Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
[Guide] - White Hat Helping Basic Overview
#1
White Hat Helping Basic Overview

This is a guide to all eager White Hat Helpers here to learn about helping with infections and other matters.

NOTE: I have this posted at Hack Forums as well, but this could be a good resource for everyone to learn White Hat Helping, maybe even help the HJT Squad

What is a White Hat Helper?

A White Hat Helper in this forum are people who specialize in problems related to malware/virus infections, computer software issues, almost all issues related to computers in general, and help others with their knowledge. A White Hat Helper should specialize in at least 2/3 of the following:
  • Computer Security
  • Infection Prevention
  • Protection Software
  • Infection Removal
  • Online Safety
  • Identity Security
What to do to become a White Hat Helper:

First off, you need to know all things related with Black Hat Hacking, who gave hacking the bad meaning. They are hackers who hack systems to steal valuable data, hack websites to steal password databases and so on. There are few true Black Hats in these forums, as most are script kiddies following tutorials, not knowing actually what they are doing.

What we do is, we learn their ways and learn how to counter them. Suppose they infect people with RATs/trojans/keyloggers, we must know how to counter them, how to remove their malware from the system of the infected. Throughout this guide I will be teaching you different malware related things, which are actually coded by Black Hatters.

Learning the ropes: White Hat Basics

Do's and Don'ts

Do's
  1. Read the post made by the infected/OP very carefully.
  2. Read all comments made by others and the OP in the thread, to understand how much the user has been helped, the progress of his problem solving. Also, read all posts to see what other helpers have posted.
  3. Research on unknown problems. Researching on search engines, such as Google, will help you gain a much broader concept on matters, and also help the user more confidently.
  4. Always know what you are doing, and know what you are doing is right. Don't just guess solutions, as they can be wrong. If you don't know the solution, better leave the thread and let a much experienced handle the situation.
  5. Read what other helpers have posted, so that you remember the solution to the problem if it occurs with another user again.
  6. You can consult an educated White Hatter about you confusions, they are always there to help. But do note that they have other business to attend to. If you don't get a reply, just continue researching.
  7. Ask the OP if you are not clear on the problem. For example, you know a solution to something. The OP posts something similar, but vague. Ask him about the problem, and ask for a detailed explanation. And guess what, after getting the detailed explanation, you realize that you already know the solution!
  8. IMPORTANT: If the user posts an HJT log in the wrong section, doesn't give you the right to help the user. Report it for wrong section, and it will be moved by a moderator.
  9. If the OP doesn't have an Anti-Virus program, please, please, PLEASE suggest good, free anti-virus programs to them.
  10. It is better to stick with malware disinfection for a good amount of time, as this is one of the fastest growing problems in this section.
  11. I strongly recommend you to write your own canned speeches, or at least read the speeches I provide to understand the instructions yourself.
Don't-s
  1. I see a few people saying "Format you hard disk" to OP's who make a thread about infections. Don't do that. Formatting should be a last resort. An infection can be easily removed using appropriate tools like Malwarebytes' or SUPERAntiSpyware. Please don't suggest a format of hard disk, because OP's are always desperate for a solution, and will do anything. A format will make them lose personal, or maybe even important, data.
  2. Don't post if you don't know the solution. Leave the thread as it is. You are welcome to ask questions though.
  3. Don't suggest a Malwarebytes' scan (or any other malware scan) for problems that actually have no relation with infections. Read Don'ts number two.
  4. Don't help users that post HJT Logs, unless you are a graduated HJT helper from the HJT Training program. Apply here.
  5. Since you are learning the basics here, don't help users with advanced problems that you know nothing about.
  6. Don't use canned speeches unless you know what you are writing.
  7. Don't instruct the use of strong and advanced tools, like ComboFix or GMER, as they might cause damage to your PC, and you might not know what to do then. Just let the pros do the advanced stuff.
.::Common Malware::.

