Joke Collection Website - Bulletin headlines - Is Y2K a virus?
Is Y2K a virus?
Dizzy. The famous disk drive is what you call a millipede. Its destructive power is extremely powerful.
I found information on Baidu Encyclopedia for you to see. This virus is much scarier than pandas burning incense.
This is an infectious virus written in MFC.
After the virus runs, it will first release the virus driver NetApi000.sys in the root directory of drive C. This driver is used to restore SSDT and remove all hooks hung by the anti-virus software. Then release the virus files smss.exe, netcfg.dll, netcfg.000, and lsass.exe in the com folder under the System32 path.
The program then exits and runs the lsass.exe just released.
After lsass.exe is run, the file just released will be released again in the com folder, and a new dynamic library file dnsq.dll will be released in the system32 folder, and then two random files will be generated. The log file named is a copy of lsass.exe and dnsq.dll, and then perform the following operations:
1. Download script/data.gif from the following URL, look for the window "MCI Program Com Application" and run the downloaded program if the window does not exist.
9. This virus will break into fragments, multiply rapidly, block the disk, make it impossible to access the disk, cause the computer to crash, blue screen, automatically shut down, and delete startup files. (Boot 152H)
[Edit this paragraph] Comprehensive evaluation
This virus has many variants and is constantly updated and upgraded. It can bypass active defense, Hips, Byshell technology, monitoring files and Windows, destroy group policy/IFEO, U disk infection, process daemon, turn off most anti-virus software and block common security tools, infect EXE and other files in non-system partitions ((including exe files in rar)), turn off automatic updates and destroy Safe mode, deleting the option to show protected hidden system files, turning on autorun on the drive, browser pop-up ads, and using ARP spoofing are all bad things that are difficult for ordinary users to handle.
The "disk drive" virus has caused an uproar on the Internet recently. Because the virus has seriously damaged the computer systems of many enterprises and individual users, it has aroused unanimous condemnation from computer users across the country. More and more anti-virus manufacturers have joined the ranks of killing "disk drives", starting another anti-virus war.
Last year’s “Panda Burning Incense” virus war is still fresh in people’s minds, because the virus generated many images of pandas holding three incense sticks in their computers, which once caused discussion and panic among computer users across the country. However, the "disk drive" virus does not seem to be as popular as "Panda Burning Incense", but many anti-virus experts agree that the "disk drive" virus is ten times more harmful than "Panda Burning Incense". Why is this?
Anti-virus expert He Gongdao recently conducted a comparative analysis of the "Disk Drive" and "Panda Burning Incense" viruses, from which we can see why the "Disk Drive" virus has been promoted as the "King of Poisons" .
1. Transmission methods
The "Panda Burning Incense" virus has many ways of transmission. It spreads through U disks and infected webpage files, spreads through local area networks, breaks into some large websites, and spreads through horse-mounting on normal web pages. The "disk drive" virus uses "ARP virus" to propagate itself in the local area network. The virus downloads and automatically runs more than 20 viruses by visiting a malicious website. Through the ARP virus, the "disk drive" virus can spread throughout the local area network instantly. computers throughout the network.
"Disk drive" can also be spread through U disks and web pages, but there has been no case of virus authors spreading the virus by breaking into large websites. The scope of transmission is not as high as that of "Panda Burning Incense", but if the virus author spreads it on a large scale in this way, the consequences will be disastrous.
2. Ability to counterattack anti-virus software
Both the "Panda Burning Incense" and "Disk Drive" viruses have the ability to counterattack anti-virus software, but the difference is that "Panda Burning Incense" only uses The anti-virus software is shut down by sending a shutdown message, and the "disk drive" destroys the monitoring of the anti-virus software by generating a driver with kernel permissions, disabling the monitoring function of the anti-virus software, and then shuts down the anti-virus software and prevents the anti-virus software from being upgraded. And block mainstream anti-virus software web pages.
At this point, "Disk Drive" far exceeds the "Panda Burning Incense" virus, causing some anti-virus software with weak active defense functions to be shut down. Currently, "Disk Drive" can shut down some Mainstream anti-virus software, which is why when many companies encounter "disk drive" viruses, almost no computer in the entire local area network is spared from the virus.
