"Computer virus" is not a new word, but in the first half of 2003 and in the first half of 2004, it is certainly one of the most popular words. According to the National Computer Virus Emergency Treatment Center: my country's computer virus infection rate is as high as 85.57% in 2003, most users have been infected more than two or more viruses and causing different levels of loss. "Shock Wave" and "荡 波" give us the impact and vibration of most Internet users feel deeply. Due to the raging computer virus, my country has currently has a new industry: computer emergency staff, is said to be good.
With the development of computer technology, computer viruses are also constantly developing. Computer viruses and anti-virus technologies are like the two sides of the enemy, which makes itself growing in the process of mutual development, and from the current situation, computer viruses are always active. One party, we are in passive defense and resistance.
New characteristics of computer viruses
Computer viruses will present new trends: while bringing us a lot of convenience and help, the Internet, LAN has become the main way for computer virus spread; in the struggle with anti-virus technology, the transformation speed and destructive power of computer viruses Continuously increased; the occurrence of hybrid viruses gradually lost significant for the classification and definition of computer viruses, but also makes anti-virus work more difficult; viruses are more concealed, unconsciously "poisoning" consequences Serious; some of the most software will become the main attack object of computer viruses.
I. Computer Network (Internet, LAN) has become the main propagation pathway of computer viruses, and uses computer networks to gradually become a common point of computer virus.
The computer virus was previously propagated through the file copy, and the most common media is the floppy disk and pirated disc. With the development of computer networks, computer viruses can be propagated by computer networks (email, web pages, instant messaging software, etc.). The development of computer networks will help computer viruses have greatly improved, and infection is also more wide. It can be said that netization brings high efficiency of computer virus infection. This is the most prominent performance with "shock wave" and "shock wave". Taking the "shock wave" as an example, the shock wave is the Internet worm that uses the RPC DCOM buffer overflow vulnerability. It can crash the underlying system that is attacked and quickly spreads to the system that is easily attacked through the Internet. It continues to scan the system with a vulnerability and send data to the 135 port of the system with a vulnerability, and then download the code MSBLAST.exe capable of self-replication from the computer that has been infected, and checks if the current computer has available networks connection. If there is no connection, the worm checks the Internet connection every 10 seconds until the Internet connection is established. Once the Internet connection is established, the worm opens 4444 ports on the infected system and listens on port 69, scans the Internet, attempting to connect to 135 ports of other target systems and attack them. Compared with the previous computer virus, computer viruses (active scanning can be infected), independent (no longer relying on host files).
Second, the speed of computer virus deformed (variant) is extremely fast and developed to mixed, diverse development
Soon "荡 波" shortly, its deformed virus appeared, and continued to update, from variants A to variant F, time no need for one month. While people are busy with "shocking wave", a new computer virus came to life - "Swissing wave killer", it will turn off computer viruses such as "oscillation wave", but it brings the hazard and "oscillating "Wave" Similar: blockage network, exhausted computer resources, random counting shutdown and timing attack some servers. In a report released by the anti-virus service provider Sophos, the number of new worms appearing on the Internet this year, the number of types of worms have entered the 30 months, and there were 959 new viruses, setting up from 2001. The new high since December. These 959 new viruses include new variants of some old viruses. Computer viruses to hybrid, diverse developments, some viruses will be more sophisticated, and other viruses will be more complex, mixing a variety of viral features, such as red code virus (Code Red) is integrated with file type, worm-type virus This trend will cause anti-virus work more difficult. On January 27, 2004, a new worm spread in the enterprise email system, which causes an increase in the number of emails to block the network. Different anti-virus vendors are named Novarg, MyDoom, SCO bombs, Novig, small postage variants, which uses rare tactics that combines viruses and spam, and unknowing the spread of users make this virus spread. The speed seems to be fast than the spread of several other viruses. Third, the concealment of operational mode and communication mode
9
month
14
day
The Microsoft Security Center released September vulnerability security announcement. Among them, the GDI vulnerability mentioned by MS04-028, the harm level is set to "severe". Rising security experts believe that the vulnerability involves GDI components. When users browse specific JPG images, they will cause buffer overflow, and then perform viral attack code. This vulnerability may happen on all Windows operating systems, for all software, Office series software, Microsoft .NET development tools based on IE browser kernels, and Microsoft's other graphics related software, etc., this will threaten the number of users. The widest high-risk vulnerability. Such viruses ("picture virus") may seize in the following form: 1, group mail, attached JPG picture file with virus; 2, using malicious webpage form, browse JPG files in the web, even pictures on the web page That is, it can be infected by a viral infection;
