feedburner
Enter your email address:

Delivered by FeedBurner

feedburner count

How to Trace Back a Hacker's Malware?

Labels: , , ,

In this tutorial I'll be showing you ways to obtain a hacker's information, particularly his IP address.Once you have his IP address, you can trace it to the exact location through a number of IP Lookup tools such as this free one : http://whatismyipaddress.com/ip-lookup.If you have been successful in identifying the malware file that a Hacker infected you with, then it saves most of the trouble and we can simply work on this file. I will be showing you have an unprotected hacker can give himself up to the feds by doing something stupid like this. I believe, this tutorial is a must for every hacker who does not maintain is anonymity.





Instructions


First off, you will be needing these two softwares, Wireshark - Packet Analyzer and Sandboxie - Program isolation Software

1. Open Wireshark.
2. Click on Wireless Network Connection or Local Area Connection depending on whichever kind of network you are currently on. Then click Start.



3. For RATs usually the type of connection made is through DNS. For keyloggers , the connection is usually made through FTP or SMTP. Let us use a DNS connection for detecting a RAT in this example.By doing this, you will able to see all the DNS connections that are being made from your computer.



4. Now open Sandboxie. Any program that is opened via this tool, completely isolates the program from the rest of the computer, therefore, once you close sandboxie, then all the programs running through it will be terminated and your computer would not be affected in anyway.

5. Now we need the file that you suspect is the virus.Let us assume that you have a file named as notantivirus.jpg.png.exe as shown below. When you open through Sandboxie, the virus is trapped in it, but it can access all your saved data such as Saved Passwords on your browsers.Make sure you clear them.



6. Go back to wireshark, you will see a connection that is of the form
somethingsomething.no-ip.biz

It can be of something else, where no-ip.biz is replaced by some other Dynamic DNS service.



7. Once you get that address.Then you can simply ping that address via Command Prompt and get the IP address to which it is connected to!



Conclusion


Hackers often overlook the anonymity and get caught by the feds through very silly ways. There have been several such examples in the hacking world where top notch hackers were caught while trying to hack the best servers such as League of Legends in this case : http://www.dailydot.com/esports/jason-shane-duffy-league-of-legends-hacks/. It is therefore important to know this method to pin down such hackers and if you happen to be one, then it is a must to get anonymous through proxy servers or through other means.

Get Articles from this blog via E-mail !

subscribe to Hackbook.net Enter your email address:



1 comments :
gravatar
mano said...
December 22, 2014 at 4:43 AM  

nice blog

Post a Comment

Post a Comment