3. Self-protection and hiding ability
"Panda Burning Incense" uses process protection. The virus first generates a system service program to protect its process from being closed. As long as the virus is cleared The generated system service can easily shut down its process.
The "disk drive" uses almost every possible means of self-protection and hiding technology, and uses more than ten technologies to achieve the purpose of self-protection. For example: using process daemon technology, if a virus file is found to be deleted or closed, it will be re-run immediately. Virus programs run with system-level permissions, and DLL components are inserted into almost all processes in the system to load and run (including processes with system-level permissions). Utilizing shutdown write-back technology, the main program body of the virus is saved in the [Startup] folder when the computer is turned off to achieve self-starting. After the system is started, delete the virus body in the [Startup] folder to achieve the purpose of concealed startup without being discovered by the user. Use anti-HIPS technology to bypass the monitoring of some active defense programs "HIPS". Utilize fiber-optically connected servers to quickly upgrade virus bodies and quickly update to avoid detection by anti-virus software.
4. Virus variants and self-update speed
Since "Panda Burning Incense" is technically simpler than "Disk Drive" and the source code may be leaked, there are many virus variants. , and "Disk Drive" due to the complexity of the virus program, and it is currently confirmed that its source code has not been leaked to the Internet, so only two to three variants appear a week, and at most it reaches the rate of two variants a day. Although Compared with "Panda Burning Incense", it is slightly inferior in the number of variants, but the online upgrade and update speed of "Disk Drive" is staggeringly fast.
Anti-virus experts even suspect that the "disk drive" virus uses an upgrade server with fiber optic access, which can automatically update the virus body instantly even when the download volume is large.
5. Destructiveness of viruses
In terms of destructiveness, both "Panda Burning Incense" and "Disk Drive" can infect executable files and webpage files in the computer, causing system It runs slowly. The difference is that the "disk drive" encrypts and stores the infected files during the process of infecting them, making it more difficult to remove the virus. Both can link to malicious web pages to download Trojan viruses, but in terms of the number of Trojan viruses downloaded, "Disk Drive" far exceeds "Panda Burning Incense". "Disk Drive" can download more than 20 kinds of Trojan viruses, while "Panda Burning Incense" "Only one or a few Trojans can be downloaded.
The "disk drive" used ARP viruses to bring huge catastrophic accidents to corporate LAN users. Because the "disk drive" can instantly infect all computers in the LAN with the help of ARP, many units' Work was interrupted as a result, causing immeasurable losses.
6. Manifestation of the virus
In terms of expression, the performance of "Panda Burning Incense" is very obvious. The infected executable file generates a "Panda Burning Incense" pattern, which is very easy to judge. The infection of "disk drive" is very low-key and hidden. He tried every means to hide his whereabouts. It is difficult for ordinary users to detect traces of poisoning on the surface. Many users are not aware of the poisoning and have no other obvious abnormal symptoms except that the system seems to be slowing down.
It is under this deliberately low-key disguise that the "disk drive" virus waits for an opportunity to steal users' private and sensitive information, including game accounts and account passwords for online banking and online securities trading. The blatant robbery by "Panda Burning Incense" is even more terrifying.
- Previous article:What's a good word for forest farm shirt?
- Next article:Ankang chuangwen acceptance time
- Related articles
- Taxpayers' personal work summary model essay 1 words
- Basketball understands life.
- Is the ginkgo fruit that can't be peeled off immature?
- Warm tips on anti-freeze for vacant houses
- Positive energy warms the heart, literary short sentences, small fresh sentences, and crosses within 8 words.
- Love Science and Anti-Cult Handwritten Newsletter Contents
- How to make the font in WORD be in the middle when printed?
- New year's slogan of garbage sorting
- Three planning schemes of autumn outing in primary schools
Taking children for an autumn outing can help students get close to nature and society, feel the beautiful scenery of the motherland an
- 165438+ Guoyang county, Bozhou1October 26th epidemic prevention and control bulletin (the latest news of Yang Guo epidemic was added today).