Famous Computer Virus Cases in 217

1. Blackmailer

On June 11th, 26, the first Trojan virus aimed at extorting money from infected users in China was first intercepted by the Anti-virus Center of Jiangmin Company. What is the name of the virus? Blackmailer? (Trojan/Agent.bq), viruses can maliciously hide user documents and ask users for money in the name of repairing data. ? Blackmailer? In just 1 days after being intercepted, thousands of people across the country were recruited and many individuals and units suffered heavy losses. A netizen who was an uncle was trapped by a blackmailer, and the contract text was hidden by a virus, which made the original order lost. The netizen posted on the Internet out of anger and said that he was offering a reward of 1, yuan for an online search. Junyi? The virus author. Although the virus author claims that the virus was written only for? Make a living? However, because he broke the law, he finally failed to escape the punishment of the law. On July 24, Guangzhou police announced that the first case of blackmail virus in China had been solved. The author was criminally detained by the police, and waiting for him would be severely punished by law.

second, the vulnerability of Microsoft WMF was widely exploited by hackers, and many websites were hanged

around the Spring Festival in 26, the vulnerability of WMF exposed as early as last December became the first nightmare of computer security in 26. On December 28th, 26, Jiangmin Anti-virus Center detected that Windows had problems in processing special WMF files (that is, metafiles), which could lead to remote code execution. If users use Windows picture facsimile viewer to open malicious WMF files, even preview malicious WMF in the resource manager, there are code execution loopholes. Although Microsoft released a security patch on January 6th, however, at the end of January, the Trojan virus aimed at this vulnerability had spread on the Internet in China. On January 26th, Jiangmin Anti-virus Research Center has discovered that several websites are planted with this kind of Trojan virus. At the same time, many websites on the Internet are selling WMF Trojan generators publicly, and computer users who have not installed anti-virus software are poisoned by clicking any link. At the beginning of February, the spread of WMF Trojans was intensified, and it developed to spread wildly through search engine Post Bar and MSN. Later, under the encirclement of anti-virus vendors, WMF Trojans gradually became popular.

Third, the virus impersonated ICBC's e-banking upgrade

On June 27th, 26, a netizen reported that when he logged into ICBC's online personal banking, the system suddenly popped up a prompt that the e-banking system was being upgraded and asked to change the password, so he entered the login and payment password again as required, but when he clicked? Are you sure? After, in the computer? Jiangmin secret security? Suddenly issued? Unknown program sends password to the outside? Warning, so he contacted ICBC urgently, only to find that ICBC didn't upgrade its electronic banking system at all. He suspected that it was infected with a computer virus, and he was glad that he found it in time, otherwise the deposit in his account would have changed hands with others.

after analysis, Jiang min's anti-virus engineer thinks that this is an upgrade notice of ICBC's e-banking, with the purpose of stealing the account passwords of ICBC users. Considering the collective rights protection incident of ICBC's online banking users this year, people can't help wondering about the security regeneration of online banking.

IV. Devil Wave Virus Outbreak

On August 13th, 26, the Anti-virus Center of Jiangmin Company issued an emergency virus alert, which was spread by exploiting the MS6-4 vulnerability just released by Microsoft five days ago? Devil wave? (Backdoor/Mocbot.b) The worm appears on the Internet, and the computer infected with the worm will be completely controlled by the hacker remotely. In the routine MS6-4 security bulletin released on August 8, Microsoft said that the Server service vulnerability of its operating system may allow remote code execution, and suggested that computer users upgrade immediately.

it seems that it has become a rule, and every year, there will be an attack on Microsoft's new vulnerability? A certain wave? , in 23? Shock wave? , in 24? Shock wave? , in 25? Speed wave? , this year? Devil wave? , really? A wave of unrest, a wave of rise again? .