In a computer that is infected by a computer virus, you may only see some common normal processes such as SVCHOST, TASKMON, etc., in fact it is a computer virus process. At the beginning of June this year, a film related to Harry Potter was shown in the US and the United Kingdom. Then, a security company issued a warning says that "network sky" worms are relying with the help of science fiction characters. Security company pointed out that users of Netsky.p worms have increased significantly because it can disguise themselves into a movie file related to Harry Potter, game or books. "Worm.LHS", "V Baby (Win32.Worm.babyv)" Virus and "Worm.Swen" viruses are spreading themselves to Microsoft's patches. These camouflage are preventive. You won't download anything from the computer network? Includes information you are interested in, film, song? As for the use of beautiful words in the subject to attract you to open email so that the invasion of computer viruses is already a very common computer virus disguise. In addition, some computer viruses of instant messaging software such as QQ, MSN will give you a very attractive website, as long as you browse this URL's web page, computer virus is coming. Fourth, use the operating system vulnerability to spread
The operating system is a bridge that contacts computer users and computer systems, as well as the core of computer systems, and is currently the most extensive application of Windows series. 2003 "Worm", "Shock Wave" and 2004 "波", the "picture virus" mentioned in the previous use of the Windows system vulnerability, which causes the entire Internet in just a few days. Huge harm. The development of an operating system is a complex project, and there is a vulnerability and error. Any operating system is gradually incorrectly maturing and improving during the repair vulnerability and correcting errors. But these vulnerabilities and errors give computer viruses and hackers a very good performance stage.
With the reduction in the use of DOS operating system, computer viruses infected with DOS operating systems will also exit historical stages; with the increase of Windows operating system usage, computer viruses for Windows operating systems will become mainstream.
V. Computer virus technology and hackers will be increasingly integrated
Because their ultimate goal is the same: destruction. Strictly speaking, Trojans and latte programs are not computer viruses because they cannot copy and spread themselves. However, with the development of computer virus technology and hacker technology, the virus writer will eventually fuse the two techniques. Rising Global Anti-Virus Monitoring Network took the lead in intercepted a Trojan that can be controlled with QQ and named "QQ Trajector" (TROJAN.QBOT.A) virus. According to reports, this is the world's first Trojan virus that can pass the QQ control system, which will also cause the mandatory system to restart, being forced to download the virus file, capture the current system screen. The latest variant of the "Love Back Door" broke out in mid-November 2003, with a variety of viral characteristics such as worms, hackers, and lattermen, killing and harmfulness. MyDOOM worm is propagated by email attachments. When the user opens and runs the worm, the worm will immediately send a large amount of deceptory with worm with a worm with the email address in the user's mailbox. At the same time, leave the back door that can be uploaded and executed on the user host. These computer viruses may be the prototype of computer virus technology and hacker technology.
Sixth, material interests will become the greatest driving force for driving computer virus development
From the history of computer viruses, the interestedness of technology and hobbies are the source of the development of computer viruses. But more and more signs have shown that material interests will become the biggest driving force for driving computer virus development. At the beginning of June 2004, both my country and other countries successfully intercepted a computer virus for bank online user accounts and passwords. Jinshan drug tyrants successfully intercepted the latest variant of the online banking thief. The variant will steal more bank online account and password, which may cause huge economic losses; the German Information Security Federal Committee (BSI) reminds the majority of computer users, they found one A new Internet virus "Korgo", Korgo virus is quite similar to the "shock wave" virus that is crazy about last month, but its main attack target is bank account and credit card information. In fact, not only online banking, online stock account, credit card account, house transaction and even game accounts, etc. may be attacked by virus, and even online virtual currency is also within the viral target. More famous, "Happy Ears", "Stock Sifer", etc., there are many unknown, so it is a more terrible virus. Computer virus for online games is more obvious, online game accounts and thousands of virtual equipment in thousands or even thousands of virtual equipment are milded to others. Today, many banks provide online verification or password keys, and users don't only save costs, and they will lose huge funds. Buying password keys or digital certificates is quite necessary.
