Network viruses refer to the definition of computer viruses computer viruses (Computer Virus) in the "People's Republic of China *** and the State Regulations on the Security and Protection of Computer Information Systems" is clearly defined, the virus? refers to the preparation or inserted in the computer program to destroy computer functions or damage data, affecting the use of the computer and able to self-replication of a group of computer instructions or program code? The following is a detailed introduction to the knowledge of network viruses.
How cyber viruses are created:With the medical? virus? Unlike computer viruses, computer viruses are not naturally occurring, and are a set of instruction sets or program code prepared by certain people who take advantage of the vulnerabilities inherent in computer software and hardware.
Causes of computer viruses
Computer viruses: Viruses do not come from sudden or accidental sources. A sudden power outage and accidental errors in the computer's disk and memory will produce some disordered and chaotic code, the virus is a more perfect delicate and rigorous code, according to the strict order of the organization, and where the system network environment to adapt and cooperate with, the virus will not be formed by chance, and the need to have a certain length, the basic length of this probabilistically speaking, it is impossible to generate by random code. This basic length is probabilistically impossible to generate through random code.
Purpose of the invention
Virus is a man-made special program now popular virus is deliberately written by man, most of the virus can be found in the author of the information and origin information, through a large number of data analysis and statistics, the virus author of the main situation and purpose: some talented programmers in order to show their own and to prove their own ability, in the dissatisfaction of their superiors, in order to curiosity, in order to revenge, in order to congratulate and courtship, in order to show their own ability, in order to get revenge, to congratulate and courtship, in order to get revenge. In order to congratulate and courtship, to get the control password, to get the software not to get paid for the traps reserved, and so on. Of course, there are also political, military, religious, ethnic. Patents and other aspects of the demand for specialized writing, which also includes some virus research institutions and hackers test virus.
Virus classification:
Roughly classified
Classification of computer viruses: According to years of research on computer viruses, according to the scientific, systematic, rigorous method, computer viruses can be categorized as follows: viruses can be classified as network viruses, file viruses, and boot type viruses. Network viruses spread through the computer network to infect executable files in the network, file viruses infect files in the computer (such as: COM, EXE, DOC, etc.), boot viruses infect the boot sector (Boot) and hard disk system boot sector (MBR), and a mixture of these three cases, for example: multi-type viruses (file and boot) to infect the file and the boot sector of the two targets. Such viruses usually have complex algorithms, and they use unconventional methods to invade the system, using both encryption and morphing algorithms.
A resident virus infects a computer and places a memory-resident portion of itself in memory (RAM), which hooks up to system calls and merges
into the operating system, where it remains active until it is shut down or rebooted. Non-resident viruses do not infect the computer memory when they get a chance to activate. Some viruses leave a small part of the memory but do not infect through this part, which is also classified as a non-resident virus.
These viruses have no effect on the system other than reducing the amount of free space on the disk when they become infected. The non-dangerous type of virus simply reduces memory, displays images, makes sounds, and similar audio. Dangerous viruses cause serious errors in the operation of a computer system. Very Dangerous These viruses delete programs, destroy data, and erase important information from system memory areas and the operating system. These viruses cause harm to the system not because of dangerous calls in their algorithms, but because they cause unpredictable and catastrophic damage when they are transmitted. Errors caused by viruses in other programs can also damage files and sectors, and these viruses are also classified according to their ability to cause damage. Some harmless viruses may also cause damage to newer versions of DOS, Windows, and other operating systems. For example, one of the early viruses, Denzuk, worked well on 360K disks without causing any damage, but caused massive data loss on later high-density floppies.
Viruses in this category do not change the file itself, they generate companions to the EXE file according to an algorithm, with the same name and a different extension (COM), e.g., the companion to XCOPY.EXE. The virus writes itself to the COM file and does not change the EXE file, when DOS loads the file, the companion is executed in priority to, and then the companion is loaded to execute the original EXE file.? Worm? type viruses spread through computer networks, do not change the files and data information, use the network to spread from the memory of one machine to the memory of other machines, calculate network addresses, and send their own viruses through the network. Sometimes they are present in the system and generally take up no resources other than memory. Parasitic viruses besides accompany and? Worms? type, all other viruses can be called parasitic viruses, they attach to the system's boot sector or file, through the function of the system to spread, according to its algorithm can be divided into: practice-type viruses viruses themselves contain errors, can not be well spread, for example, some viruses in the debugging stage. Secretive virus they generally do not directly modify the DOS interrupt and sector data, but through the device technology and file buffers and other internal modifications of DOS, it is not easy to see the resources, the use of more advanced technology. Utilizing the DOS idle data area to work. Variant viruses (also known as ghost viruses) This class of viruses uses a complex algorithm to make themselves different in content and length for each copy they propagate. They generally consist of a decoding algorithm mixed with unrelated instructions and a variant of the virus body.
