Extremely destructive, you can rewrite the BIOS to make it useless (as long as the microprocessor of the computer is Pentium Intel 430TX). The user's computer cannot be started. The only solution is to replace the original chip of the system. The computer virus broke out on April 26th, and it will also destroy all the information in the computer hard disk. This computer virus will not affect MS/DOS, Windows 3.x and Windows NT operating systems.
CIH virus can spread by all possible means: floppy disk, CD-ROM, Internet, FTP download, e-mail, etc. It is considered as one of the most dangerous and destructive computer viruses in history.
1998 broke out in Taiwan Province province, China in June, resulting in a global loss of $20-80 million. 2.Melissa (1999) is a virus specifically targeting Microsoft email server and email sending and receiving software. It is hidden in a file in Word97 format and spread as an attachment by e-mail. Good at attacking computers with Word97 or Word2000.
You can attack the registrar of Word97, modify its macro virus prevention security settings, and make the macro virus early warning function of infected files invalid. Within a few hours after the Melissa virus was discovered, it infected millions of computers and tens of thousands of servers around the world through the Internet, and the Internet was paralyzed in many places.
1999 broke out on March 26th, infecting 15%-20% of commercial PCs, which caused a loss of $300-600 million worldwide. 3. I Love You (2000) broke out in Hongkong, China on May 3rd, 2000. It is a virus written in VBScript and can be spread by email. The infected computer platform is mainly Win95/98/2000.
It has brought losses of $654.38+0 billion-$654.38+0.5 billion to the world. 4. Code Red (200 1): The virus spreads very fast, which will slow down or even block access in a wide range.
This virus usually attacks the server of the computer network first, and the attacked server will send a large amount of data to the * * * website according to the instructions of the virus, which eventually leads to the paralysis of the website. The damage it causes is mainly tampering with web pages, and there are signs that this worm has the ability to modify files.
2001July 13 broke out, bringing a loss of $2.6 billion to the world. 5.SQL Slammer (2003) This virus uses the buffer overflow vulnerability of the parsing port 1434 of SQL SERVER 2000 to attack its services.
On June 25th, 2003, 65438+ broke out, and 500,000 servers around the world were attacked, but the economic loss was small. 6. When Blaster (2003) virus is running, it will constantly use IP scanning technology to find computers with Win2K or XP on the network, and then use DCOM RPC buffer vulnerabilities to attack the system. Once the attack is successful, the virus will spread to the other computer for infection, making the system run abnormally, constantly restarting, and even causing the system to crash.
In addition, the virus will also conduct a denial-of-service attack on an upgraded website of Microsoft, resulting in the website being blocked and users unable to upgrade their systems through the website. In the summer of 2003, hundreds of thousands of computers were infected, resulting in a global loss of $2 billion to $654.38 billion.
7. Big commitment. F(Sobig。 F, 2003) Sobig.f is a virus that spreads through the Internet. When its program is executed, it will send itself as an e-mail to all the e-mail addresses it finds from the infected computer. After being executed, Sobig.f virus sends itself as an attachment to all email addresses it finds from infected computers, and it uses its own SMTP engine to set the information it sends.
The directory of the worm in the infected system is c: \ winnt \ winppr32.exe. In August, 2003, 19 broke out, which was a variant of Sobig before, and brought a loss of $5 billion-10 billion to the world.
8.Bagle, 2004) The virus spread by email. After running, it generated its own copy in the system directory and modified the registry key value. Viruses also have the ability of a back door.
In 2004, 65438+1October 18 broke out, which brought tens of millions of dollars of losses to the world. 9.MyDoom (2004) MyDoom is a virus spread through email attachments and P2P network Kazaa. When the user opens and runs the virus program in the attachment, the virus will target the email address in the user's mailbox, forge the source address of the email, send a large number of emails with virus attachments, and leave a back door on the user's host to upload and execute arbitrary code (TCP 3 127 to 365438).