Several types of software and response strategies for computer virus concentration
I. The Windows operating system and its integrated software Windows series operating system are easily attacked, mainly because the operating system is complex, there will be a lot of security vulnerabilities, and these security vulnerabilities have given the virus. While the virus can be used, give The security of computer systems has brought a lot of hidden dangers. For example, the global "Worm.Blaster" virus used the system's RPC buffer virus, which used the system's RPC buffer vulnerability. This year's "shock wave" uses the LASS vulnerability to completely control the infected system. In addition to the RPC vulnerability, there are still many other vulnerabilities, such as the "Worm" virus in the beginning of the year, is the use of SQL Server 2000 buffer vulnerabilities. In addition, IIS and Outlook Software (Outlook and Outlook Express also have a large amount of security vulnerabilities, and they get more and more favored by many computer viruses and hackers. According to incomplete statistics, there are nearly a thousand known security vulnerabilities in the Windows NT series operating system.
The IE browser is our use of the most browser, which also has many security vulnerabilities and becomes an attack object of viruses. The most common way to use scripts perform vulnerabilities with scripts. The vulnerability automatically performs a harmful script in the web page, or automatically downloads some harmful viruses, resulting in damage to the user's computer. The computer virus is embedded in the page of the web page. When the user opens a web page containing the virus in the case of unknowing, the virus will modify the user's IE default homepage, build a large porn website link and modify the registry on the desktop. It affects the normal use of computers normally, and more bad is the purpose of formatting a hard disk that browsing the user's hard drive through malicious code or utilizing code transmission Trojans and latter programs.
Strategy: For our ordinary users, it can only be constantly patching the vulnerability. We can only expect Microsoft and other operating system manufacturers to have a better way, but we have to make patch from the perspective of technology development. The problem is: One day, Microsoft said "If you want to play patch, you will have money." What do we do? As for the prevention and treatment of email viruses, real-time mail virus monitoring systems are indispensable. The best way to protect the IE browser is to use the script monitoring function and registry repair tool for anti-virus software. Second, instant messaging software QQ, MSN, NetEase bubble These instant messaging software has neased the distance between people and people. QQ software has already had more than 100 million users in China, with hundreds of thousands of users online at the same time. However, with the increase in the number of software used, such software has also become a new attack object of the virus. There are two main forms of computer virus attacking instant messaging software. One is the stealing user number. It will deceive users to deceive users as instant messaging software, when users enter their usernames and passwords in this login box, the virus will automatically send this information to the specified mailbox, thus losing instant messaging software. Network identity. The other is to use the live link function of the instant messaging software to propagate, the live link function is when the user receives a URL sent by the friend, as long as you click this URL to enter the web page directly. Due to the convenience of this function, it is used by a lot of viruses. When the virus is running, it will send a chat window to all online friends, and when the friend misunderstands is to poison when it is a useful URL, it will be poisoned, thus making the virus It is widely spread, such as "QQ tail (Trojan.qq3344.s)" "viruses last year. The first example of the world is very rapidly transmitted by Microsoft Instant Chat Tools MSN Messager. Once the user is infected, the worm will first check if the user has MSN Messager and has been logged in. If the user is already logged in, the worm will send spoofing information to people in all contact lists through the MSN Messager dialog window. Users who receive this information are accidentally clicked on this link to perform this worm, the worm will continue to send the same information to other contacts through MSN Messager, causing a chain reaction, resulting in fast propagation of viruses. Strategy: In 2004, similar "Trojan.qq3344.s)", viruses for various instant messaging software will also appear. Users can download a special virus killing tool regularly remove viruses hidden in the computer. Users who know comparison with computers can also use firewalls to prevent some illegal programs from accessing the network. Third, online games currently have hundreds of popular online games. The online game market is only 0.38 billion yuan in 2000. It rose to 1.02 billion yuan in 2002, and the market size of online games in my country has reached 1.78 billion yuan by the end of December 2003, which is expected to exceed 2 billion yuan in 2004. ("Guangzhou Daily"
