Based worm attack mechanism, will be divided into use of system-level vulnerabilities (active dissemination) and the use of social engineering (deception spread) of two, and from the user point of view will worm into corporate networks and individual users for Class 2, business users and individual users from both the characteristics of worms and some preventive measures!
1. Worm virus definition
Virus from the date appears on a computer a great threat, and when the rapid development of the network, when the harm caused by the worm began to appear! From the broad definition of who can cause a computer malfunction, computer data destruction procedures collectively referred to as computer viruses. So from this sense, the worm is a virus! But worms and viruses in general have a big difference. For the worm, and now there is not a complete theoretical system, is generally believed that the worm is a vicious virus spread through the network, it has some common viruses, such as communication, invisible, destructive, etc., but also has some of their own features, such as not using file parasitic (some exist only in memory) for network denial of service, as well as technology integration and hackers, etc.! in the production of the destructive, the worm is not an ordinary virus can be compared, With the development of network worms can spread in a short time the entire network, causing network paralysis!
Case the user can be divided into two categories worm, one is for corporate users, and LAN, this virus to exploit system vulnerabilities, to initiate attacks, can cause paralysis of the entire Internet could be the consequences. Another is the personal users, through the network (mainly e-mail, malicious web page form) worm spread rapidly in these two types, the first great active attacks, but also has some of the sudden outbreak of , but relatively speaking, killing the virus is not very difficult. The second mode of transmission of the virus more complex and diverse, a few applications using the Microsoft vulnerability, more is to use social engineering to deceive and induce the user, so that the virus caused the loss is very large, while is very difficult to eradicate!
2. Worm virus, the similarities and differences with the general
Worm is a virus, so has the common features of the virus. General parasitic virus is needed, it can implement its own orders, to write their own instruction code in the body of another program, but the infected file is called a "host", for example, windows executable file under pe format format (Portable Executable), when the need infected pe file, the host program, create a new section, the virus code is written to the new section, modify the program entry point, etc., so that the host program execution time can be the first implementation of the virus program, virus program to run after this control to the host in the original program instructions. Shows that the virus is mainly infected files, of course, there are links as DIRII this virus, as well as boot sector viruses. He is infected with boot sector virus boot disk, if the floppy disk is infected, this floppy disk used in other machines, the same will infect other machines, the mode of transmission is using floppy disks, etc..
Worms generally do not take advantage of pe format insertion of documents, but copies itself to spread in the Internet environment, the mode of transmission capacity is mainly directed against the computer file system within the terms of the spread of the worm targets all computers within the Internet . LAN under shared folders, email email, network, malicious Web page, a large number of loopholes in the server and so there is a good way to spread the worm. Development of the network makes the worm can spread worldwide within a few hours! And active worm attacks and sudden outbreak of hand, foot and no policy will make it!
It is foreseeable that the future will bring great disaster to the network must be the main network worm!
3. Individual preventive measures on the worm
Through the above analysis, we can know that is not very horrible virus, network worm attacks on individual users primarily through social engineering, rather than the use of system vulnerabilities! So against such viruses need to note the following:
(1) purchase the appropriate anti-virus software! Anti-virus software must be to the memory real-time monitoring and real-time monitoring the development of e-mail! Other pages facing very hard to detect viruses, anti-virus software also allows users demand higher and higher! Current domestic anti-virus software also has a very high level. Like Rising, antivirus software, antivirus software, while integrating the fire-proof, worm and Trojan horse programs and thus have great restraint effect.
(2) frequently update the virus library, anti-virus software is killing the virus based on virus signatures, while the viruses emerging every day, especially in the Internet age, the spread of the worm speed, multi-variant, it is necessary to update virus database, so that the latest killing viruses!
(3) increase awareness of anti-virus. Do not to click on strange sites may contain malicious code on the inside!
When running IE, click on "Tools → Internet Options → Security → Internet zone security level", the security level from "China" to "high." Mainly because this type of page that contains malicious code ActiveX or Applet, JavaScript web page file, so IE settings, ActiveX plug-ins and controls, Java scripts, and all prohibited by the web can be substantially reduced risk of malicious code infection. Specific programs are: IE window, click "Tools" → "Internet Options" dialog box that pops up, select "Security" tab, then click the "Custom Level" button, will pop up "Security Settings" dialog box, to which all ActiveX controls and plug-ins and Java related with all the options select "Disable." However, this website in the future course of normal application may cause some ActiveX can not browse the website.
(4) does not free to see strange messages, especially messages with attachments, e-mail because some viruses can use ie and outlook of the vulnerabilities automatically, so computer users need to upgrade ie and outlook procedures, and other commonly used applications!
Network worms under development as a high-speed Internet, a new type of virus, will have an enormous danger on the Internet. In the defense, was no longer is a separate anti-virus vendors to address and need to network security companies, system vendors, antivirus vendors and user participation, and build comprehensive prevention system!
The combination of worms and hacker techniques make the analysis of the worm, detection and prevention with some difficulty, while a network worm propagation, network traffic characteristics of a mathematical model is to be the work!
没有评论:
发表评论