Määritelmä
Wormsareacommoncomputervirus.ItusestheInternettoreplicateandspread,andthewayofinfectionisthroughtheInternetande-mail.TheoriginaldefinitionofawormisbecauseintheDOSenvironment,aworm-likethingwillappearonthescreenwhenthevirusbreaksout,anditwilleatthelettersonthescreenandreshapeit.
Awormisaself-containedprogram(orasetofprograms)thatcanspreadcopiesofitsownfunctionsorsomepartsofit(worm)toothercomputersystems(usuallythroughInternetconnection).Pleasenotethatunlikegeneralviruses,awormdoesnotneedtoattachitselftothehostprogram,itisanindependentintelligentprogram.Therearetwotypesofworms:hostwormsandnetworkworms.Thehostcomputerwormsarecompletelycontained(invaded)inthecomputerstheyarerunningon,andusenetworkconnectionstoonlycopythemselvestoothercomputers.Afterthehostcomputerwormsadditsowncopytoanotherhost,itwillterminateit.Byitself(soatanygivenmoment,onlyonecopyofthewormruns),thiswormissometimescalled"hare",andwormsareusuallyspreadthroughthe1434portvulnerability.
Forexample,the"Nimya"virus,whichisveryharmfulinrecentyears,isakindofworm.Inthespringof2007,"PandaBurningIncense"anditsvariantsarealsoworms.ThisvirustakesadvantageoftheloopholesintheMicrosoftWindowsoperatingsystem.Afterthecomputerisinfectedwiththisvirus,itwillcontinuetoautomaticallydialuptotheInternet,andusetheaddressinformationinthefileornetworksharingtospread,ultimatelydestroyingmostoftheuser'simportantdata.
Thegeneralmethodtopreventwormsistouseanti-virussoftwarewithreal-timemonitoringfunctions,andbecarefulnottoopenunfamiliaremailattachmentseasily.
Kuinka hyökätä
Kuinka tietokonemadot puhkesivat
Usevulnerabilitiesinoperatingsystemsandapplicationstoattack
Itisthe"CodeRed"and"Nimya",aswellasthe"coverletter"thatisstillragingtoday.DuetothevulnerabilitiesinInternetExplorer(IFRAMEEXECCOMMAND),emailsinfectedwiththe"Nimya"viruscanbeactivatedwithoutmanuallyopeningtheattachment.Evenbefore,evenmanyantivirusexpertshavealwaysbelievedthatFormailswithvirusattachments,aslongasyoudon’topentheattachments,theviruswillnotbeharmful."CodeRed"usesavulnerabilityintheMicrosoftIISserversoftware(idq.dllremotebufferoverflow)tospread,whiletheSQLWormKingvirususesavulnerabilityinMicrosoft'sdatabasesystemtocarryoutalarge-scaleattack.
Monipuoliset lähetysmenetelmät
Esimerkiksi "Nimya" virus ja "coverletter" virus, käytettävissä olevat lähetysmenetelmät sisältävät tiedostot, sähköpostit, Web-palvelimet, verkon jakaminen ja pian.
Uusi virustuotantotekniikka
Differentfromtraditionalviruses,manynewvirusesareimplementedusingthelatestprogramminglanguageandprogrammingtechnology,andareeasytomodifytoproducenewvariants.Soastoescapethesearchofanti-virussoftware.Inaddition,thenewvirususestechnologiessuchasJava,ActiveX,andVBScript,whichcanbelurkinginHTMLpagesandtriggeredwhenbrowsingtheInternet.
Yhdistettynä hakkeriteknologiaan
Taketheredcodeasanexample,aroot.exewillbegeneratedunder\scriptsinthewebdirectoryoftheinfectedmachine,whichcanexecuteanycommandremotely,therebyEnablehackerstoenteragain.
