History of computer virus development?

In the history of computer development in the world, computer viruses have undergone great changes, and so has the history of development. Let me give you

History of computer virus development?

In the history of computer development in the world, computer viruses have undergone great changes, and so has the history of development. Let me give you a detailed introduction! I hope it helps you!

History of computer virus development:

1, the original concept of "computer virus" can be traced back to the book "Youth of P 1" published by American writer Ryan in the 1970s. In this book, a computer program that can replicate itself and spread through communication is conceived, which is called computer virus.

Three young programmers in Bell Labs were also influenced by Feng? Inspired by Neumann's theory, the "core war" game was invented.

3.1983165438+10 In October, at an international conference on computer security, American scholar Cohen clearly put forward the concept of computer virus for the first time and demonstrated it.

4. The first virus widely spread on personal computers in the world is a brain *** C- brain * * * virus that was born at the beginning of 1986. It was written by a pair of Pakistani brothers. They run a computer company and make a living by selling their own computer software. At that time, due to the rampant local pirated software, in order to prevent the software from being illegally copied at will and to track how many people are illegally using their software, 1986, they compiled the "brain * * * * *" virus, which is also the "Pakistan" virus. The virus runs under DOS operating system and spreads through floppy disk. It only happens when the software is pirated, and when it happens, it will eat the remaining space on the pirate's hard disk.

In May, 1988 1 1 The military computer network of the U.S. Department of Defense was attacked by Morris virus, which infected more than 6,000 computers on the U.S. Internet network, causing direct economic losses of $96 million. Morris virus was caused by 23-year-old Ross of Cornell University. Morris made it. All kinds of worms that appeared later were imitations of Morris worm, so that people called Maurice, the creator of the virus, "the father of worms".

6, 1999 Happy99, beautiful killer * * * Melissa * * and other viruses that spread completely through the Internet indicate that Internet viruses will become a new growth point of viruses. Its characteristic is to make use of the advantages of the Internet to spread rapidly on a large scale, thus making the virus spread all over the world in a short time.

7.CIH virus is the fourth new virus after DOS virus, and the three letters of CIH once represented disaster. 1998 was introduced to the mainland from Taiwan Province province in August. * * There are mainly three versions:1.2/1.3/1.4, and the attack time is April 26th, June 26th and June 26th respectively. This virus is the first computer virus that directly attacks and destroys hardware, and it is also the most serious virus so far.

Chen Yinghao, the maker of CIH virus, has two psychiatric outpatient records and is considered as a "computer geek".

8. In May 2000, the "Love Bug" virus spread rapidly around the world, and broke out on a larger scale, causing unprecedented computer system damage around the world. I love you. Worm virus is a virus written in VB Script programming language, which is mainly spread through a letter named "I love you". Once the attachment is executed, the virus will get the Outlook address book list and automatically send out "I love you" * * *, thus causing network congestion. Destructive: the spread of love bug virus will lead to network paralysis. When the virus broke out, 10 *. MP3 and *. Jpg will be changed to *. Vbs, and these files will be infected and overwritten.

Network viruses similar to the love bug virus include Melissa * * * beautiful killer virus * * and so on.

9. The famous "Black Friday" virus broke out on Friday of 13.

Nimda virus that appeared in 10 and September 18, 2006 is another milestone in virus evolution. It is the first time to attack the Internet by using the loopholes in the system, and it has typical hacker characteristics. Its appearance means that a virus mixed with various hacking methods was born.

Nimda is a new and complex worm, which sends a lot of emails. It spreads through the internet. Nimda virus always attacks computers disguised as * * with blank subject lines. Open this unknown * * * and you will find an attachment named readme.exe*** that can execute the readme file * * *. If you open this attachment, Nimda has successfully completed the first step of attacking the computer. Next, the virus constantly searches for network resources in the local network, copies virus files to the user's computer, randomly selects various files as attachments, and then sends the virus according to the email address stored in the user's computer, thus completing a circular process of virus transmission.

11.In 2002, the application letter Klez virus and mail virus mainly affected Microsoft Outlook Express users.

