'Hacked by Chinese' slogan.

In 2002, the netXeyes Chinese group, and its members came up with some interesting Windows NT / 2000 / XP related hacking tools, in particular:



  • SMBCrack.exe, an ultra-fast NTLMv1 brute force password cracker
  • WMICracker.exe, a brute force tool for use against the WMI interface (accessible via TCP 135)
  • ARPSniffer.exe, a single WinPcap command-line ARP redirection and sniffing tool

    The premier piece of software in the netXeyes armory however is a system called Fluxay. Recognized as a backdoor or Trojan by Symantec and Sophos at the following locations:



  • http://securityresponse.symantec.com/avcenter/venc/data/backdoor.fluxay.html
  • http://www.sophos.com/virusinfo/analyses/trojfluxaya.html

    Fluxay is essential an all-singing all-dancing Trojan horse and active hacking system, the damn thing can even perform ARP redirection and sniffing, then send the results to the attacker via an SMS text message! The netXeyes Fluxay 5 manual (all 158 pages) is accessible here, and the software itself can be downloaded from the following:



  • http://61.132.27.138/superdown/down/Fluxay5Beta1.rar
  • http://zqlt.vicp.net/superdown/down/Fluxay5Beta1.rar

    You can browse through netXeyes' releases in 2002 and 2003 using the following URLs:



  • http://www.netxeyes.org/2002.html
  • http://www.netxeyes.org/2003.html

    Two other prominent groups that have released exploits for mainly Microsoft Windows bugs (the RPC DCOM bugs that the Blaster and Nachi worms used come to mind) are xfocus and cnhonker. Over the last 12 months we've seen an increase of potent exploits being released by xfocus and cnhonker in particular, including use of pretty smart exploitation techniques. I certainly think that in 2004 and the future, Chinese exploit and worm development will increase, leaving the west behind.

    This used to be the other way around, though. I remember back in 1997 and 1998 when serious remote vulnerabilities were being found and published by hackers in the United States and western Europe. Companies in the east (Japan and Korea in particular) were very very slow on the uptake of this threat information, resulting in thousands of incidents. Nowadays there are Spanish, Japanese, French, and other specific mailing lists to provide security professionals and administrators with the information they need, but what happens when all the hacking sites and tools are in Chinese?




    Well that's my 2 cents, please leave any links to other Chinese sites, or comments below..


  • 8 Comments

    Rameez
    2006-07-23 08:50:08
    Sir i am from pakistan my name is rameez shahmoun... sir if any person can teach me aur give me the link that from where i can download the softwares of msn messengers email password hacking software or yahoo email hacking software then i will be very thank ful to him. please sir.... my email is ramese_coool@hotmail.com
    bishisht bhatta
    2007-01-04 02:45:34
    yo bros i have never used the esasiest software yet for hacking
    its tooooooo coooool and easy to use
    JIMMY
    2007-01-06 06:18:38
    SIR MY NAME IS JIMMY I AM FROM PAKISTAN .....SIR IF ANY BODY TEACH ME ABOUT AND GIVE ME THE LINK THAT WHERE I CAN DOWNLOAD THIS SOFTWARE "NETXEYES".I WILL BE VERY THANK FULL TO HIM.MY EMAIL ADRESS IS DEVILS_OF_KARACHI@HOTMAIL.COM
    Santanu Majumdar
    2007-01-21 21:37:11
    I want to know who to crack passward of different software that i download from internet. Please advice me if possible. My E-MAIL id is shan_rock1234@rediffmail.com
    Aprill
    2007-12-04 07:46:41
    Well Jason, you were right, 2004 was the Year of the Chinese Hacker, as was 2005, 2006, & 2007. The Department of Homeland Security, A US Naval Academy & the Pentagon itself were all hacked into over this time period. I'm interested in stopping this tsunami with the hired help of professional ethical hackers/security experts. My thought is that even firewalls will fall to these guys as packet crafting is a reality. Idea's interest? Contact me at april_dogwood@hotmail.com
    acqua di
    2008-05-05 17:45:48
    hamilton limo service hamilton limo service [link=http://richardbowden.com/wpThumbnails/pics/letonrs.html]hamilton limo service[/link] 2005 de germany gmx gmx gmx.de hans net 2005 de germany gmx gmx gmx.de hans net [link=http://taiyofilms.com/wp-content/uploads/2006/reeltq.html]2005 de germany gmx gmx gmx.de hans net[/link] acqua di acqua di [link=http://impureminds.ca/rotation/data/images/article55.html]acqua di[/link]
    acqua di
    2008-05-05 17:46:19
    hamilton limo service hamilton limo service [link=http://richardbowden.com/wpThumbnails/pics/letonrs.html]hamilton limo service[/link] 2005 de germany gmx gmx gmx.de hans net 2005 de germany gmx gmx gmx.de hans net [link=http://taiyofilms.com/wp-content/uploads/2006/reeltq.html]2005 de germany gmx gmx gmx.de hans net[/link] acqua di acqua di [link=http://impureminds.ca/rotation/data/images/article55.html]acqua di[/link]
    acqua di
    2008-05-05 17:47:46
    hamilton limo service hamilton limo service [link=http://richardbowden.com/wpThumbnails/pics/letonrs.html]hamilton limo service[/link] 2005 de germany gmx gmx gmx.de hans net 2005 de germany gmx gmx gmx.de hans net [link=http://taiyofilms.com/wp-content/uploads/2006/reeltq.html]2005 de germany gmx gmx gmx.de hans net[/link] acqua di acqua di [link=http://impureminds.ca/rotation/data/images/article55.html]acqua di[/link]