V. A variety of softwares on the website of Everbright Securities were bundled with Trojans

On August 25th, 26, Jiangmin Technology Anti-virus Center detected that they were provided on the website of Everbright Securities Sunshine Network (.com)? Everbright Securities New Online Trading System? 、? Everbright Securities Professional Analysis Edition 23? 、? Everbright Securities Golden Code 25? A variety of software installation programs, such as bundled with Trojans. When users run these installation programs, they will download online banking Trojans, threatening the account password security of ICBC online banking. According to the analysis of Jiangmin anti-virus experts, according to the information returned by the HTTP server of Everbright Securities, these malicious installation programs were launched on August 18, 26, and have been running with viruses for about a week. It is estimated that many users of online securities systems have been infected with the virus. According to expert analysis, it is very likely that the server of Everbright Securities was hacked.

It stands to reason that the security of banks and securities websites should be very guaranteed, and the website server is also equipped with an anti-virus software of a so-called international brand. How can it be easily captured by hackers and planted with Trojans? Is the webmaster too incompetent or the foreign anti-virus software too retarded?

Vi. Viking virus has caused havoc on the Internet

In the first half of October, Jiangmin Anti-virus Center monitored. Wiggin Many new variants of the virus (Worm/Viking) are active on the Internet, and many enterprise users have reported that they are infected with the virus, which has caused the whole LAN to be damaged to varying degrees. According to the data of Jiangmin National Virus Epidemic Monitoring System, since the virus first appeared on May 19th, 25, it is conservatively estimated that the number of infected computers is nearly 5,, and the number of variants has exceeded 5, so it can really be called the king of viruses in 26.

VII. CCB's Yunnan website was counterfeited

On November 2, 26, Jiangmin Company's Anti-virus Center detected that a malicious website counterfeited the website of China Construction Bank's Yunnan branch, spreading "QQ Thief" and martial arts rumor Trojan horse.

a fake website calls multiple malicious scripts, downloads them and runs them automatically? QQ thief? Trojan horse and? Wulin rumor? Two trojans, these two trojans will pose a great threat to the user's QQ number and Wulin rumor game account, and will try to shut down a number of well-known anti-virus software at home and abroad.

generally speaking, it's not a big deal for a virus to steal a QQ number, but you won't think so if you read this news. On December 15th, Shenzhen Jing Bao reported that a group of people with an average age of only 21 years old? Internet thief? Within one year, millions of QQ numbers and coins were stolen and sold through online trading platforms, making illegal profits of more than 7, yuan, involving 44 people. It turns out that there is such a big profit in the small QQ number. Criminals just seize the netizens' psychology that QQ number is of little value and is not worth pursuing, which eventually leads to a big case.

VIII. The UnionPay website was hacked into an unsolved case

On November 22nd, the anti-virus manufacturer claimed that the homepage of a financial official website was embedded with malicious programs by hackers. After users clicked on the homepage of the website, the system could automatically download a backdoor program, and the poisoned users' computers were at risk of being peeped by hackers. According to the anti-virus engineer, the backdoor program is called Black Hole 25, which is an old virus that Jiangmin intercepted a year ago and issued a large-scale warning. The virus has a strong ability to penetrate the firewall, which can ban the firewall and turn on the camera of the infected computer for remote monitoring and remote camera shooting. The virus will also add itself as? Service? , to achieve the purpose of automatic startup, very concealed.

However, this news was denied by a financial website. As time has passed, the facts cannot be reproduced. Only by reminding computer users to wear anti-virus clothes when surfing the Internet in the future (open the anti-virus software webpage to monitor), can we prevent problems before they happen.

nine,? Ripple? Harm exceeds? Devil wave?

On August 24th, Jiangmin Technology Anti-virus Center issued an emergency virus alert, since last week? Devil wave? Since the virus ravaged the Internet, the Anti-virus Center of Jiangmin Company has monitored. Ripple? The new variant of (Backdoor/RBot) worm is spreading wildly by taking advantage of Microsoft's MS6-4 and other system vulnerabilities. At present, it has been found that a large number of users in China are infected by viruses, and the systems of poisoned users can be completely controlled by hackers remotely. On August 23rd alone, there were three? Ripple? The spread of new varieties has exceeded? Devil wave? (Backdoor/Mocbot) worm.