12, "Where is the attachment? Did you find me? Don't worry about opening it. This is an important document. Please check the attachment for the killing tool that can kill QQ virus. " If you receive this * * *, never open it. This is the first Chinese mixed virus in China, which will cause all kinds of passwords in computers to be stolen, including operating system, online games, * * * and so on.

13, Shockwave, August 2003 1 1, Shockwave swept the world, and spread by using the RPC vulnerability of Microsoft network interface, resulting in poisoning of many computers, unstable machines, restart, downtime, partial network paralysis, and unpatched WINDOWS operating system can hardly escape its clutches.

14. Shock wave: It has a form similar to shock wave. The infected system restarted the computer because the system file lsess.Exe crashed due to a worm virus.

15, Globus virus, as an old virus in Dos era, is also the first computer virus to become popular in China. Globule virus can control the computer in an insidious way, making the program run slowly or even impossible to execute.

Trojans, once infiltrated, will cause endless trouble.

It is said that during the Gulf War, a secret agency of the US Department of Defense carried out a planned virus attack on Iraq's communication system, which once paralyzed Iraq's national defense communication.

1, msn clown * * * MSN fun * * *, automatically send messages and viruses to users' MSN.

2.Word file killer: Destroy the document and record the administrator password.

3. Young Eagle * * * BBEAGLE * *: Trojan horse program, * * * spread, monitor system time, and automatically quit on February 25th, 2004.

4. How big * * * SOBIG * *:0 minutes 65438+300 virus mail.

5. red team ***I-Worm Redcode***: Infected object, server, modify the webpage of the server website.

6. blue code * * * Bluecode * *: Start multiple programs, the system execution speed is very slow, and the cpu utilization rate rises rapidly, even paralyzed.

7. Password Blackjack 2004: Capture almost all the input information in the login window through keyboard recording technology and send it to the virus author through * * * *.

8, Norwegian guest ***Mydoom.e***: crazy conveyor belt poison mail, delete computer data at will.

9.Netsky * * * Netsky * *: A large number of toxic emails spread, consuming network resources and affecting enterprise mail servers.

10, Wuhan boy: qq sends seduction information, steals the legendary password, and sends it to password thieves in the form of email, ending all kinds of antivirus software.

1 1, securities thief ***PSW. Search * * *: Trojan horse, stealing trading accounts and passwords of multiple securities trading systems. Record keyboard information and send user data in the form of pictures through screen capture.

Top Ten Viruses/Trojans in 2008

According to the degree of virus harm, virus infection rate and user attention, the comprehensive index is calculated, and finally the following ten viruses/Trojans are the most influential viruses/Trojans in 2008.

1, robot dog series virus

Keywords: the underlying disk infects system files

The robot dog virus was named "robot dog" by netizens because the original version used photos of electronic dogs as icons. There are many kinds of viruses, mostly because antivirus software can't be executed normally. The main harm of this virus is to act as a Trojan downloader. By modifying the login file, most popular security software is invalidated, and then all kinds of hacking tools or hacking tools are downloaded crazily, which poses a great threat to the virtual property of netizens.

Robot dog virus directly operates the disk to bypass the system file integrity test, and realizes hidden startup by infecting explorer.exe, userinit.exe, winhlp32.exe and other system files. A large number of Internet cafe users are infected with viruses by infiltrating the restoration system software such as freezing point and shadow through the underlying technology, and the security of the system cannot be guaranteed through restoration; By repairing SSDT, capturing images, running programs and other methods, a large number of security software failed; Download a lot of pilfer date trojan online. Some robot dog variants will also download ARP malicious attack programs to ARP spoof local networks or servers, which will affect network security.

2.AV Terminator virus series

Keywords: antivirus software can't open repeated infection.

The biggest feature of AV Terminator is to disable all anti-virus software and a large number of security AIDS, which makes users' computers lose security. Destroy the security mode, so that users can't enter the security mode to clean the virus at all; Forcibly close the webpage with the word "virus". As long as the word "virus" is entered in the webpage, the webpage will be forcibly closed, and even some security forums cannot log in, and users cannot seek solutions through the network; Release automatic operation. Inf file, and use the system's self-playback function. If you don't clean it up, you may repeatedly infect the recharge system in the future.