Onefeaturethatwormsdifferfromordinaryvirusesisthatwormscanoftenexploitvulnerabilities.Thevulnerabilitiesordefectsherecanbedividedintotwotypes,namelysoftwaredefectsandman-madedefects.Softwaredefects,suchasremoteoverflow,automaticexecutionvulnerabilitiesinMicrosoftIEandOutlook,etc.,requirethecooperationofsoftwarevendorsanduserstocontinuouslyupgradethesoftware.Man-madedefectsmainlyrefertothenegligenceofcomputerusers.Thisistheso-calledsocialengineering.Whenreceivingacoverletteremailwithavirus,mostpeopleclickonitwithcuriosity.Forenterpriseusers,thethreatsaremainlyfocusedonthesecurityofserversandlarge-scaleapplicationsoftware,whileforindividualusers,theyaremainlytopreventthesecondtypeofflaw.
Madot, jotka muodostavat suoran uhan yksittäisille käyttäjille
Amongthewormsanalyzedabove,onlysystemswithspecificMicrosoftcomponentsareattacked,whilethemajorityofindividualusersareattacked.Inotherwords,IIS(Microsoft'sInternetserverprogramthatallowswebservicestobeprovidedontheInternet)orahugedatabasesystemwillnotbeinstalled.Therefore,theabove-mentionedviruseswillnotdirectlyattackthecomputersofindividualusers(ofcourse,theycanindirectlyaffectthenetwork).However,thewormsanalyzednextarethemostthreateningtoindividualusers,andatthesametimethemostdifficulttoeradicate,causinggreaterlosses.
Forindividualusers,themostthreateningwormsarespreadbye-mailandmaliciouswebpages.
Forwormsthatusee-mailtospread,theyusuallyuseavarietyofdeceptivemethodstoenticeuserstoclicktospread.Amaliciouswebpageisexactlyahacker-destroyingcodeprogram,whichisembeddedinthewebpage.Whenauseropensawebpagecontainingaviruswithoutknowingit,theviruswillbreakout.Theprincipleofthisviruscodeinlaytechnologyisnotcomplicated,soitwillbeusedbymanyunscrupulousattempts.Onmanyhackerwebsites,therehavebeenforumsaboutthetechnologyofusingwebpagestodestroythetechnology,andprovidethedownloadofthedestroyingprogramcode,thuscausingmaliciousness.Theproliferationofwebpageshasalsocausedmoreandmoreuserstosufferlosses.
Formaliciouswebpages,vbscriptandjavascriptprogrammingareoftenused.Becausetheprogrammingmethodisverysimple,itisverypopularontheInternet.
Vbscriptandjavascriptareparsedandexecutedbywsh(WindowsScriptingHost)oftheMicrosoftoperatingsystem.Becauseofitsverysimpleprogramming,suchscriptvirusesarespreadingwildlyontheInternet.Iwormvirusisakindofvbsscriptvirus,andthendisguisedasanemailattachmenttoenticeuserstoclicktorun.Whatisevenmorefrighteningisthatsuchvirusesappearintheformofsourcecode.Peoplewhoknowalittleaboutscriptprogrammingcanmodifytheircodetoformvariousvariants.
Henkilökohtaiset varotoimet
Henkilökohtaiset varotoimet matoja vastaan
Throughtheaboveanalysisandintroduction,wecanknowthatvirusesarenotterrible.Networkwormsattackindividualusersmainlythroughsocialengineering,ratherthanexploitingsystemvulnerabilities!Therefore,topreventsuchviruses,youneedtopayattentiontothefollowingpoints:
Osta sopiva virustorjuntaohjelmisto
Thedevelopmentofnetworkwormshasmadethetraditionalanti-virussoftware"file-levelreal-timemonitoringsystem"Outdated,anti-virussoftwaremustdeveloptoreal-timememorymonitoringandreal-timeemailmonitoring!Inaddition,inthefaceofunpredictablewebpageviruses,usersalsohavehigherandhigherrequirementsforanti-virussoftware!
Päivitä virustietokanta usein
Theanti-virussoftwarechecksandkillsvirusesbasedonthevirussignature,andvirusesemergeinendlesslyeveryday,especiallyintheInternetage.Thespreadspeedisfastandtherearemanyvariants,sothevirusdatabasemustbeupdatedatanytimetobeabletocheckandkillthelatestvirus.