I see at least 2 or 3 people posting about infections everyday. As a member of Hackforums, a lot of members download many hacking tools, which are sometimes binded with malware. So, it is important for people to learn about different types of malware, to help out the users facing malware related problems.

If you see anyone facing 2 or more symptoms that I list below, provide them with appropriate removal instructions.

Remote Administration Trojans (RAT)

What is a Remote Administration Trojan?

A RAT or Remote Administration/Access Trojan/Tool (otherwise known as a Backdoor) is a form of malware used to gain control over someone's computer. This tool is most popular with the Black Hats and they're very common infections.

RATs have features including keyloggers, the ability to steal passwords, open and close CD trays, disconnect external devices such as monitors, delete or edit files, turn on a webcam without the user knowing, edit and delete registry entries, disable security software, and much more. Basically, they're capable of doing anything - the same things you'd do as if you were sitting in a seat behind the computer.

For More Information On RATs

More information can be found on Remote Administration Trojans at these links.
How To Recognize a RAT Infection

To recognize an infection, you'll need to analyze the symptoms the infected member is experiencing. With experience, you'll be able to apply your common sense and knowledge to determine, based on what has been said by the infected, whether or not the user has been infected by a RAT (or any other infection for that matter).

Symptoms of RAT Infections
  • Unexplainable deletion of files.
  • Unexplainable editing of files.
  • CD Tray opening and closing, though not provoked.
  • Webcam randomly turning on.
  • Keylogging.
  • Cursor moving freely.
  • Blocked access to particular sites (usually security-based websites).
  • Random messages appearing.
  • Unknown files/documents being created.
  • Slow Internet speeds.
  • Unresponsive components (monitors being disabled).
  • Passwords being changed.
  • HOSTS File being changed.
Please note that there are many more symptoms of RAT infection - these are just a few. It's important that you memorize these symptoms for when assisting members with their infections. If the infected member complains about experiencing one or several of these symptoms, you're going to have to know that it's most likely a RAT infection.

Keyloggers

What is a Keylogger?

A Keylogger is an application used to record the keystrokes of the victimized computer. If you're infected with a Keylogger, everything you type will be logged and sent to the hacker's FTP (File Transfer Protocol) location or to their E-mail address.

These days, Keyloggers are becoming more and more advanced with many features that can cause harm to your personal security. Keyloggers are becoming part of larger infections such as RATs and are used in most spyware. The goal of the Keylogger is to provide a log of what the infected has typed on his or her keyboard so the hacker can sift through to find usernames and passwords. They're the most basic form of spyware, but they're incredible powerful and can often go unnoticed.

For More Information On Keyloggers

More information can be found on Keyloggers at the below links. How To Recognize a Keylogger Infection

Keyloggers can be very stealthy and in many instances, one will only notice that they've been keylogged once all their passwords have been changed.

Usually, the infected will complain about their passwords being changed or their private data exposed. In most cases, the infected will be able to tell you that they've been keylogged - it's not difficult to diagnose at all. I'll share some common Keylogger programs with you to familiarise you with some names.

I'll also share the common symptoms experienced when infected by a Keylogger.

Symptoms of Keylogger Infections
  • Stolen or changed passwords.
  • Leekage of confidential information.
These are general symptoms of a Keylogger infection. Once infected, one will normally find out that they've been keylogged when attempting to login to a website or game or something of similar nature.

Trojans

What Is A Trojan?

A Trojan or Trojan Horse can be summarized as an unauthorized program contained within a legitimate program. This unauthorized program performs functions unknown (and probably unwanted) by the user (Reference: WindowsSecurity).

By saying this, a Trojan is usually a legitimate program that has malicious code unknowingly injected into it. The infected file will usually perform the desired task, yet will also secretly perform malicious tasks on the infected's system.

Trojans can be divided into two types: one part will require a server and a client (Trojan Horse), and the other type of Trojan is a more direct infection and will carry out its purpose automatically. The two-part Trojan (client and server), requires directions from the attacker (hacker) to operate. The most common example of this is the Remote Administration Trojan (RAT) which we've just covered.