The "Super AV Terminator" which appeared at the end of 2008 combines the characteristics of AV Terminator, robot dog, sweeping wave and autorun virus, and is a new computer virus captured by Kingsoft Internet Security Center. It poses a great threat to users. It spreads in the regional network through Microsoft's huge vulnerability MS08067. It has the function of wearing and restoring robot dogs and downloading a large number of Trojans, which has a great impact on Internet cafes and regional network users.

3. Online game series

Keywords: online game hackers

This is a kind of pilfer date trojan series. The biggest feature of this Trojan horse is that it is started by ShellExecuteHooks, which steals the accounts of popular online games, such as Warcraft and Fantasy Westward Journey, and gains benefits by buying and selling equipment. This kind of virus itself generally does not fight against antivirus software, but it is often accompanied by super Av terminator, robot dog and other viruses.

4.HB locust series Trojan horse

Keywords: online game hackers

The new variant of HB locust virus is the most "awesome" pilfer date trojan virus intercepted by Kingsoft Internet Security Center at the end of the year. This series of pilfer date trojan has mature technology and wide communication channels. There are many target games with special generators, which basically cover most of the games on the market, such as World of Warcraft, Odyssey onlineII, Chivalrous Man World, Godsworn II, Perfect Series Games, Fantasy Westward Journey, Magic Domain and so on.

This Trojan virus is mainly spread through web pages and popular virus download programs. The downloader that spreads this kind of pilfer date trojan will generally fight against anti-virus software, which will lead to the anti-virus software not being opened and the computer's response speed will slow down.

5. Sweep virus

Keywords: new worm vulnerability

This is a new kind of worm. It is one of the most aggressive viruses after Microsoft's "black screen" incident. After the "sweep wave" is executed, traverse the computers in the LAN and launch an attack. After the attack is successful, the attacked computer will download and execute a downloader virus, and the downloader virus will also download "Sweeping Wave" and download a batch of games pilfer date trojan. The "scanning wave" in the attacked computer then attacks other computers and spreads to the Internet. It is understood that previously discovered worms generally spread by themselves, while scanning waves are downloaded and spread by downloaders. Because of its self-propagation characteristics, it has been confirmed as a new worm by Kingsoft Internet Security anti-virus engineers.

On the third day after Microsoft announced the "black screen", MS08-067 security bulletin was issued urgently to remind users of a very dangerous vulnerability, and then malicious programs using this vulnerability to launch attacks emerged constantly; 101On the evening of October 24th, Jinshan issued a red safety warning. Through the detailed prototype simulation demonstration of Microsoft MS08-067 vulnerability, it is confirmed that hackers have every chance to launch long-range attacks by using Microsoft MS08-067 vulnerability, and the Microsoft operating system is facing the threat of large-scale collapse. 165438+1October 7, Jinshan once again issued an early warning that the "sweeping wave" virus is using this vulnerability to carry out large-scale attacks; 165438+1On the evening of October 7th, Jinshan confirmed "Sweeping Waves" as a new worm virus and issued a weekend red virus warning.

6. QQ steals saints

Keywords: QQ hacker

This is a series of QQ pilfer date trojan viruses. Viruses usually release viruses similar to UnixsMe. Jmp，Sys6NtMe。 Zys, * * * to IE installation directory * * * c: program file Internet Explore * * *, which can be started automatically by logging in the file browser Helper object. When it is successfully executed, it will inject the previously generated file into the program, query the QQ login window, monitor the user to input the stolen account and password, and send it to the website designated by the Trojan horse breeder.

7.RPC hackers

Keywords: cannot copy and paste

This series of Trojans achieve the purpose of booting by replacing system files. Because the RPC service file rpcss.dll has been replaced, improper repair will affect the system's functions such as chopping board and surfing the Internet. Some versions add anti-debugging function, which leads to slow loading when the system is turned on.

8. Fake QQ system messages

Keywords: QQ system message, antivirus software can't be used.

Detected as a phishing program by Kingsoft Internet Security, the biggest feature of this virus is to disguise the information of QQ system. Once users click on it, money and computer security will face great threats.