Virustorjuntatietoisuuden parantaminen
Älä napsauta tuntemattomia sivustoja helposti, se voi sisältää haitallista koodia!
WhenIEisrunning,click"Tools→InternetOptions→Security→InternetZoneSecurityLevel"tochangethesecuritylevelfrom"Medium"to"High".BecausethistypeofwebpageismainlyActiveXorApplet,JavaScriptwebpagefilescontainingmaliciouscode,allActiveXplug-insandcontrols,Javascripts,etc.areprohibitedintheIEsettings,whichcangreatlyreducethechanceofbeinginfectedbywebpagemaliciouscodes.Thespecificsolutionis:Click"Tools"→"InternetOptions"intheIEwindow,selectthe "Security"-välilehti ponnahdusikkunassa,napsauta"CustomLevel"-painiketta, ja"SecuritySettings"-valintaikkuna tulee näkyviin. Valitse"Poista"kaikkien ActiveXplug-ins-jakaikkien Java-asentojen osalta.
Älä lähetä sähköpostia satunnaisesti
especiallyemailswithattachments.Becausesomevirusemailscantakeadvantageofvulnerabilitiesinieandoutlooktoexecuteautomatically,computerusersneedtoupgradeieandoutlookprograms,aswellasothercommonlyusedapplications.
Viimeisin matovirus"naamioitunut vieras" löydettiin, mikä voi vuotaa käyttäjän yksityisyyttä
Virusainutlaatuisuus
Similaritiesanddifferencesbetweenwormvirusesandgeneralviruses
Awormisalsoavirus,soithasthecommoncharacteristicsofavirus.Thegeneralvirusisparasitic,itcanwriteitsowninstructioncodeintothebodyofotherprogramsthroughtheexecutionofitsowninstructions,andtheinfectedfileiscalledthe"host",forexample,theexecutablefileunderwindowsTheformatispeformat(PortableExecutable).Whenthepefileneedstobeinfected,anewsectioniscreatedinthehostprogram,theviruscodeiswrittentothenewsection,theprogramentrypointismodified,etc.,sothatwhenthehostprogramisexecuted,Thevirusprogramcanbeexecutedfirst,andafterthevirusprogramhasfinishedrunning,controlisgiventothehost'soriginalprograminstructions.Itcanbeseenthatvirusesmainlyinfectfiles.Ofcourse,therearealsolink-typeviruseslikeDIRIIandbootsectorviruses.Thebootsectorvirusinfectsthebootsectorofthedisk.Ifafloppydiskisinfected,afterthefloppydiskisusedonothermachines,itwillalsoinfectothermachines.Therefore,themethodoftransmissionisalsoafloppydisk.
Wormsgenerallydonotusethepeformattoinsertfiles.Instead,theycopythemselvesandspreadintheInternetenvironment.Theinfectionabilityofthevirusismainlyaimedatthefilesysteminthecomputer,andtheinfectionofwormsThetargetisallcomputersintheInternet.Sharedfolders,e-mails,maliciouswebpagesinthenetwork,andalargenumberofvulnerableservershavebecomegoodwaysforwormstospreadundertheconditionoflocalareanetworks.ThedevelopmentoftheInternetalsoallowswormstospreadacrosstheworldwithinafewhours!Andtheactiveaggressivenessandsuddenexplosivenessofwormswillmakepeoplefeelhelpless!
AnythingthatcancausecomputerfailuresanddestroycomputerdataTheprogramsarecollectivelyreferredtoascomputerviruses.Sointhissense,awormisalsoavirus!Networkwormvirus,asacomputerprogramthatisserioustotheInternet,itsdestructivepowerandcontagioncannotbeignored.Unliketraditionalviruses,wormsusecomputersascarriersandtheInternetastheirtargetofattack!Inthisarticle,wormsaredividedintotwocategoriesforcorporatenetworksandindividualusers,andthecharacteristicsofwormsandsomepreventivemeasuresarediscussedfrombothcorporateusersandindividualusers!