On October 26th, 2004, 65438 broke out. During the peak period, the network loading time slowed down by more than 50%. 10.Sasser (2004) This virus is a worm spread by using the Lsass buffer overflow vulnerability (MS04-01vulnerability information) of Microsoft operating system.
Because the worm will launch a large number of scans during its spread, it will have a great impact on the use of individual users and network operation. It broke out on April 30, 2004, bringing tens of millions of dollars in losses to the world.
2. What is the most destructive computer virus in history? A dangerous new virus "Xin Huan" (VBS.
A new love broke out.
This is the most destructive virus discovered so far. It spreads in the same way as the original insect-loving virus.
Once the computer is infected, the virus will send itself to an address in the Outlook address book. But this time, the "new love" virus is much more destructive than the "I love you" virus.
This new virus will overwrite all unused files when the machine is infected. Unlike previous viruses or worms, this new virus has many forms, which means that it will be different every time it is infected.
Because the love bug virus and its early variants have known titles and attachments, it is easy to be identified. However, this new worm randomly selects the title and attachment in the start menu of the infected machine every time. It looks at the system start menu and randomly selects a file name (if not, it will generate one).
Once the virus starts to replicate, it will send out a copy of the virus with a randomly selected file name and attachment according to the address in the user's Outlook address book (such as "Forward: My Document"). Doc "or" My Documents ".
Doc vbs "). If someone has 60 addresses in Outlook, they will send 60 forwarded documents.
Doctor's letter. Then, when the new system is infected with this virus, a new version of the virus will be generated in the same way.
It is precisely because new command statements and comments are added after each virus infection that it is difficult for anti-virus companies to determine the characteristics of files that need to be detected and deleted. Great harm The new worm covers all the files that were not used when the system was infected-basically destroying the whole system.
It's no use restarting the machine. The only recovery method is to rebuild the whole system with clean backup files.
3. What is the most serious computer virus in history? It is reported that since last week, 360 Security Center, Guanqun Gina, Trend Micro, Symantec and other domestic and foreign security vendors have issued early warnings, saying that hackers will launch "the strongest cyber attack in history" on April Fool's Day, including internationally renowned websites such as Yahoo, Disney, Facebook and Youtube, as well as domestic websites such as Baidu and Xin Kai. This matter immediately attracted the attention of all walks of life.
Conficker worm, also known as "the strongest virus in history", was first discovered last year1October 20th 165438+. Up to now, there are three versions: A, B and C. At present, more than150,000 computers in the world have been infected. Conficker mainly uses the vulnerability of Windows operating system MS08-067 to spread, and can also be infected by any hardware device with USB interface.
In Conficker's disassembly code. C variant, security personnel found the settings to attack hundreds of major websites around the world, and thought that hackers would probably launch network attacks by sending data packets to these websites. Because the worm once grounded French naval aircraft and recently deeply infected the network system of the British Parliament, it quickly attracted public attention.
However, Conficker has been "doing nothing" for more than four months, and he has never done any damage to Zhao Zhong's computer, so it is very mysterious. Therefore, researchers from Symantec Security Response Center also confirmed the existence of threat codes in Conficker. But they are not sure what will happen on April 1 day.
The researchers even speculated that "this may be another Y2K event". Guanqun Gina Company warned that from April 1 day, Conficker. Worm C will try to visit tens of thousands of built-in websites every day and launch a large-scale attack on the global network.
F-Secure, an American computer security company, also predicts that Conficker will invade 50,000 websites every day from Wednesday to better hide its birthplace. Trend Micro sent an urgent warning email to users, saying that the worm will modify its program on April Fool's Day, generate 50,000 malicious software websites at one time, and try to connect 500 malicious websites randomly to download Trojan virus at the same time, thus changing its "Bot" family through "broilers" and carrying out the next wave of cyber attacks.
