Worm: An old and young member of the virus family

If you mention the worm, you may not be able to say exactly what it is. But a mention of red code, Nimda, Love back Door, 2003 worm King, Shock wave, shock waves and other notorious viruses, I think we must remember that these viruses, once they erupt, will be global flood, causing the entire network turbulence, If you surf the Internet a lot, you are likely to suffer the ravages of them.

Worm generation: Dongfeng Night flowers thousand Trees

Worm is a kind of ancient virus, originated in the 70 's, since the worm was rooted in the network at the beginning, so with the development of the network, worms become more and more powerful, more destructive.

Early worms are not viruses, they are not destructive, it is just a network automation tool. 1972, originally only for military purposes and development of the Apache Network (ARPANET) began to go to the world, become the current Internet, from the Internet will be extremely rapid development. There were only 25 hosts on the Internet in 1973, but by 1987, the number of hosts connected to the Internet broke through 10000.

Each host to the vast number of computer users to provide a huge amount of information, it is painful to find useful information in such a large ocean of information, and to solve this search problem on the web, a group of enthusiastic technicians began experimenting with the "worm" program, conceived in the classic science fiction "Radio Knight", The novel describes a program called "Tapeworm", which can be found in droves, blocking the network. This worm program can run in parallel on many computers in a local area network, and can quickly and efficiently detect the status of networks and collect relevant information. Later, there has been a special detection of the web crawler program and specialized information-gathering spider program. At present, these two kinds of network search technology are still being used heavily.

Since these early worms are just a network of automated tools, so at the time this program was not considered a virus, the technology to write this tool was called worm technology, and when the first worm came into being, worm technology was greatly developed until the 1989 Morris worm incident occurred.

Morris is a graduate student at a university in the United States, and since his father was a researcher at Bell Labs, he has come into contact with computers and networks and is very knowledgeable about Linux systems. Admittedly, he was fascinated by the program that was able to control the entire network, so when he discovered several serious vulnerabilities in the operating system, he began to write the "Morris Worm," which has no practical value, but uses system vulnerabilities to replicate itself on the network, Because of a mistake in programming, Morris set the variable value that controls the speed of replication too large, causing the worm to replicate quickly in a short period of time, eventually paralyzing the internet. Because of the impact of this matter, social repercussions are very strong, the author himself has been punished by the law. Since then, the concept of worms as a virus has been established, and this way of using system vulnerabilities to spread is now the main mode of transmission of worms.

The principle of the worm: How much sorrow can you ask?

When the worm is identified as a virus, the real network virus appears, in general, the worm itself does not infect files, and will not rewrite the file, but the use of system vulnerabilities in the network to reproduce itself, to achieve some of the purpose of the virus manufacturers.

The worm runs on one or more machines and has the ability to relocate automatically, and it sends a copy of itself to the machine if it detects that a machine in the network is not infected. Each virus copy can relocate its copy to another machine and identify the machine it occupies, which runs on every computer on the network. Because it has reproductive nature, so the "worm" virus in a large area will occupy a large amount of network resources and system resources, resulting in some work can not be carried out smoothly. The shock wave virus is a typical worm that exploits bugs. Another type of worm, such as cover letter, SCO bomb, etc., is often transmitted in the form of e-mail attachments.

The process of worm transmission is: Scan, attack, copy, hide, control, destroy. A virus program usually consists of two parts: the main program and the bootstrapper. The main program scans the vulnerable computers on the network with vulnerability scanning technology, and because different scan packets are sent for different vulnerabilities, a worm typically exploits only one vulnerability. When a virus discovers a vulnerable computer, it will try to attack these computers, because this attack will cause the system's critical programs to be destroyed, so that the system has a variety of anomalies, which is the shock wave, shock waves and other worm outbreaks when the user's computer always restart.

When a virus attack succeeds, it obtains the highest control of the remote computer and then uses this power to copy its own bootstrapper to the remote computer and run it. When this bootstrapper is running, it will go back to the main program of the virus into this remote computer through the network, in this process, the bootstrapper will often make the main program to do hidden files into the system folder, and then modify the registry, set itself to automatically start the state. The reason why the virus hid itself in the system folder is because there are so many files in the system folder that the user can not remember so many file names, on the other hand, they don't care too much, so they have a good hiding effect. And the reason why the virus set itself to automatically start state, is because the worm itself does not have the ability to infect files, to obtain control of the system can only be started with the system to start automatically.

After all this was done, the virus main program starts to run, then monitors the entire system to complete any action it wants to accomplish, so the worm can have a variety of damage, such as "password" virus may steal user's password and system key information, and "HDD Killer" will destroy the user's computer hard disk. In fact, the user really feel the worm terrible place is not its destruction, but it is the process of transmission, because it is in the process of transmission to scan the network and copy themselves, so when a worm outbreak, will be in the network quickly formed a chain reaction, in a short period of time to cause the global network congestion, serious will also cause the entire network paralysis, Great harm.