Script virus

Principle Analysis Prevention

Scriptivirus A common feature

script virus prefix is: script. The public characteristics of the script virus are written in scripting languages, viruses that are propagated through web pages, such as red code (script.redlof) script viruses typically have the following prefix: VBS, JS (indicating a script file format), such as happy time (VBS .Happytime), 14 days (JS.Fortnight.cs), etc. Frequent script file suffix: .vbs, .vbe, .js, .bat, .cmd.

Prevent some universal methods of malicious scripts

1. In IE settings, ActiveX plugins and controls all disabled all disabled can also avoid attacks of some malicious code. The method is: Open IE, click [Tool] → [Internet Options] → [Security] → [Custom Level], in the Security Settings dialog box, all of the ActiveX plugins and controls, and all the components related to Java It is forbidden. But after doing this, some beautiful webpages we can't appreciate.

2. Timely upgrade the system and IE and patch. Choose a good anti-virus software and make a timely upgrade, don't easily browse some unknown sites. Such a majority of malicious code will be refused to "machine"

development and characteristics

The biggest common feature mentioned above is: Writing using VBScript. The VBS script virus is a typical representative of VBS script virus is a very embarrassment of the VBS script virus, which is a simple reason is that it is easy to write. Below we come to analyze the various aspects of the VBS script virus one by one.

VBS virus is written in VB Script, which is very powerful, which uses the open features of the Windows system, by calling some ready-made Windows objects, components, can directly pay the file system, registration Table, etc. is controlled, and the function is very powerful. It should be said that virus is a kind of thought, but this idea is extremely easy to use VBS implementation. The VBS script virus has the following features:

Writing simple

If you don't know anything about the virus, you can have a new virus in a short period of time. Come.

Destroying power

Its destructive power is not only manifested in the destruction of user system files and performance. He can also crash the mail server, and the network occurs seriously.

Infective force

Since the script is directly explained, it does not need to do complex PE file format, so this type of virus can be directly passed. Copying the way infects other similar documents, and self-abnormal treatment is very easy.

propagation range

This virus can spread throughout the world in a short period of time through HTM documents, Email attachments, or other ways.

Virus source code is easy to obtain variant

Since the VBS virus interpretation is performed, its source code readability is very strong, even if the viral source is encrypted, its source code acquisition or easier. Therefore, this type of virus variant is more, slightly changed the structure of the virus, or modify the characteristic value, many anti-virus software may not force.

Deception

Script virus often adopts a variety of means to pay attention to the user, such as the attachment name of the mail, such as .jpg .vbs, because the system does not display the suffix by default, this way, when the user sees this file, it will think it is a JPG image file.

Virus production machine is very easy to achieve

so-called viral production machine, it is the machine of the virus, which can produce viruses (of course, it refers to procedures), current viruses Production machine, most of which is a script virus production machine, the most important point is because the script is explained, it is very easy, and it will be talked later.

is because of the above features, the development of script virus is extremely rapid, especially the emergence of viral production machines, making it very easy to generate new script viruses.

Scriptivirus example

Worm virus

Worm virus is a self-contained program (or a set of programs), it can spread its own function copy or Its parts are in other computer systems (usually through network connections). Please note that unlike general viruses, the worm does not need to attach it to the host program, there are two types of worms: host worms and network worms. The main computer worm is completely included in the computer they run, and the connection using the network only copies themselves to other computers, the main computer worm will terminate it itself after adding its own copy to another host (so At any given moment, only one worm is running), which is sometimes called "hare", and worms are generally transmitted through 1434 port vulnerabilities.

For example, "Nima" virus in recent years is a kind of worm, which is popular last year, "Panda Burning incense" and its variants are also worm. This virus utilizes a vulnerability of Microsoft Windows operating systems. After the computer is infected, it will automatically dial the Internet, and use address information or network sharing in the file to quickly destroy most of the user's important data. The general control method of worm is: use anti-virus software with real-time monitoring, and be careful not to open unfamiliar mail attachments.

Avir virus

May 4, 2000, a computer virus called "I love you" began to quickly spread around the world. This virus is propagated by Microsoft OUK email system, the subject of the message is "i love you" and contains an attachment. Once this message is opened in Microsoft Ou Tlook, the system will automatically copy and send this virus to all mail departments in the address book. "I love you" virus, also known as "love" virus, is a worm, which is very similar to the 1999 Merissa virus. It is said that this virus can rewrite some files above the local and network hard drives. After the user's machine is pending, the mail system will slow down and may result in crashing throughout the network system.