Chapter 319 Zombie puppet

Trading in the stock market is becoming more and more automated. Professional exchanges and large institutions have spent a lot of time and energy studying this program, in order to avoid the interference of human emotions on trading, and monitor market fluctuations in a timely manner, so that they can buy or sell at the first time when there is an abnormality.

There are many professional companies in the world that study automatic trading programs. They advocate the benefits of automatic trading programs, which are rational, accurate and can be monitored at any time.

However, this time, they didn't expect that because of a "wrong" operation, the automatic trading robots were also cheated, and they participated in this operation one after another, which affected the whole market.

Tuttle was fired for this, and he caused immeasurable losses to Citibank, which he personally could not afford to pay at all. Fortunately, Citibank is rich and has made a lot of profits in this change. Under the neutrality, the loss is relatively acceptable.

Tuttle became the "finger of God" and left the industry with such a very disgraceful ending, which was a big blow to him.

He has repeatedly insisted that he will not make such a mistake, and the exchange itself has a preventive mechanism. After all, such a mistake has occurred before. Although the amount is not large, it will also cause losses after all. Therefore, early warning measures are implanted within the trading program. In case of abnormal situations, there is usually a second confirmation. When it comes to placing such a large amount of orders, there should have been an early warning message, but Tuttle didn't see it at all.

Although the letters "M" and "B" are very close, the experienced Tuttle is unlikely to enter such a large value, because he has never entered the word Billlon (billion) in his career.

Although he explained repeatedly and the investigators felt a little strange, the final survey results showed that there was no abnormality, and only such an explanation was reasonable.

In addition, they have conducted a detailed investigation of Tuttle's own account and the account changes of his relatives. If it hadn't been for the fact that they had made a profit as a result, Tuttle might have a lawsuit.

It's not that no one believes Carter's words. At least the Carter's wife and several close friends believe him, and they all know who he is.

Lin Hong also believes in the cartel, not because he believes in the character of the cartel, but because he found an abnormal situation in the cartel's trading computer.

Through the super worm, Lin Hong learned that there is a very small worm program hidden in the trading computer of the cartel. Its function is very simple, that is, to replace the data M in memory with B

Moreover, this worm is based on the IRC protocol, that is to say, it can accept instructions from the IRC server to complete the corresponding action.

It is like a loyal sentry, which is controllable. Action will only occur when the instruction is received. Usually, it is a piece of information, hidden in the ocean of information fragments, and there is no abnormality at all.

"Finally appeared!"

Lin Hong saw a familiar shadow from this worm. In those years, his super worm inadvertently killed another worm called TREE and became the life-saving straw of NASA's Space Physics Analysis Network.

And now, on this little worm, Lin Hong saw the shadow of the TREE worm.

Although the worm has changed greatly, it has not escaped Lin Hong's eyes. He specially captured a sample of the worm for analysis. Obviously, many of the structures are similar to the previous worm, and it is most likely from the same person.

The answer is about to come out. This "Oolong Finger" incident is not an accident at all, nor is it the poor trader's operation error.

In order to find this mysterious hacker organization, Lin Hong spent a lot of thought. He gave a lot of filtering conditions to the super worm, but still did not collect any suspicious information. And this time, they finally showed themselves.

Before, it seemed that I was looking for a needle in a haystack. Whether I could meet it depends entirely on luck, and this time, it is much easier to have a specific goal.

Lin Hong began to transform the super worm to form a new variant, which is specially attached to them. He closely monitors the information flow of this NREE worm variant, and then follows the vine to find their base camp.

Of course, this process is not an easy task.

Hacking technology has developed to this stage, especially after Lin Hong opened up the source code of Bit messenger, network hackers have made great progress in hiding their whereabouts.

The technology is a little poor. I don't care about this step at all. I directly rely on the bit messenger and act as an agent. This is very safe and the probability of exposure is very small.

If the technology is a little higher, it will absorb the anonymous principle of the bit messenger for its own use, and develop the corresponding software to hide its whereabouts.