Detailed classification
1. According to the system attacked by computer viruses
(1) Viruses attacking DOS systems. This type of virus appears the earliest, the most, the most variations, the current computer viruses in China are basically this type of virus, this type of virus accounted for 99% of the total number of viruses.
(2) Attack the Windows system virus. Due to the Windows graphical user interface (GUI) and multitasking operating system is very popular among users, Windows is gradually replacing DOS, thus becoming the main target of virus attacks. The first CIH virus to destroy computer hardware was a Windows 95/98 virus.
(3) Attack the UNIX system virus. Currently, the UNIX system is widely used, and many large operating systems use UNIX as their main operating system, so the emergence of UNIX viruses is a serious threat to human information processing.
(4) Viruses attacking OS/2 systems. The world has found the first virus attacking the OS/2 system, which is simple but ominous.
2. Classification of viruses according to the type of attack
(1) Viruses that attack microcomputers. This is one of the most widespread viruses in the world.
(2) Computer viruses that attack minicomputers. The scope of application of the minicomputer is extremely wide, it can be used as a network of a node machine, but also as a small computer network host. At first, people think that computer viruses can only occur in microcomputers and small machines will not be subject to virus interference, but since November 1988, the Internet network was attacked by the worm program, so that people realize that small machines can not be protected from computer virus attacks.
(3) Computer viruses that attack workstations. In recent years, computer workstations have made great progress, and the scope of application has also had a greater development, so it is not difficult to imagine that the emergence of viruses attacking computer workstations is also a major threat to the information system.
3. Classification of computer viruses according to the way they are chained
Because computer viruses themselves must have an object of attack in order to realize the attack on the computer system, the object of attack of computer viruses is the executable part of the computer system.
(1) Source code type virus This virus attacks programs written in a high-level language. The virus is inserted into the original program before the program written in the high-level language is compiled, and then compiled to become part of the legitimate program.
(2) Embedded virus This virus is embedded in the existing program, the main program of the computer virus and its attack on the object to insert the link. This computer virus is difficult to write) once invaded the program body is also difficult to eliminate. If you use polymorphic virus technology, super virus technology and covert virus technology at the same time, will give the current anti-virus technology to bring a serious challenge.
(3) shell-type virus Shell-type virus will surround itself in the main program around the original program is not modified. This virus is the most common, easy to write, but also easy to find, the size of the general test file that can be known.
(4) operating system-type viruses This virus with its own program intends to join or replace part of the operating system to work, with a strong destructive force, can lead to the paralysis of the entire system. Dot virus and marijuana virus is a typical operating system type virus. This kind of virus in the operation, with their own logical part of the operating system to replace the legitimate program modules, according to the characteristics of the virus itself and the legitimate program modules in the operating system to be replaced in the operating system to run the status and role of the virus to replace the operating system to replace the replacement of the way to carry out the destruction of the operating system.
4. Classification of computer viruses according to their destructive situation According to the destructive situation of computer viruses can be divided into two categories:
(1) Benign computer viruses Benign viruses are those that do not contain code that immediately produces immediate and direct damage to the computer system. This type of virus just keeps on spreading in order to show its existence, infecting from one computer to another and not destroying the data inside the computer. Some people do not take this type of computer virus infection seriously, thinking that it is just a prank and it does not matter much. In fact, benign and malignant are relative terms. When a benign virus gains control of the system, it can cause the entire system to run less efficiently, reduce the total amount of memory available to the system, and prevent certain applications from running. It also competes with the operating system and application programs for control of the CPU, sometimes leading to a deadlock of the entire system, bringing trouble to normal operations. Sometimes there are several viruses cross-infected in the system, and a file is infected by several viruses over and over again. For example, the original file of only 10KB has become about 90KB, which has been repeatedly infected by several viruses dozens of times. This not only consumes a lot of valuable disk storage space, and the entire computer system is also due to a variety of viruses parasitic in which it can not work properly. So you can't trivialize the damage caused by the so-called benign viruses on your computer system.
