Top Ten Viruses on the Internet?

(1)I-Worm/Blaster shockwave I-Worm/Blaster shockwave virus (also known as "storm" virus) is a network worm. The virus sample size intercepted in Jiang Min is 6 176 bytes, and the infected operating systems are Windows2000 and WindowsXP. This virus will download and run the Msblast.exe virus file, which will eventually cause the machine to stop responding and restart frequently. Every time the system restarts, the worm will run automatically. Then, the virus attacks the machine of a specific network segment through the DCOMRPC vulnerability. Issue attack codes to all 135 ports of machines with random IP segments. After success, create a cmd.exe on TCP port 4444. Shockwave virus can also accept external instructions, accept instructions on UDP port 69, and send files to Msblast.exe network worms. DoS (Denial of Service) attacks will be carried out on Microsoft's windowsupdate.com patch upgrade website within a certain period of time. (2)I-Worm/Sobig。 (x) Up to now, there are more than five variants of the big network worm series I-Worm/Sobig ("big" virus). Worms in I-Worm/Sobig series can automatically search email addresses and all files in wab, dbx, htm and html, eml and txt formats that may contain email addresses. The senders of email addresses all write fake addresses. Don't really think that those people sent you an internet worm. Some e-mail addresses were even set as Yahoo's technical support mailbox in support@yahoo.com. In addition, the virus can also search the directory of the machine on the writable network neighborhood and copy itself into the directory. (3)I-Worm/Supkp。 (X) Super Password 007 series I-Worm/Supkp ("Super Password Black 007" virus) is a virus that integrates worm programs, backdoor programs and hacker programs. Jiang Min Company has intercepted many variants of this virus. The virus uses ipc to perform simple password detection on guest and administrator accounts. If successful, it will try to copy itself to the remote system and try to register as a service. It will modify the relevant part of the system registry and let the system activate the network worm by operating on plaintext. Viruses can release backdoor programs, steal user passwords and send them to mailboxes. (4)I-Worm/Mimail。 (x) E-mail network worm series I-Worm/Mimail (e-mail virus) is spread and infected through Microsoft's e-mail client program. The subject of the email is a string that may change. The attachment is a virus body and a compressed file. The virus size is: 16KB. It can infect popular Windows platforms, including Windows 9X, Windows NT, Windows 2000, Windows XP and WindowsME. Besides the general characteristics of some network worms, the virus has its own characteristics. Worms spread in the form of ZIP compressed packages. In the past, it was generally believed that ZIP compression would not have viruses, so it was driven by curiosity to compress the package. So far, the virus has frequently appeared multiple variants, all of which were intercepted by Jiang Min Company. (5)I-Worm/Swen four-dimensional network worm I-Worm/Swen ("four-dimensional" virus) is written in C++. The virus length is 106496 bytes. The virus can affect all popular Windows platforms (including Win95/98/Me/NT/2000/XP and WindowsServer2003). It is spread in many ways, including e-mail, KaZaA, IRC, Internet sharing and newsgroups. When it is transmitted by mail, its subject, content and address of sending mail are randomly changed. Once the virus infects the system and runs, a dialog box will appear disguised as "MicrosoftInternetUpdate Pack". (Microsoft's upgrade package), and try to end most security software processes to avoid antivirus software killing. (6)I-Worm/Chian Shock Wave Blackboy Network Worm I-Worm/Chian ("Shock Wave Blackboy") virus frantically scans a specific IP segment by sending a large number of data packets to the network. If the shock wave virus is found, it will be deleted, and the Microsoft website will download the RPC vulnerability patch immediately. The virus was adapted from a hacker program by the virus producer. Although the original intention of the virus maker is to fight against the "shock wave" virus, it leads to unstable operation, restart and collapse of the system. , leading to a sharp increase in network traffic, which eventually led to multiple network paralysis. The length of the virus is 10240 bytes, the intercepted file name is dllhost.exe, and the infected systems are WindowsXP and Windows2000. The transmission route is as follows: (7) I-Worm/Fizzer hisses the network worm I-Worm/Fizzer, which can modify the association of the TXT file of the system. In the infected machine, as long as the user opens the plain text file, the network worm can be activated. When the virus breaks out, it can not only spread through email and IRC chat tools, but also record keyboard strokes, automatically upgrade its own code, and stop the operation and killing of many antivirus software. The most cunning thing is that the virus will encrypt and store a large amount of configuration data, and it is difficult for ordinary users to obtain its resource information. It hides itself in a very special way. When it wants to hide itself, it will automatically find a normal file in the WINDOWS directory, and then inject its own code into the file. However, file attributes, copyright information, file right-click information files, etc. Everything looks normal, but in fact, the file has been replaced by the worm with the real code. (8) worms. SQL。 HelperMsql Heizi "sql Heizi" virus is a rare worm virus, with extremely small virus body and strong transmission. The worm spreads by using the buffer overflow vulnerability of Microsoft SQLServer2000, and enters an infinite loop during the spreading process. In this cycle, the worm generates a random ip address by using the obtained random number, and then sends its own code to 1434/UDP port (the open port of MicrosoftSQLServer). The worm spreads very fast. It sends its own code by broadcasting packets, attacking all 255 possible machines in the subnet every time. The vulnerable machine types are NT series servers with MicrosoftSQLServer2000 installed, including WinNT/Win2000/WinXP, etc. Worms do not infect or spread virus bodies in the form of files, but spread in memory. (9) Win32/funlove.4099Win32/funlove.4099 virus is a Win32 virus that resides in memory and infects local and network PE-EXE files. The virus itself is an executable file with only'. "Code" part PE format. When the infected file runs, the virus will create a FLCSS.EXE file in the Windows\system directory and run the generated file. The infection module will scan all local drives from C: to Z:, then search network resources, scan subtrees in the network, and infect PE files with extension. OCX。 SCR, or. EXE. virus can infect files repeatedly and spread very fast in local area network. (10) polyboot (WYXb) polyboot (also known as wyx. B) is a typical memory resident and encrypted boot virus, which will infect the main boot sector and DOS boot area of the first hard disk. This kind of infection is different from the general boot virus. It can also infect the boot area of the floppy disk. This virus will store the initial boot area in different locations, depending on whether it is the boot area of DBR, MBR or floppy disk. It will not infect and destroy any files, but once it breaks out, it will destroy the main boot area of the hard disk, making all hard disk partitions and user data lost. The infected object can be any platform, including Windows, Unix, Linux, Macintosh, etc.