According to the analysis report of MTC, an international network security research institution, Conficker worm has penetrated into various websites, military networks, personal computers, important infrastructure, various small networks and universities around the world. The IP address occupied by the recruited computer is * * *10512451,of which10222. There are at least150,000 "zombie" computers controlled by Conficker worm authors-this "zombie" network can not only be used as a long-term profit platform for online fraud and theft, but also as a special weapon for information warfare, and even paralyze the entire civil Internet.
Because of this, in February this year, Microsoft offered a reward of $250,000 to capture the author behind Conflicker. "The reason why this worm attack may be the strongest hacker attack in history is because the number of zombie computers it currently controls is very large, reaching tens of millions."
Dr. Shi Xiaohong, a security expert, said that in 2002, hackers used millions of worms to launch DDOS attacks on DNS root servers in the United States, which led to the paralysis of websites such as Google and IBM. "If you use tens of millions of computers to attack this time, basically no website can prevent it."
At present, there are different opinions that Conficker is a hacker from Ukraine, Russia, Eastern Europe, China and other places. Shi Xiaohong believes that the identity of Conficker's author is still controversial, and network security researchers only speculate by disassembling code fragments from samples. Even if hackers launch a large-scale network attack, it is difficult for the outside world to locate the real control server because of its P2P technology. It is reported that Conficker mainly uses the vulnerability of Windows operating system MS08-067 to spread, and can also be infected by any hardware device with USB interface.
"Therefore, the most important thing now is that the majority of netizens should fix the loopholes in their computer systems in time, and don't become tools and accomplices for malicious use by hackers. Internet sites should be ready to respond to attack challenges at any time." Dr Shi Xiaohong finally said.
Attachment: 1 What are the hazards of insects? A: Generally speaking, a computer infected with a worm will be as slow as a worm, and may be used as a zombie computer, sending out a lot of spam or sending attacks to other network computers. Some worms will download some pilfer date trojan after invading users' computers, and steal users' online games, online banking and personal privacy information.
When the "shock wave" worm broke out in 2004, it attacked the computer systems of banks, postal services, transportation and other departments around the world, causing the computers of China Merchants in China to crash and restart constantly, causing about 40 flights of Delta Air Lines to be cancelled or delayed, thousands of Australian passengers stranded in the parking space, and countless staff returned to paper offices. But Conficker is very strange, because so far, it has not implemented any harmful operations except slowing down the user's network speed.
But that doesn't mean Conficker won't do evil. It all depends on what the controller behind Conficker does next. 2. How should ordinary netizens and enterprise users guard against it? A: Ordinary users should strengthen their awareness of network security, patch their computers with professional security tools such as 360 security guards in time, and fix system vulnerabilities, so as to avoid being invaded by Conficker worms and becoming their accomplices in attacking other people's networks.
The local area network of enterprise users is the place where Conficker is easy to spread. Often a computer's "trick" will lead to a large area infection of the whole LAN. In addition to using 360 to repair the vulnerability patch of the computer as soon as possible, employees of the enterprise suggest that users try to open the security software with USB flash drive firewall function before using it. The data shows that there are only 2360 users.
4. What are the most serious computer viruses in history? 1.CIH( 1998) infected the feasibility document in Win95/98. This kind of virus spreads in Windows environment, which is particularly real-time and concealed. This variant can rewrite the BIOS. It caused losses of about $20 million to $80 million worldwide.
2. Melissa (1999) is a macro virus that spreads very fast. It is spread as an email attachment. Melissa virus will not destroy files or other resources, but it may stop the operation of enterprises or other mail server programs, because it sends out a large number of mails and forms a huge e-mail information flow. 1999 broke out on March 26th, infecting 15%-20% of commercial computers, resulting in a loss of $30 million to $60 million.
3. "Love You" (2000) is spread by e-mail just like Melissa, but it is much more destructive than Melissa. It can delete some local pictures and words, resulting in a loss of about10 to15 million dollars. 4. Red Team (200 1) is a worm virus, which spreads through the server's port 80 by using buffer overflow attack in essence. Port 80 is the channel for information exchange between the Web server and the browser.