PreventsystemvulnerabilitiesfromwormsThebestwaytoinfringeistopatchthecorrespondingsystem.Youcanusethe"VulnerabilityScanning"toolofRisingAnti-Virus.Thistoolcanguideuserstopatchandperformcorrespondingsecuritysettingstocompletelyeliminatevirusinfection.
Disseminationviae-mailhasbeenoneofthemethodsfavoredbyvirusauthorsinrecentyears,suchas"EvilEagle"and"NetworkSky"areallmailwormsthatareveryharmful.Suchvirusesoftenmutatefrequentlyandinlargenumbers.Afterusersarepoisoned,theyoftencausedataloss,personalinformationtheft,andslowsystemoperation.
Thebestwaytopreventmailwormsistoraiseyourownsecurityawarenessanddonotopenemailswithattachmentseasily.Inaddition,enablingthe"emailsendingmonitoring"and"emailreceivingmonitoring"functionsoftheRisinganti-virussoftwarecanalsoimproveyourabilitytoprotectagainstvirusemails.
Since2004,chatsoftwaresuchasMSNandQQhasbecomeoneofthewaysforwormstospread.The"SexyRoastChicken"virusspreadthroughMSNsoftwareandswepttheworldinashortperiodoftime,causingabnormaloperationofsomenetworksinmainlandChina.
Forordinaryusers,oneofthemainmeasurestopreventchatwormsistoimprovesecurityawareness.Anyfilesentthroughchatsoftwaremustbeconfirmedbyfriendsbeforerunning;donotclickchatatwillThenetworklinksentbythesoftware.
Withthedevelopmentofnetworkandviruswritingtechnology,moreandmorewormsusemultiplemethods.Forexample,somewormsspreadthroughe-mailandatthesametimeusesystemvulnerabilitiestoinvadeusersystems.Otherviruseswillspreadthroughmultiplechannelssuchasemailandchatsoftwareatthesametime.
Kehityssuunta
Matojen tuhoutumis- ja kehitystrendi
In1988,awormviruswrittenbyMorris,agraduatestudentofCORNELLUniversityintheUnitedStates,spreadandcausedthousandsofcomputers.Whentheshutdownwasstopped,thewormvirusbegantoappearonthenetwork;andthelaterCodeRed,whentheNimdaviruswascrazy,causedbillionsofdollarsinlosses;onJanuary26,2003,Beijingtime,akindof"2003WormKing"Computervirusesspreadrapidlyandattackedtheworld,causingseriousblockagesintheInternet.Theparalysisofthedomainnameserver(DNS)asthemainfoundationoftheInternethascausednetizenstobrowseInternetpagesandsendandreceiveemails.ThespeedofInternetusershasgreatlysloweddown.Atthesametime,theoperationofbankATMsInterruption,theoperationoftheonlinebookingsystemsuchasairticketsisinterrupted,andthecollectionandpaymentsystemssuchascreditcardsaremalfunctioning!Expertsestimatethatthedirecteconomiclosscausedbythisvirusisatleast1.2billionUSdollars!
Virusnimi
Kesto
aiheutti tappioita
Morethan6000computerswereshutdownin1988,andthedirecteconomiclossofMorrisWormreached96millionUSdollars!
BeautyKiller1999Governmentdepartmentsandsomelargecompaniesurgentlyshutdowntheirwebservers,causingeconomiclossesofmorethan1.2billionU.S.dollars!
Monet käyttäjien tietokoneet ovat saaneet tartunnan vuoden 2000 toukokuusta lähtien, ja tappiot ovat yli 10 miljardia Yhdysvaltain dollaria.
CodeRed'snetworkwasparalyzedinJuly2001,andthedirecteconomiclossexceededUS$2.6billion.
AlargenumberofvirusemailsblockedtheserverinthecoverlettersinceDecember2001,andthelossreachedtensofbillionsofUSdollars
SqlwormkinginJanuary2003,thenetworkwaslargelyparalyzed,bankATMoperationswereinterrupted,andthedirecteconomiclossexceeded2.6billionUSdollars.Andcausedhugeeconomiclosses!