X. The homepage of Tianya virtual community website is poisoned

On November 22nd, 26, the anti-virus company of Jiangmin Company detected that the homepage of Tianya virtual community website was poisoned. If users have not installed the MS6-14 security patch of Microsoft, they will be infected with Trojan/Hitpop when accessing this webpage with IE browser. The Trojan will click on some web pages in the background, create false traffic, and shut down a variety of antivirus software and firewalls.

on 23rd, the malicious code on Tianya homepage was deleted. Jiangmin Company reminds netizens, especially Tianya community users, to update the virus database of anti-virus software immediately and conduct a comprehensive scan of your system. The famous computer virus case

NO.1? CIH virus? Outbreak year: June, 1998

Loss estimate: about 5 million US dollars worldwide

NO.2? Melissa? Outbreak years: March, 1999

Loss estimate: about 3 million worldwide? $6 million

NO.3? Love bugs (Iloveyou)? Outbreak years: 2

loss estimate: more than $1 billion worldwide

NO.4? Red team? Outbreak year: July, 21

Loss estimate: about US$ 2.6 billion worldwide

NO.5? Blaster? Outbreak years: summer of 23

Loss estimate: tens of billions of dollars

NO.6? Sobig? Outbreak years: August 23

Loss estimate: 5 billion? $1 billion

NO.7? MyDoom? Outbreak year: January, 24

Loss estimate: USD 1 billion

NO.8? Shock wave (Sasser)? Outbreak years: April 24

Loss estimate: 5 million? $1 billion

NO.9? Panda burning incense (Nimaya)? Outbreak years: 26

loss estimate: hundreds of millions of dollars

NO.1? Online game thief? Outbreak years: 27

Loss estimate: 1 million dollars

I remind:

1) The number of newly discovered computer viruses keeps increasing year by year?

It is reported that among the newly added viruses, pop-up advertisements have become the main type of computer viruses because of their great confusion. According to the data of Tencent Computer Manager Lab, as of December 31st, 214, the top ten virus types infected by computers in 214 were: advertising, stealing QQ account and password, brushing traffic, Rootkit, tampering or locking home page, malicious injection, malicious downloader, stealing game account and password, backdoor or remote control, and hijacking browser.

At the same time, we know that among all virus types, bomb advertisements are reported the most frequently, accounting for 2% of the total number of viruses. Tencent Computer Manager's Anti-virus Lab believes that pop-up advertisements are very confusing, and often use the social mentality that users have become accustomed to pop-up advertisements to deliberately induce users to manually close the pop-up windows, so as to force users to visit their malicious promotion websites and spread viruses through advertising Trojans.

2) Web downloading has become a high-risk place for computer viruses?

among the transmission channels of viruses, the biggest transmission channel is webpage downloading. In 214, the number of viruses spread through web downloads still accounted for 72%, which was 6.7% lower than last year. The second largest virus transmission channel is instant messaging tools (IM channel transmission), accounting for 18% of the total, which is 21.5% higher than last year and 124.4% higher than the previous year, indicating that with the popularity of instant messaging tools, this channel has gradually become a popular transmission channel for malicious attacks. The third largest transmission channel is email transmission, and the amount of viruses transmitted through this channel accounts for 6% of the total, which is also significantly higher than that in 213.

in addition, with the popularization of various cloud disks, the number of viruses spread through mobile storage devices decreased by 35.5% compared with 213. According to the analysis of the report, in the future, with the popularization of social products, the whole society will become more and more relational and networked, and the network society will begin to rise. Accurate virus transmission methods based on social networks will increasingly become mainstream communication channels.

3) Summer is the peak season for viruses?

What's more, according to the distribution of virus outbreak time, summer has become? Virus season? . The number of newly discovered viruses is M-shaped all year round, which is high due to the surge of young netizens in summer. Further analysis shows that rogue software and malicious urls also broke out in summer.

according to the statistics of Tencent's computer housekeeper, from the monthly distribution of newly discovered viruses in pilfer date trojan from January to December, the number of newly discovered trojans in June to December is nearly twice that in January to May. August and October are the peak months for the prevalence of Trojan virus, accounting for 3.45% of the total number of Trojans in the whole year, with August as the peak, accounting for 15.64% of the total, mainly due to the summer vacation of students, the rapid growth of the number of young netizens and their low awareness of network security, which makes them easily infected and spread by pilfer date trojan.