The virus has a strong comprehensive destructive ability. It spreads automatically through automatic technology. When it enters the computer, it will execute its own countermeasure module, trying to hijack the image or directly shut down the security software in the user system. The virus also has the function of downloader, which can download other Trojans to the computer for execution.

9, QQ ghost

Keywords: QQ Trojan downloader

The virus will query the QQ installation directory and release a carefully modified psapi.dll in its directory. When QQ is started, the dll file 1: application installation directory 2: current working directory 3: system directory 4: path variable * * * will be loaded in the order that * * programs load dll files, thus executing malicious code to download a large number of viruses to users' computers.

10, drive

Keywords: can not completely remove the concealment

The driver is very similar to the AV Terminator and the robot dog. The biggest feature is that a large number of users' anti-virus software and security tools cannot be executed, and a blue screen appears after entering the security mode; What's more, because the Exe file is infected, the recharge system cannot be completely cleaned up.

Disk drive virus mainly spreads through websites, USB flash drives, LAN ARP propagation, etc. And they are very hidden. In the process of virus transmission, the technical means used by users and even anti-virus software can't be intercepted. Once the virus is successfully executed in the user's computer, it will automatically download its latest version and a large number of other Trojans to be executed locally, stealing the user's virtual assets and other confidential information; At the same time, the virus will infect the exe files on the user's machine, including the exe files in the compressed package, and will be shelled by UPX, which makes it difficult for users to completely clean them up.

Second, the characteristics of computer viruses and Trojans in 2008

In 2008, viruses and Trojans were extremely active. From the perspective of virus spread, in 2008, a large number of viruses spread through web pages, mainly using realplay, adobe flash and IE vulnerabilities. Judging from the way viruses operate, in 2008, a large number of viruses used downloaders to fight against security software, shut down security software, and downloaded a large number of pilfer date trojan to users' computers-stealing users' online game accounts and sending them to hackers' databases. Judging from the harm of viruses, most of the viruses prevalent in 2008 were online games pilfer date trojan, followed by remote control Trojans.

1, virus manufacturing has entered the era of "mechanization"

Due to the proliferation of various virus making tools, the division of work of virus making is more detailed and stylized, and virus authors begin to make viruses according to the established virus making process. Virus manufacturing has entered the era of "mechanization".

This "mechanization" is largely due to the lowering of the threshold for virus production and the popularization of various production tools. "Virus Maker" is a popular tool for making viruses on the Internet. Virus writers can make and generate viruses by hand without any professional skills. Kingsoft Internet Security Global Anti-virus Monitoring Center found many such advertisements on the Internet through monitoring. Virus authors can customize and view virus functions in the corresponding production tools according to their own needs for viruses. The foolish production of virus led to the "mechanized" era of virus.

The mechanized production of viruses has led to an explosive increase in the number of viruses. The traditional manual collection and identification methods of anti-virus manufacturers have been unable to cope with the rapid growth of viruses. Relying on the "cloud security" technology, Kingsoft Internet Security 2009 has achieved a five-fold increase in the number of virus samples in the virus database, an increase in the maximum daily virus processing capacity of 100 times, and a reduction in the emergency virus response time to less than 1 hour, bringing users a better security experience.

2. The modularization and specialization of virus manufacturing are obvious.

Virus gangs outsource the production or purchase of virus functional modules with advanced technology according to functional modules, which makes all aspects of virus functions more and more "professional", and virus technology can be continuously improved and developed, which is more and more harmful to netizens and more difficult to solve problems. For example, Super AV Terminator, which appeared at the end of the year, is a masterpiece of virus technology and a typical representative of modular production.

In terms of specialization, virus manufacturing is naturally divided into the following links: virus producer, virus wholesaler, virus disseminator, "box" wholesaler, "envelope" wholesaler and "envelope" retail terminal. Virus authors include "senior programmers" and even reverse engineers. Virus wholesalers buy virus source code and sell it to generate Trojan horses. Virus communicators are responsible for spreading viruses through various channels and stealing valuable QQ numbers, game accounts and equipment. "Box" wholesalers can steal virtual assets by renting or selling "boxes" and collect stolen numbers to make a profit. They usually have their own Trojan horses or Trojan horse generators. Envelope wholesalers make a profit by buying or renting boxes and selling harvested envelopes. The "envelope" retail terminal is responsible for screening and selling valuable virtual assets collected in the "envelope". Each link has its own responsibilities, and the trend of specialization is obvious.