(2) Malignant computer viruses Malignant viruses are viruses that contain operations in their code that damage and destroy the computer system, and have a direct destructive effect on the system when they infect or attack. These types of viruses are many, such as the Michelangelo virus. When a Michelangelo virus strikes, the first 17 sectors of the hard disk will be completely destroyed, making the data on the entire hard disk unrecoverable and causing irreparable damage. Some viruses also do formatting and other damage to the hard disk. These operating codes are deliberately written into the virus, which is one of its nature. This is why these types of malicious viruses are dangerous and should be guarded against. Fortunately, antivirus systems can recognize the presence of a computer virus by monitoring the system for such unusual behavior, or at least send out an alert to alert the user.
Trojan:
Description
Trojan/PSW. GamePass? is a Trojan program that steals online game accounts, secretly monitors all application window titles of users in the background of the infected computer system, and then uses keyboard hooks, memory interception or packet interception techniques to steal online game players' game accounts, game passwords, region services, character levels, money amounts, warehouse passwords, and other information and data, and sends all of the stolen player information to the hacker's specified location in the background. In the background, all the stolen player information was sent to the remote server site designated by the hacker. This will result in the loss of online game players' game accounts, equipment, items, money, etc., which will bring different degrees of losses to the game players. Online Game Bandit? The Trojan can boot up by adding a startup entry to the registry of the infected computer system.
Reproducibility
Computer viruses can reproduce like biological viruses, and when a normal program is running, it also runs its own replication. Whether or not it has the characteristics of reproduction and infection is the first condition for judging whether or not a program is a computer virus.
Destructive
After the computer is poisoned, it may cause the normal program can not run, the computer files deleted or damaged to varying degrees. This usually manifests itself in the form of additions, deletions, changes, and removals.
Infectious
Computer viruses are not only destructive, more harmful is contagious, once the virus is replicated or mutated, its speed is difficult to
to prevent. Infectiousness is the basic characteristic of viruses. In the biological world, viruses spread from one organism to another through contagion. Under the right conditions, it can multiply in large numbers and cause the infected organism to exhibit disease or even die. Similarly, computer viruses can spread from infected computers to uninfected computers through various channels, causing the infected computers to malfunction or even be paralyzed in some cases. Unlike biological viruses, a computer virus is a piece of man-made computer program code. Once this program code enters the computer and can be executed, it will search for other programs or storage media that meet the conditions for infection, and then insert its own code into them after identifying the target, so as to achieve the purpose of self-propagation. As long as a computer is infected, if not dealt with in a timely manner, the virus will spread rapidly on that computer. Computer viruses can infect other computers through various possible channels, such as floppy disks, hard disks, removable hard disks, and computer networks. When you find a virus on a machine, often the floppy disks that have been used on that computer have been infected with the virus, and other computers that are networked with that machine may also be infected with the virus. Whether infectious is the most important condition to determine whether a program is a computer virus.
Latency
Some viruses are like time bombs, so that it is pre-designed for what time to attack. For example, the Black Friday virus, less than the scheduled time is not perceived at all, wait until the conditions are in place when all of a sudden exploded, the system to destroy. A well-prepared computer virus program, into the system generally does not immediately after the attack, so the virus can quietly hide in the disk or tape to stay for a few days, or even a few years, once the time is ripe, to get the opportunity to run, and then to reproduce around the proliferation, continue to harm. The second manifestation of latency refers to the fact that computer viruses often have a triggering mechanism within them, and when the triggering conditions are not met, the computer viruses do not do any damage except for infections. Once the trigger conditions have been met, some display information on the screen, graphics or special signs, and some perform operations to destroy the system, such as formatting disks, deleting disk files, encrypting data files, blocking the keyboard, and making the system deadlock.
Concealment
Computer viruses are highly concealable, some can be checked by virus software, some not at all, some are hidden and unpredictable, and these viruses are usually very difficult to deal with.
Triggerability
The characteristic of a virus that is induced to infect or attack by an event or value is called triggerability. In order to conceal itself, a virus must lurk and make fewer movements. If it does not move at all and remains latent, the virus can neither infect nor destroy, and loses its lethality. In order for a virus to be stealthy and maintain its lethality, it must be triggerable. The trigger mechanism of the virus is used to control the frequency of infection and destruction. Virus has a predetermined trigger conditions, these conditions may be time, date, file type or some specific data. When the virus is running, the trigger mechanism to check whether the predefined conditions are met, if they are met, the start of the infection or destruction of the action, so that the virus infection or attack; if not met, so that the virus continues to lurk.