In this type of Trojan (two-part), the infected will have to run the 'Server' application to initialize the attack. This file is usually called 'Server.exe', though there are many variations of this. Once this application has been run, it'll connect through a port configuration and the Internet to the 'Client' (the hacker).

Trojans are usually extremely well disguised, which is why these programs have caused so much damage. They can be bound to other files, encrypted, renamed, and more. This is why determining whether or not an application is, indeed, clean or infected can be very difficult.

Trojans are usually set to automatically run on startup through various methods including creating entries in the Windows Registry, and using Windows System Files.

How To Recognize a Trojan Infection

Trojans, as mentioned above, are usually disguised in other applications. This, in tern, will make the file infected. Basically, it's a fake program claiming to be legitimate, when in fact, it's infected. This is one trait of a Trojan, but it ties into the fact that Trojans are designed to cause destruction.

Common Trojans/Trojan Horses
  • Remote Administration Trojan
  • Password Sending Trojans
  • Keyloggers
  • Destructive
  • Denial of Service (DOS) Attack Trojans
  • Proxy/Wingate Trojans
  • FTP Trojans
  • Software Detection Killers
Source: http://trojanhorseremovers.com/articles-...rojans.php

Symptoms of Trojan Infection
  • Changed or deleted passwords.
  • Confidential information stolen or exposed.
  • Files deleted or edited.
  • Registry values edited or delete.
  • Internet disabled.
  • Antivirus/Anti-Malware disabled.
  • Firewall disabled.
  • Common RAT Infection Symptoms - Please read the above section on RATs.

Common Malware Removal Software

Anti-Malware

It's suggested that you have one to two anti-malware applications installed on your system. Anti-malware scanners aren't usually active scanners - meaning that they aren't always monitoring your system; they need to be run manually, they won't interrupt any other active protection agents that are currently running, such as an antivirus.

Anti-Malware Applications
  • Malwarebytes' Anti-Malware
  • ESET Online Scanner
Anti-Spyware

Anti-spware, alike anti-malware, will not interfere with antivirus or anti-malware applications. They're one-off scanning utilities, and usually don't come with active protection. Anti-spyware applications are designed to target spyware infections such as trojans, keyloggers, and worms.

Anti-Spyware Applications
  • SUPERAntiSpyware
  • Spybot - Search & Destroy
  • Spyware Doctor
Conclusion

This is the end of my guide, but not the end of your learning. Continue researching on different types of malware, different problems on computers etc.

Read this compilation for more guides: http://www.supportforums.net/showthread.php?tid=7025
Reply
#2
Amazing guide, thanks for sharing this here.
Reply
#3
I didn't know what a White Hat was until now, THANKS.
Reply
#4
Excellent guide! I know a lot of the things stated in the guide, but also learned a great amount.

Also, I noticed in the a link under the "Don'ts" has a link to the "HackForums HJT Training Information & Signups" and not Support Forums' HJT Signups. Is it supposed to be like that or not?

Again, outstanding guide. Learned a lot.
Reply
#5
(05-24-2010, 02:39 PM)Silver Wrote: Excellent guide! I know a lot of the things stated in the guide, but also learned a great amount.

Also, I noticed in the a link under the "Don'ts" has a link to the "HackForums HJT Training Information & Signups" and not Support Forums' HJT Signups. Is it supposed to be like that or not?

Again, outstanding guide. Learned a lot.

Good find. S7N, you might like to fix that.
Success is the sum of small efforts, repeated day in and day out.
Reply
#6
Fixed. Thanks for the pointer.
Reply
#7
Cool guide thx for sharing it
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Guide]Very basic guide for general security Zurmi 14 6,914 11-02-2010, 10:28 AM
Last Post: Zurmi
  [Guide] Ultimate PC Security Guide - Malware Codine 4 2,081 11-18-2009, 03:14 AM
Last Post: Codine

Forum Jump:


Users browsing this thread: 1 Guest(s)