3. The virus "operation" mode is internetized.

After the action in 2008, virus gangs have completely turned to the Internet, and the attack methods are generally: invading through websites->; Write malicious attack code-> Taking it as the main mode of transmission of new network viruses, netizens will be "unconsciously" poisoned by vulnerability attacks when they visit' normal websites' with horse-hanging codes. This way of communication is characterized by its rapidity and privacy, and it is suitable for commercial operation. It can accurately count the income like an online hawker and divide it into sales.

For example, after the "robot dog" virus is purchased by "merchants", it can attract investment through "robot dog". Because the robot dog itself does not have the function of "stealing" things, but can protect viruses by fighting against security software, the robot dog has become a virus dealer, and viruses such as Trojans have also joined the download list of the robot dog. If the virus wants to join the list of these dealers, it must pay an "entry fee" of about 3,000 yuan. "Robot dogs" and other similar "downloaders" shirk each other, just like * * * in normal business practices. In this way, viruses added to the channel list can enter the user's computer through more channels. Through which channel the virus enters, it will pay to which channel.

In addition, the promotion and sales of viruses have been completely based on the Internet. Virus promotion methods include promotion through some technical forums, hacker websites are also important promotion channels, and channels such as Baidu Post Bar and QQ Group are also included in the promotion. Its sales channels are completely based on the Internet, and typical sales channels include: public auction websites, such as Taobao and Yi Bei. There are also direct sales through QQ or sales through special websites.

4. Virus gangs use "new" vulnerabilities faster.

IE 0day vulnerability was exploited as the biggest security incident in 2008. When the ms08-67 vulnerability was exposed, some popular Trojan downloaders integrated the attack code of this vulnerability into the virus to achieve a wider spread. As for the IE0day vulnerability that appeared at the end of the year, it has been nearly 10 days since Guama Group updated the IE 0day vulnerability attack code and Microsoft updated the patch. During this period, tens of millions of netizens visited the webpage containing the code of this vulnerability attack.

In addition, the vulnerability of Flash player in 2008 also caused losses to many netizens. Because of the design, update and upgrade of the software itself, there are some loopholes that will be exploited by hackers and malicious websites. In the process of browsing the web, users download Trojan virus through vulnerabilities to invade the user system, conduct remote control, and steal the user's account and password. , thus causing users to suffer losses.

Kingsoft Internet Security team pays close attention to the vulnerability information of windows system software and third-party application software, and updates the vulnerability database information in time. At the same time, Jinshan cleaning experts adopt P2SP technology, which greatly improves the download speed of patches and reduces the risk exposure time of users' computers.

5. The confrontation between virus and security software is becoming increasingly fierce.

In the division of virus industry chain, downloader plays the role of' underworld', which ends and destroys anti-virus software, infiltrates repair software,' protects' pilfer date trojan from being successfully downloaded to users' machines, and classifies it by' protection fee' and download volume. Downloader acted as a deep-water bomb in 2008, and has been running in the front line against anti-virus software, making a big splash and getting rich returns.

It is not difficult to see from the widespread popularity of' AV Terminator' that antivirus software has become a' necessary skill' for downloaders.

Throughout 2008, some popular viruses, such as robot dogs, disk drives, AV Terminators, etc. , without exception, are antagonistic viruses. Moreover, some virus makers also threatened to starve anti-virus software. There have been viruses aimed at anti-virus software and destroying system security settings before, but in 2008, it was particularly prominent. Mainly because most anti-virus software has increased the intensity of killing viruses, making viruses have to fight against anti-virus software in order to survive. These viruses are also used in various ways, such as modifying system time, ending anti-virus software programs, destroying system security mode, and disabling automatic upgrade of windows.

The main characteristics of the confrontation between viruses and antivirus software are that the frequency of confrontation becomes faster and the period becomes shorter. The new version of each virus is updated very quickly, and antivirus software is confronted every two days or even several hours.