2004
year
6
month
8
day
A22) The development of online games has driven telecommunications service, IT equipment manufacturing, etc. related industry has increased by nearly 15 billion yuan. It is expected that by 2007, China's online game industry will reach 6.7 billion yuan, and users will reach 41.8 million. ("Southern Metropolis Daily" 2004.10.13)
Online games are hot, and the virus that attacks online games is also breed. According to the statistics of the Rising anti-virus sector, the top three online games that are most serious in China are: Legends (including Legends, Legend 3 and Legendary World), Miracles and Magic Baby. One of the viruses named "Trojan.psw.lmir" is specifically targeted to "Legend" games, so far, 516 varieties have been shown, becoming a veritable poison king. Most of the virus that attacks online game software will infect user computers through network scanning or except for a large number of viral emails, after infection, the virus will steal the password information of the specific online game, and then these will be used in the computer. Information is sent to the specified mailbox. Such as "Worm.Psw.cqsys" virus is such a virus, the virus is transmitted through the LAN through the local area network and steals the password of the "Legend" game, the user's game identity and virtual property are lost. Strategy: Because the virus of the online game is very virus, and the speed of virus varies is very fast, it is impossible to prevent it, it is recommended that players open real-time monitoring procedures and firewalls when playing games to prevent virus attacks. Fourth, P2P software P2P software is a point-to-point transmission communication tool, as long as the same P2P software, users can communicate, chat, exchange files, etc. With the popularity of P2P software, there are more and more viruses to start staring at such software. Viruses with P2P resource sharing networks are increasing, and P2P networks are becoming a great soil for disruptive viruses and worm diffusion. Especially when using the company's computer or server running resource sharing software, it is likely to enhance the invasion of online hackers and viruses and lead to external leaks of internal documents, which is directly related to the company's security issues.
In the "Kazaa" in Europe and the United States, a worm called "Benjamin" has spread, the viral fake pop music, video or software is visible to deceive users, and lure users download. Another worm-like virus called "Troj_Doal.a" is spread in resource sharing software, which appears on the network name "Windows XP Home Edition Key Generator", often makes people mistakenly think that pirated products can be used. This is an illegal process known as "Trojan Horse", which can also delete hard disk data. In order to ensure safety,
2002
year
Seduce
month
25
day
(US Time) Microsoft stipulates that the company's employees have been exchanged using the company's computers or networks.
Strategies: Dealing with such viruses, can use anti-virus software monitoring and memory monitoring. Document monitoring is the read and write operation in monitoring all files in the system. It is found that the virus will be cleared directly, while memory monitoring will monitor the virus in memory. When the virus has not yet episodes, the virus is removed.
V. E-government system network security needs to be strengthened
In the e-government system, the official document of government agencies, data storage, service providing is implemented in electronic form, based on Internet platforms, from a technical point of view, the Internet is a global network with many unsafe factors. The e-government system is increasing the efficiency of office and expanding the government's service content, providing some cordial adverse people to steal important information through technical means.
Strategies: firewall and antivirus software are the necessary measures to protect e-government security systems. In addition, from practical applications, the isolation of internal networks and external networks is the necessary technical means for ensuring the safety of e-government systems. In terms of file transfer, the authentication between each other is a very important issue.
【references】
1. Linhai et al, "Computer Network Security", Higher Education Press, 2001.7
2, "Malignant Worm Virus), Huajun Software Information Center 3," Exploring Virus from User Perspective: Resolution and Prevent Computer Worm Virus ", Rising Anti-Virus Information Network 2004.2.4
