Verme di rete

Definition

Wormsareacommoncomputervirus.ItusestheInternettoreplicateandspread,andthewayofinfectionisthroughtheInternetande-mail.TheoriginaldefinitionofawormisbecauseintheDOSenvironment,aworm-likethingwillappearonthescreenwhenthevirusbreaksout,anditwilleatthelettersonthescreenandreshapeit.

Awormisaself-containedprogram(orasetofprograms)thatcanspreadcopiesofitsownfunctionsorsomepartsofit(worm)toothercomputersystems(usuallythroughInternetconnection).Pleasenotethatunlikegeneralviruses,awormdoesnotneedtoattachitselftothehostprogram,itisanindependentintelligentprogram.Therearetwotypesofworms:hostwormsandnetworkworms.Thehostcomputerwormsarecompletelycontained(invaded)inthecomputerstheyarerunningon,andusenetworkconnectionstoonlycopythemselvestoothercomputers.Afterthehostcomputerwormsadditsowncopytoanotherhost,itwillterminateit.Byitself(soatanygivenmoment,onlyonecopyofthewormruns),thiswormissometimescalled"hare",andwormsareusuallyspreadthroughthe1434portvulnerability.

Forexample,the"Nimya"virus,whichisveryharmfulinrecentyears,isakindofworm.Inthespringof2007,"PandaBurningIncense"anditsvariantsarealsoworms.ThisvirustakesadvantageoftheloopholesintheMicrosoftWindowsoperatingsystem.Afterthecomputerisinfectedwiththisvirus,itwillcontinuetoautomaticallydialuptotheInternet,andusetheaddressinformationinthefileornetworksharingtospread,ultimatelydestroyingmostoftheuser'simportantdata.

Thegeneralmethodtopreventwormsistouseanti-virussoftwarewithreal-timemonitoringfunctions,andbecarefulnottoopenunfamiliaremailattachmentseasily.

Howtoattack

Howcomputerwormsbrokeout

Usevulnerabilitiesinoperatingsystemsandapplicationstoattack

Itisthe"CodeRed"and"Nimya",aswellasthe"coverletter"thatisstillragingtoday.DuetothevulnerabilitiesinInternetExplorer(IFRAMEEXECCOMMAND),emailsinfectedwiththe"Nimya"viruscanbeactivatedwithoutmanuallyopeningtheattachment.Evenbefore,evenmanyantivirusexpertshavealwaysbelievedthatFormailswithvirusattachments,aslongasyoudon’topentheattachments,theviruswillnotbeharmful."CodeRed"usesavulnerabilityintheMicrosoftIISserversoftware(idq.dllremotebufferoverflow)tospread,whiletheSQLWormKingvirususesavulnerabilityinMicrosoft'sdatabasesystemtocarryoutalarge-scaleattack.

Diversetransmissionmethods

Exempli gratia, "Nimya" virus et "orbis" virus, expedit transmissionis methodos includere files, e-nuntiis, Webservatoribus, retiaculis communicandis, et mox.

Newvirusproductiontechnology

Differentfromtraditionalviruses,manynewvirusesareimplementedusingthelatestprogramminglanguageandprogrammingtechnology,andareeasytomodifytoproducenewvariants.Soastoescapethesearchofanti-virussoftware.Inaddition,thenewvirususestechnologiessuchasJava,ActiveX,andVBScript,whichcanbelurkinginHTMLpagesandtriggeredwhenbrowsingtheInternet.

Combinedwithhackertechnology

Taketheredcodeasanexample,aroot.exewillbegeneratedunder\scriptsinthewebdirectoryoftheinfectedmachine,whichcanexecuteanycommandremotely,therebyEnablehackerstoenteragain.

Onefeaturethatwormsdifferfromordinaryvirusesisthatwormscanoftenexploitvulnerabilities.Thevulnerabilitiesordefectsherecanbedividedintotwotypes,namelysoftwaredefectsandman-madedefects.Softwaredefects,suchasremoteoverflow,automaticexecutionvulnerabilitiesinMicrosoftIEandOutlook,etc.,requirethecooperationofsoftwarevendorsanduserstocontinuouslyupgradethesoftware.Man-madedefectsmainlyrefertothenegligenceofcomputerusers.Thisistheso-calledsocialengineering.Whenreceivingacoverletteremailwithavirus,mostpeopleclickonitwithcuriosity.Forenterpriseusers,thethreatsaremainlyfocusedonthesecurityofserversandlarge-scaleapplicationsoftware,whileforindividualusers,theyaremainlytopreventthesecondtypeofflaw.

Wormsthatposeadirectthreattoindividualusers

Amongthewormsanalyzedabove,onlysystemswithspecificMicrosoftcomponentsareattacked,whilethemajorityofindividualusersareattacked.Inotherwords,IIS(Microsoft'sInternetserverprogramthatallowswebservicestobeprovidedontheInternet)orahugedatabasesystemwillnotbeinstalled.Therefore,theabove-mentionedviruseswillnotdirectlyattackthecomputersofindividualusers(ofcourse,theycanindirectlyaffectthenetwork).However,thewormsanalyzednextarethemostthreateningtoindividualusers,andatthesametimethemostdifficulttoeradicate,causinggreaterlosses.

Forindividualusers,themostthreateningwormsarespreadbye-mailandmaliciouswebpages.

Forwormsthatusee-mailtospread,theyusuallyuseavarietyofdeceptivemethodstoenticeuserstoclicktospread.Amaliciouswebpageisexactlyahacker-destroyingcodeprogram,whichisembeddedinthewebpage.Whenauseropensawebpagecontainingaviruswithoutknowingit,theviruswillbreakout.Theprincipleofthisviruscodeinlaytechnologyisnotcomplicated,soitwillbeusedbymanyunscrupulousattempts.Onmanyhackerwebsites,therehavebeenforumsaboutthetechnologyofusingwebpagestodestroythetechnology,andprovidethedownloadofthedestroyingprogramcode,thuscausingmaliciousness.Theproliferationofwebpageshasalsocausedmoreandmoreuserstosufferlosses.

Formaliciouswebpages,vbscriptandjavascriptprogrammingareoftenused.Becausetheprogrammingmethodisverysimple,itisverypopularontheInternet.

Vbscriptandjavascriptareparsedandexecutedbywsh(WindowsScriptingHost)oftheMicrosoftoperatingsystem.Becauseofitsverysimpleprogramming,suchscriptvirusesarespreadingwildlyontheInternet.Iwormvirusisakindofvbsscriptvirus,andthendisguisedasanemailattachmenttoenticeuserstoclicktorun.Whatisevenmorefrighteningisthatsuchvirusesappearintheformofsourcecode.Peoplewhoknowalittleaboutscriptprogrammingcanmodifytheircodetoformvariousvariants.

Personalprecautions

Cautiones personales in duas "

Throughtheaboveanalysisandintroduction,wecanknowthatvirusesarenotterrible.Networkwormsattackindividualusersmainlythroughsocialengineering,ratherthanexploitingsystemvulnerabilities!Therefore,topreventsuchviruses,youneedtopayattentiontothefollowingpoints:

Purchaseappropriateanti-virussoftware

Thedevelopmentofnetworkwormshasmadethetraditionalanti-virussoftware"file-levelreal-timemonitoringsystem"Outdated,anti-virussoftwaremustdeveloptoreal-timememorymonitoringandreal-timeemailmonitoring!Inaddition,inthefaceofunpredictablewebpageviruses,usersalsohavehigherandhigherrequirementsforanti-virussoftware!

Frequenterupdatethevirusdatabase

Theanti-virussoftwarechecksandkillsvirusesbasedonthevirussignature,andvirusesemergeinendlesslyeveryday,especiallyintheInternetage.Thespreadspeedisfastandtherearemanyvariants,sothevirusdatabasemustbeupdatedatanytimetobeabletocheckandkillthelatestvirus.

Improveanti-virusawareness

Don'tclickonunfamiliarsiteseasily, licet contineremaliciouscode!

WhenIEisrunning,click"Tools→InternetOptions→Security→InternetZoneSecurityLevel"tochangethesecuritylevelfrom"Medium"to"High".BecausethistypeofwebpageismainlyActiveXorApplet,JavaScriptwebpagefilescontainingmaliciouscode,allActiveXplug-insandcontrols,Javascripts,etc.areprohibitedintheIEsettings,whichcangreatlyreducethechanceofbeinginfectedbywebpagemaliciouscodes.Thespecificsolutionis:Click"Tools"→"InternetOptions"intheIEwindow,selectthe "Securitas" tabinthepop-updialogbox, and thenclickthe "CustomLevel" button, and the "SecuritySettings" dialogbox willpopup.Select" inactivare" forallActiveXplug-insand controlsandallJava-relatedoptions. Sed faceresomaymake somewebsites thatnormally useseduringsingsinableto.

Don'tcheckunfamiliaremailsrandomly

especiallyemailswithattachments.Becausesomevirusemailscantakeadvantageofvulnerabilitiesinieandoutlooktoexecuteautomatically,computerusersneedtoupgradeieandoutlookprograms,aswellasothercommonlyusedapplications.

Thelatestwormvirus detectus est, quod canleakuserprivacy

Virusuniqueness

Similaritiesanddifferencesbetweenwormvirusesandgeneralviruses

Awormisalsoavirus,soithasthecommoncharacteristicsofavirus.Thegeneralvirusisparasitic,itcanwriteitsowninstructioncodeintothebodyofotherprogramsthroughtheexecutionofitsowninstructions,andtheinfectedfileiscalledthe"host",forexample,theexecutablefileunderwindowsTheformatispeformat(PortableExecutable).Whenthepefileneedstobeinfected,anewsectioniscreatedinthehostprogram,theviruscodeiswrittentothenewsection,theprogramentrypointismodified,etc.,sothatwhenthehostprogramisexecuted,Thevirusprogramcanbeexecutedfirst,andafterthevirusprogramhasfinishedrunning,controlisgiventothehost'soriginalprograminstructions.Itcanbeseenthatvirusesmainlyinfectfiles.Ofcourse,therearealsolink-typeviruseslikeDIRIIandbootsectorviruses.Thebootsectorvirusinfectsthebootsectorofthedisk.Ifafloppydiskisinfected,afterthefloppydiskisusedonothermachines,itwillalsoinfectothermachines.Therefore,themethodoftransmissionisalsoafloppydisk.

Wormsgenerallydonotusethepeformattoinsertfiles.Instead,theycopythemselvesandspreadintheInternetenvironment.Theinfectionabilityofthevirusismainlyaimedatthefilesysteminthecomputer,andtheinfectionofwormsThetargetisallcomputersintheInternet.Sharedfolders,e-mails,maliciouswebpagesinthenetwork,andalargenumberofvulnerableservershavebecomegoodwaysforwormstospreadundertheconditionoflocalareanetworks.ThedevelopmentoftheInternetalsoallowswormstospreadacrosstheworldwithinafewhours!Andtheactiveaggressivenessandsuddenexplosivenessofwormswillmakepeoplefeelhelpless!

AnythingthatcancausecomputerfailuresanddestroycomputerdataTheprogramsarecollectivelyreferredtoascomputerviruses.Sointhissense,awormisalsoavirus!Networkwormvirus,asacomputerprogramthatisserioustotheInternet,itsdestructivepowerandcontagioncannotbeignored.Unliketraditionalviruses,wormsusecomputersascarriersandtheInternetastheirtargetofattack!Inthisarticle,wormsaredividedintotwocategoriesforcorporatenetworksandindividualusers,andthecharacteristicsofwormsandsomepreventivemeasuresarediscussedfrombothcorporateusersandindividualusers!

PreventsystemvulnerabilitiesfromwormsThebestwaytoinfringeistopatchthecorrespondingsystem.Youcanusethe"VulnerabilityScanning"toolofRisingAnti-Virus.Thistoolcanguideuserstopatchandperformcorrespondingsecuritysettingstocompletelyeliminatevirusinfection.

Disseminationviae-mailhasbeenoneofthemethodsfavoredbyvirusauthorsinrecentyears,suchas"EvilEagle"and"NetworkSky"areallmailwormsthatareveryharmful.Suchvirusesoftenmutatefrequentlyandinlargenumbers.Afterusersarepoisoned,theyoftencausedataloss,personalinformationtheft,andslowsystemoperation.

Thebestwaytopreventmailwormsistoraiseyourownsecurityawarenessanddonotopenemailswithattachmentseasily.Inaddition,enablingthe"emailsendingmonitoring"and"emailreceivingmonitoring"functionsoftheRisinganti-virussoftwarecanalsoimproveyourabilitytoprotectagainstvirusemails.

Since2004,chatsoftwaresuchasMSNandQQhasbecomeoneofthewaysforwormstospread.The"SexyRoastChicken"virusspreadthroughMSNsoftwareandswepttheworldinashortperiodoftime,causingabnormaloperationofsomenetworksinmainlandChina.

Forordinaryusers,oneofthemainmeasurestopreventchatwormsistoimprovesecurityawareness.Anyfilesentthroughchatsoftwaremustbeconfirmedbyfriendsbeforerunning;donotclickchatatwillThenetworklinksentbythesoftware.

Withthedevelopmentofnetworkandviruswritingtechnology,moreandmorewormsusemultiplemethods.Forexample,somewormsspreadthroughe-mailandatthesametimeusesystemvulnerabilitiestoinvadeusersystems.Otherviruseswillspreadthroughmultiplechannelssuchasemailandchatsoftwareatthesametime.

Developmenttrend

Thedestructionanddevelopmenttrendofworms

In1988,awormviruswrittenbyMorris,agraduatestudentofCORNELLUniversityintheUnitedStates,spreadandcausedthousandsofcomputers.Whentheshutdownwasstopped,thewormvirusbegantoappearonthenetwork;andthelaterCodeRed,whentheNimdaviruswascrazy,causedbillionsofdollarsinlosses;onJanuary26,2003,Beijingtime,akindof"2003WormKing"Computervirusesspreadrapidlyandattackedtheworld,causingseriousblockagesintheInternet.Theparalysisofthedomainnameserver(DNS)asthemainfoundationoftheInternethascausednetizenstobrowseInternetpagesandsendandreceiveemails.ThespeedofInternetusershasgreatlysloweddown.Atthesametime,theoperationofbankATMsInterruption,theoperationoftheonlinebookingsystemsuchasairticketsisinterrupted,andthecollectionandpaymentsystemssuchascreditcardsaremalfunctioning!Expertsestimatethatthedirecteconomiclosscausedbythisvirusisatleast1.2billionUSdollars!

Virusname

Duratio

Causedlosses

Morethan6000computerswereshutdownin1988,andthedirecteconomiclossofMorrisWormreached96millionUSdollars!

BeautyKiller1999Governmentdepartmentsandsomelargecompaniesurgentlyshutdowntheirwebservers,causingeconomiclossesofmorethan1.2billionU.S.dollars!

Alotofusores computatores infecti sunt, ex quo May 2000, cum damno excedentes 10billionU.S. pupa.

CodeRed'snetworkwasparalyzedinJuly2001,andthedirecteconomiclossexceededUS$2.6billion.

AlargenumberofvirusemailsblockedtheserverinthecoverlettersinceDecember2001,andthelossreachedtensofbillionsofUSdollars

SqlwormkinginJanuary2003,thenetworkwaslargelyparalyzed,bankATMoperationswereinterrupted,andthedirecteconomiclossexceeded2.6billionUSdollars.Andcausedhugeeconomiclosses!

Related Articles
TOP