Kingsoft Internet Security has improved the technical threshold of virus attacks by strengthening its self-protection function. At present, Kingsoft Internet Security system can provide unattended and automatic virus sample collection, virus database update test and upgrade release solutions to meet the challenges of virus transmission producers.

Third, the development trend of computer virus Trojan horse in 2009

1 and 0Day vulnerabilities will increase day by day.

In 2008, the security community was most concerned not about Windows system vulnerabilities, but about 0-0Day vulnerabilities released by hackers every few days after Microsoft released patches. Because these vulnerabilities are in the blank period of system update, there is no patch, and all computers are in a dangerous state.

Hackers will pay more attention to the exploitation of 0day vulnerability after tasting the huge infection and huge profits brought by 0day vulnerability attack. In 2009, there may be a lot of new 0day vulnerabilities * * * including system vulnerabilities and popular Internet software vulnerabilities * * *. Virus gangs use the time difference between the discovery of 0day vulnerabilities and the release of patches by manufacturers to launch vulnerability attacks and earn high profits.

2. The phenomenon of hanging horses on web pages is becoming more and more serious.

Hanging horses on the web page has become one of the main ways for Trojan horses and viruses to spread. Invade the website, tamper with the content of the webpage, and implant all kinds of Trojans. As long as users browse the Trojan website, they may be invaded by Trojans, or even encounter more violent attacks, resulting in the loss of network property.

In 2008, it is not uncommon for websites to be hung up, ranging from some portal websites to the websites of a local TV station. With the increasing popularity of the Internet, hanging horses on web pages has become one of the main ways for Trojan horses and viruses to spread. Anti-virus engineer of Kingsoft Internet Security predicts that in 2009, the problem of hanging horses on the Internet will be more severe, and more websites will be attacked by Trojan horses.

3. The confrontation between virus and anti-virus vendors will intensify.

With the improvement of anti-virus vendors' self-protection ability for security software, the confrontation of viruses will become more and more fierce. Viruses will no longer be limited to terminating and destroying anti-virus software, and weak antagonistic viruses that hide and' parasitize' system files in the area will increase greatly.

4. Try the new platform

After entering the new economic era, viruses and trojans are bound to be pervasive; Internet speed makes the virus more rampant. Therefore, in 2009, we can predict that the viruses of vista system and windows 7 system will probably become the new favorites of virus authors; When our smart phones enter the 3G era, the virus/Trojan horse activities on mobile phone platforms will increase. Software vulnerabilities are inevitable, and vulnerabilities on the new platform will also become the most important means of spreading viruses/Trojans.

Four. Development trend of anti-virus technology in 2009

With the gradual lowering of the threshold of virus production, the rapid growth of the number of viruses and Trojans, and the increasingly fierce confrontation between anti-virus manufacturers and viruses, the traditional "obtaining samples" > signature analysis->; The running mode of "updated deployment" antivirus software can no longer meet the ever-changing and growing security threats. Under the circumstance that massive viruses and Trojans flood the Internet and the technology of virus producers is constantly updated, antivirus manufacturers must have more effective methods to make up for the shortcomings of traditional antivirus methods, and "cloud security" came into being.

Kingsoft Internet Security "Cloud Security" is a security architecture that came into being to solve the Internet security situation of Trojan horse commercialization. It includes three levels: smart client, cluster server and open platform. "Cloud security" is an enhancement and supplement to the existing anti-virus technology, and the ultimate goal is to make users in the Internet era get faster and more comprehensive security protection.

The first is a stable and efficient smart client, which can be an independent security product or a security component integrated with other products, such as Kingsoft Internet Security 2009 and Baidu Security Center, providing basic functions of sample collection and threat handling for the whole cloud security system.

Secondly, the support of the server includes distributed mass data storage center, professional security analysis service and intelligent analysis and mining technology of security trends, which cooperates with the client to provide users with cloud security services;

Finally, cloud security needs an open security service platform as the foundation to provide platform support for third-party security partners to fight against viruses, so that third-party partners who lack technical reserves and equipment support can also participate in the anti-virus front, provide commercial incentives for downstream partners in the anti-virus industry, and get rid of the current situation that anti-virus vendors fight alone. The people in this article also: