First, start with "Invincible Destruction King 2"
Xiao Bai: Dadongdong, last week's article on "The Wandering Earth" was greatly praised after it was released
Dadong: Haha, in fact, there are many movies that involve network security content, such as the Mission Impossible series, the Fast and Furious series, and the 007 series of movies are all based on network security technology as the technical core of the story.
Xiao Bai: Wow, because of blowing Sting ~ Dadongdong can tell me about it!
Dadong: Of course, no problem, let's start with a simple and easy-to-understand movie, "Invincible Destruction King 2: The Internet".
"Invincible Destruction King 2" promotional photos (image from the Internet)
Xiao Bai: I have seen this ~ Disney's imagination is really not covered, the complex architecture and technology behind the Internet, I actually understand it!
Daito: It's really an interesting movie, whether it's the fantastic transition from the era of game consoles to the era of WiFi Internet, or the connection and interaction between network protocols, routers, relay stations, and even recommended system algorithms, all of which are explained simply and clearly.
Xiao Bai: But in the end, the big boss looked so disgusting that I was suffering from dense phobia.
Daito: Do you know what kind of computer virus the big boss is?
Xiao Bai: emm... Ask The Great East to teach you!
2. Active bugs
Daito: Let's take a look at the settings in the film.
Xiao Bai: The small bench in the front row is ready~
Daito: This virus automatically scans for vulnerabilities in the program, replicates continuously, and spreads rapidly once it finds other targets, making it very active.
Xiao Bai: Could it be... Worms?
Daito: Yes, it seems that Xiaobai is still experienced.
Xiao Bai: Hee-hee.
Daito: In fact, friends who are familiar with network security should be able to quickly see that this is actually a typical worm. Very early on, when a worm struck on a computer, something like a bug appeared on the screen, randomly devouring the letters on the screen and changing it, so it was called a worm.
Xiao Bai: Haha, that's really quite image.
Dadong: This virus will use the network to replicate and spread, there are many famous cases in real life, such as the first worm "Morris", the "shockwave" virus that spread in the early Windows system, and the panda burning incense that was "red" in China at that time, all of which belong to worms.
Worm-copied vulnerabilities come together (Image: movie screenshot)
Third, network worms
Xiao Bai: That Big Dongdong carefully told me about the worm virus
Daito: A network worm is a stand-alone program that runs without the intervention of a computer user and spreads by constantly gaining some or all control of a vulnerable computer in a network.
Xiao Bai: Once there are any small loopholes in the program, they may be amplified.
Daito: The biggest difference between worms and ordinary viruses is that they do not require human intervention and can replicate and spread autonomously.
Network worm (image from the web)
Xiao Bai: How does it work?
Dadong: The workflow of the worm program can be divided into four stages: vulnerability scanning, attack, infection, and on-site processing. After the worm program scans the vulnerable computer system, the worm body is migrated to the target host. The worm then enters the infected system and processes the target host on site.
Xiao Bai: On-site processing?
Daito: The work of the on-site processing part includes: hiding, information collection, etc. The IP generation strategies adopted by different worms may not be the same, or even randomly generated. The complexity and simplicity of each step are also different, some are very complex, and some are very simple.
Xiao Bai: I know that the behavior of worms is characterized by self-propagation and automatic exploitation of software vulnerabilities.
Daito: Yes, this will cause network congestion, consume system resources, and leave security risks.
Fourth, panda burning incense
Xiao Bai: It sounds terrible, but the real outbreak of the worm virus is miserable!
Dadong: I don't know if Xiao Bai has ever heard of "panda burning incense" at this age?
Xiao Bai: It seems to be vaguely familiar.
Dadong: At the end of 2006, the "panda burning incense" incident caused a sensation in the country, and "panda burning incense" is a typical worm virus.
Xiao Bai: Wow, Dadongdong is quick to talk.
Dadong: The reason why panda incense burning is so sensational is because it is a visible virus - it will infect all THE EXE files on the disk, and each infected EXE has a typical icon Panda holding three sticks of incense, which is quite shocking.
Panda burning incense icon (image from the Internet)
Xiao Bai: Such a high-profile virus!
Dadong: When the author of the virus and his friends were caught, all the illegal gains were only a few hundred thousand yuan, but the virus infection spread rapidly, causing network paralysis when it was serious, and the domestic people had a real feeling for the harm of computer viruses for the first time. Therefore, it has become a classic case in the history of viruses and has a role in promoting the development of domestic Internet network security in the future.
Xiao Bai: Is there still a driving effect?
Dadong: After pandas burn incense, ordinary netizens marveled at the power of computer viruses, and antivirus software began to continuously improve the anti-virus software algorithm. Basically, it can be said that with the "panda burning incense", there is a security awareness of Chinese Internet netizens. Moreover, this incident is of far-reaching significance to promoting judicial interpretation and promoting the "guilty determination" of Internet crimes.
Xiao Bai: Eat a long and wise one~
5. Insecticides
Xiao Bai: So, is there any way to detect worms in advance?
Dadong: At present, there is no special worm detection and defense system in China, and the traditional host antivirus system cannot detect unknown worms, but can only passively detect worms with discovered characteristics. Moreover, the intrusion detection products on the market at present, the detection of worms is mostly based on characteristics, so we use the anomaly detection function provided by the intrusion detection system to control the infection of worms by finding abnormalities in the network.
Xiao Bai: Although it sounds like an hindsight suspicion, as long as it is found in time, we can still greatly reduce the loss caused by worms!
Daito: Once a worm is found, respond to it in the shortest possible time.
Xiao Bai: So what to do?
Daito: When an alarm is first generated, the administrator is notified and the worm-infected host is isolated through the interaction of a firewall, router, or HIDS. The worm is then analyzed, the detection strategy is further formulated, the unsafe hidden dangers of the entire system are patched as soon as possible, the worm is prevented from re-infecting, and the worm is deleted from the host infected with the worm.
Xiao Bai: Lock the virus and don't let him run around!
Daito: The most important thing is safety awareness, don't cause trouble because of curiosity. Tens of millions of networks, security first...
Xiao Bai: Knowing what you know, never browse the dark web and bad sites!
Source: Institute of Computing Technology, Chinese Academy of Sciences
Warm tips: Recently, the WeChat public account information flow has been revised. Each user can set up read-free subscription numbers, which will be displayed in the form of large cards. Therefore, if you do not want to miss the article of "Voice of the Chinese Academy of Sciences", you must do the following operations: Enter the "Voice of the Chinese Academy of Sciences" public number → Click on the ··· Menu → Select "Set as Star"