Unlike other viruses, Code Red does not write virus information into the hard disk of the attacked server, but only resides in the memory of the attacked server. It caused a loss of about $2.8 million worldwide.
5.SQL Slammer(2003) is a DDOS malicious program. It infects the server by using distributed denial of service attack through a brand-new infection way. It takes advantage of the weakness of SQL Server, attacks 1434 port and infects the SQL Server in memory, and then spreads a large number of denial-of-service attacks and infections through the infected SQL Server, resulting in the failure or downtime of the SQL Server and the internal network congestion. Like red team, it just resides in the memory of the attacked server.
About 500,000 servers in the world crashed, and the whole network in South Korea was paralyzed 12 hours. 6.Blaster, 2003) Shock wave virus is spread by using the RPC vulnerability published by Microsoft on July 2 1 that year. As long as there is RPC service on the computer and there is no security patch, the virus will infect the computer and cause the following phenomena: the system resources are occupied a lot, and sometimes the dialog box of RPC service termination will pop up. Moreover, the system was restarted repeatedly, and it was unable to send and receive emails, copy files and browse the web normally. The copy and paste operation was seriously affected, and DNS and IIS services were illegally rejected.
This virus should be familiar with a wide range of viruses in China recently. It caused a loss of about $2 million to10 million, but in fact thousands of computers were affected.
7. overlord bug (Sobig. F, 2003) This is the fifth variant of Sobig worm, which has very strong infection ability, so it will cause huge mail transmission, which will lead to the collapse of mail servers all over the world, and because of its characteristics, it will also reveal local data extremely dangerously. It caused a loss of about $5 million to10 million, and more than10 million computers were infected.
8.Bagle, 2004) Bagle, also known as Beagle, is a worm spread by email. It accesses the website remotely, spreads through the e-mail system, and establishes the back door in the Windows system. So far, this worm is probably the most serious and widespread worm, and its influence is still rising. At present, it has caused tens of millions of dollars in losses, and it is still continuing.
9.MyDoom(2004) This virus is a combination of virus and spam, which can spread rapidly in the enterprise e-mail system, resulting in a sharp increase in the number of emails, thus blocking the network. Either virus or spam has caused enough troubles to users last year, but now the combination of the two is more fierce, and most users don't know about it, which makes the spread speed of this virus break through the original spread speed of various viruses.
According to the data of MessageLabs research company, at the peak of MyDoom virus outbreak, one in every 10 mail was infected by this virus, and one in every 17 mail was infected by Sobig virus which was rampant in the previous year. At the worst of its outbreak, the global network speed dropped sharply.
10.Shockwave (Sasser, 2004) the shockwave virus will automatically search for computers with loopholes in the system on the network and directly guide these computers to download virus files and execute them, so there is no need for human intervention in the whole spread and attack process. As long as these users' computers are not patched and connected to the internet, they may be infected.
This kind of attack is very similar to the shock wave of that year, which will crash the system files and cause the computer to restart repeatedly. At present, it has caused tens of millions of dollars in losses.
I think the strongest computer virus in history is shock wave.
The router won the competition with the switch.
Routers can be the core of advanced networks, but switches can't.
Introduction to worms. Shock wave virus
When the virus is running, it will constantly use IP scanning technology to find computers with Win2K or XP system on the network. When it is found, it will exploit the DCOM RPC buffer vulnerability to attack the system. Once the attack is successful, the virus will spread to the other computer for infection, making the system run abnormally, constantly restarting, and even causing the system to crash. In addition, the virus will also conduct a denial-of-service attack on an upgraded website of Microsoft, resulting in the website being blocked and users unable to upgrade their systems through the website. /kloc-After August of 0/6, the virus will also make the attacked system lose the ability to update the vulnerability patch.
