The principle and prevention method of LAN virus intrusion

Computer viruses have been in the network for a long time, and its in the local area network can also quickly reproduce, resulting in the local area network computer infection, the following will be introduced on the local area network virus intrusion principle and prevention methods.

The principle and phenomenon of LAN virus intrusion

Generally speaking, the basic composition of computer network includes network server and network node station (include disk workstation, diskless workstation and remote workstation). Computer viruses generally first through a variety of channels into the disk workstation, but also into the network, and then began to spread on the internet. Specifically, its transmission methods are as follows.

(1) The virus is copied directly from the workstation to the server or transmitted through the network via mail;

(2) The virus first infect workstation, in the workstation memory resides, and so on runs the network inside the program to infect to the server again;

(3) Virus first infection workstation, in the workstation memory resident, in the virus run directly through the image path to the server

(4) If a remote workstation is infected by a virus, the virus can also enter the network server through data exchange once the virus has entered the file server, it can quickly infect every computer on the entire network. For a diskless workstation, because it's not really "diskless" (its disk is a network disk), when it runs a poison program on the network disk, it infects the virus in memory to the program or other files on the server through the image path, so the diskless workstation is also a hotbed of viral evil.

By the above virus in the network transmission way visible, in the network environment, the network virus besides has the dissemination, the enforceability, the destructive and so on computer virus's commonness, but also has some new characteristics.

(1) Rapid infection rate

In a stand-alone environment, the virus can only be brought from one computer to another through the media, while in the network it can spread rapidly through the network communication mechanism. According to the measurement, in the normal operation of the network, as long as one workstation has a virus, can be in a few 10 minutes online hundreds of computers all infected.

(2) wide diffusion surface

Because the virus spreads very fast in the network, spreads the scope to be very big, not only can quickly infect all computers in the local area network, but also can transmit the virus in the instantaneous distance through the remote workstation.

(3) The forms of communication are complex and diverse

Computer virus in the network is generally through the "workstation" to "server" to "workstation" way to spread, but now virus technology has improved a lot, the form of transmission complex and diverse.

(4) It is difficult to completely eliminate

Computer viruses on a single machine can sometimes be solved with a poison file. Low-level format of the hard drive and other measures can completely eliminate the virus. And the network as long as a workstation failed to clear clean, can make the entire network to be infected with the virus, or even just finished anti-virus work of a workstation, it is possible to be another network with poison workstation infection. Therefore, only to the workstation antivirus, and can not solve the virus on the network harm.

(5) Destructive

Network virus will directly affect the work of the network, light to reduce speed, affect work efficiency, heavy to make the network crash, destroying server information, so that many years of work destroyed.

(6) The availability of excitation

The network virus stimulates the condition to be diverse, may be the internal clock, the system date and the user name, may also be a network communication and so on. A virus program can fire and issue an attack on a workstation, as required by the virus designer.

(7) Potential

Once the network is infected with the virus, even if the virus has been removed, the potential danger is enormous. According to statistics, 85% of the network will be infected again within 30 days after the virus is cleared on the network.

For example, a Nimda virus that searches the local network for file sharing, whether a file server or a terminal client, once found, installs a hidden file named Riched20.DLL to each directory containing "DOC" and "eml" files, when the user passes word, WordPad, When Outlook opens the doc and EML documents, the applications execute the Riched20.DLL file, causing the machine to infect, and the virus can infect files that the remote server started. e-mail with Nimda virus, do not need you to open the attachment, as long as you read or preview the message with the virus, you will continue to send poison mail to your address book friends.