The server used by Bitxin as a proxy is installed on the user's computer. If the user happens to be a security expert or network hacker, he is likely to monitor the data in and out of his client. Once the data is exactly the exit of his client, he can directly decrypt the The information is intercepted.

If there is only one client, the probability is indeed very small, but it cannot be ruled out that people with ulterior motives run many clients to monitor these data.

Highly skilled people are generally arrogant. If he can do such a thing by himself, they will rarely use other people's software.

So, when they know the specific principle, they usually do it by themselves. They firmly believe in the concept of "do it by yourself and have enough food and clothing".

In the past few years, there have been many solutions to hide your whereabouts, but the most basic principle is still similar to that of BitMic messenger, which is to jump and confuse through data, so as to avoid reverse tracking by others.

At present, in addition to general proxy jump technology such as bit messenger, another commonly used technology is a technology called "BOTNET network".

Literally, it is "robot network", but those hackers in China have given it another more vivid name "botnet". Because infected computers can usually be remotely controlled by hackers, just like a controlled zombie.

The basic principle is to turn the client into a chicken to secretly run its own Trojan horse or worm program on the other party's computer without the owner's permission, so that the captured computer or server becomes a zombie computer.

With the development of the Internet, more and more people begin to feel the charm of the Internet and become its users. After all, technicians are only a small part of it. Of the 100 users, only one person may know some technology and can really be proficient, and maybe one percent of them.

Users who don't know the basic technology have no idea whether they have been wormed or Trojan. They infected their computers and became part of the entire botnet for various reasons.

It is not difficult for technical masters to have such a botnet. Sometimes, it does not even involve any technical factors to spread it, as long as you use a little social engineering knowledge. For example, pretending to be someone else to send emails to his friends, attaching these worm programs, and inducing them to execute these programs.

With such a botnet black hat hacker, or hacker, you can do a lot of things.

Jumping as a proxy to hide your whereabouts is just one of the very small applications.

The TREE worm variant found by Lin Hong uses such a botnet to communicate.

This botnet is very large, spread all over the world where the network has been connected, and it is very hidden and basically does not have any system resources. It can be seen that this network is very sound, and users have the intention to use it for a long time.

He closely monitored the worm, but found that there was no effective data flow for a few days.

Lin Hong speculated that it was likely that the game was suddenly a little big this time, and the other party did not expect this situation, which directly caused the whole stock market to plummet. So the worm began to enter the dormant period, and it is still unknown whether it will be activated.

After monitoring for a few days, Lin Hong gave up the plan and began to find a way on the hidden botnet.

There is not much time left for him. He will return to China in a few days. The domestic network is not as good as here, and the network speed is not good. He wants to do this well before returning to China.

He spent one night improving the super worm for the other party's botnet program. In addition, he wrote a worm, which will specifically detect this botnet program. Once it is found to exist, it will lurk in the system and carry out its input and output information channels. Monitoring.

This method is somewhat similar to the virus in the boot area. In addition, an intermediate channel is built at the information channel, a level is set up, and the information in it is specially monitored, but it does not affect its normal operation.

This worm is named "Zombie Shadow" by him. Ordinary computers will not be infected with this worm. Only after being infected with the designated zombie program will it lurk, which is equivalent to a shadow of a zombie worm.

These days, Lin Hong has basically spent time in the online cafe. Lin Hong's zombie shadow program has also officially spread to the outside world. In the past few days, some data has been revealed, but there is no particularly useful information, mainly some data exchange. Although it involves some more confidential information, But it's not what Lin Hong wants to see.

This information is the result of the automatic operation of botnets and other worm programs, and there is no contact with the hacker organization for the time being.

It's already August 28, and Lin Hong has arrived at the airport. Two hours later, he will board the plane and fly back to China. At this time, the school has begun to report, but he is still stranded in the United States, and his family has called several times to urge him.

However, when Lin Hong was about to check the security check, the PDA on his body suddenly "tumped" slightly. Lin Hong took it out and looked at it, and his eyes suddenly condensed.

He glanced at the slowly advancing team in front of him, hesitated for a moment, and immediately came out of the team and walked quickly outside the waiting hall.