Bugs. Blaster virus file
Alert level:
Attack time: random
Virus type: worm virus
Transmission route: network/China vulnerability.
Related systems: WINDOWS 2000/XP
Virus introduction:
The virus was intercepted by Rising Global Anti-virus Monitoring Network for the first time in August 2002 at 65438+. When the virus is running, it will constantly use IP scanning technology to find computers with Win2K or XP system on the network. When it is found, it will exploit the DCOM RPC buffer vulnerability to attack the system. Once the attack is successful, the virus will spread to the other computer for infection, making the system run abnormally, constantly restarting, and even causing the system to crash. In addition, the virus will also conduct a denial-of-service attack on an upgraded website of Microsoft, resulting in the website being blocked and users unable to upgrade their systems through the website. /kloc-After August of 0/6, the virus will also make the attacked system lose the ability to update the vulnerability patch.
Virus discovery and removal:
1. The virus spreads through the latest RPC vulnerability in Microsoft, so users should patch the system with RPC first, and the patch address is:
/new site/Channels/info/virus/topic database package/ 12- 145900547。
2. When the virus runs, it will build a mutex named "BILLY" to prevent the virus from repeatedly entering the memory. The virus will build a process named "m *** last" in the memory, and users can use the task manager to terminate the virus process.
3. When the virus runs, it will copy itself as:% systemdir% \ m * * * last.exe, and users can manually delete the virus file.
Note: %Windir% is a variable and refers to the operating system installation directory. The default is "C:\Windows" or "c:\Winnt", or it can be other directories specified by the user when installing the operating system. %systemdir% is a variable, which refers to the system directory in the operating system installation directory. By default, it is "C:\Windows\system" or "c:\Winnt\system32".
4. The virus will modify the HKEY _ local _ machine \ software \ Microsoft \ Windows \ current version \ running item in the registry, and add "Windows automatic update" = "m * * * last. Exe ",and the user can manually clear the key value.
5. The virus will use ports 135, 4444, 69, etc. Users can use firewall software to disable these ports, or use TCP/IP filtering function to disable these ports.
6. There is no relevant information about the ranking of the most serious computer viruses in the world in recent ten years. Let me tell you an all-time one: According to vnu website, San Francisco columnists IainThomson and ShaunNichols published a list of the most vicious 10 computer viruses they think so far.
1.CreeperCreeper may be the first computer virus, although this statement is still controversial. This virus was made by BobThomas in 197 1 using Tenex operating system.
2.BrainBrain was the first virus produced by Microsoft DOS operating system in the middle of 1986. This virus was written by Pakistani brothers Basit and AmjadFarooq Alvi. It was originally used to prevent copying a medical software.
3.MyDoomMyDoom is an attack method, which will infect the host and then resend the entire address book. The virus is spread by e-mail and address book using tested and reliable methods.
4. Nimda is one of the fastest spreading viruses in history, and it became the most widespread virus 22 minutes after it was launched. Melissa, this is a romantic love story.
A boy met a woman. Girls dance to make money, and boys go home to write computer viruses for that girl.
The computer virus later spread, causing millions of dollars in losses. This is Romeo and Juliet of our time.
6.StormStorm is a large malicious botnet virus, which first appeared in the form of fake news and flooded Europe in early 2007. This virus has been threatening users for more than a year.
7.ExplorerZip virus was written 10 years ago, but it is still spreading. This is a good example of how tenacious the virus is.
8.ConfickerConficker。 The C virus was supposed to spread widely in March this year, and then launched a global attack on April 1 day, causing a global disaster. However, the virus did not actually cause any damage.
9.KlezKlez is also a very tenacious virus. Seven years after its first appearance, the virus is still spreading.
10. Elk ClonerElk Cloner virus is a joke written by RichSkrenta, a high school student aged 15. It's a pity that his joke soon turned into a bad thing.
ElkCloner virus spread through the startup sector, which became the standard way of virus spread later.