What are the famous hacker virus disasters in history?
The outbreak year of No.65438+0 "CIH virus":1June 1998. The CIH virus (1998) was written by a college student named Chen Yinghao from Taiwan Province Province and was introduced to Chinese mainland from Taiwan Province Province, China. The carrier of CIH is a tool named "ICQ Chinese Ch_at module", which is reproduced by various websites on the Internet by popular pirated CD games such as Tomb Raider or Windows95/98, making it spread rapidly. CIH virus is a file virus, and its alias is Win95. CIH, space filler, Win32. CIH and CIH. It mainly infects executable files (PE format) under Windows95/98, but the current version does not infect DOS and WIN 3. X(NE format, Windows and OS/2 Windows 3. 1 executable file format), and it is invalid in Win NT. Its development process has gone through five versions: v 1.0, v 1. 1, v 1.2, v 1.3 and v 1.4. Loss estimate: The global No.2 "Melissa" is about 500 million dollars. Outbreak year:1March 999. Melissa (1March 1999) spread herself by sending emails to 50 contacts on the user's address book list through Microsoft's Outlook email software. The email is like the following sentence: "This is the document you requested, please don't show it to others", and an attachment of the Word document is attached. Clicking on this file will make the virus infect the host and copy itself repeatedly. On Friday, March 26th, 1999, W97M/ Melissa made the front page of newspapers all over the world. It is estimated that this Word macro script virus infects 15%~20% of commercial PCs around the world. The virus spread so fast that Intel, Microsoft and many other companies using Outlook software were caught off guard to prevent damage, and they were forced to shut down the entire email system. Loss estimate: about 300-600 million US dollars worldwide. No.3 outbreak year of "iloveyou": in 2000, I love you (2000) spread through the Outlook mail system, with the subject of the mail as "I love you" and the attachment as "Love-Letter-for-you.txt.vbs". After opening the virus attachment, the virus will automatically send a virus email to all mailboxes in the address book, block the mail server, and infect twelve extensions such as. VBS。 HTA。 JPG and. MP3。 The new "Vbs" The virus "Newlove" spreads through outlook, just like the Vbs.loveletter virus. When you open the attachment of virus mail, you will observe that the computer's hard disk light flashes wildly, the system speed slows down obviously, and a large number of files with vbs extension appear in the computer. All shortcuts are changed to be associated with wscript.exe in the system directory, which further consumes system resources and leads to system crash. Loss estimation: the global cost exceeds $654.38+0 billion. NO.4 "Red Team" Outbreak Year: July 2006. 5438+0 Red Team (200 1) is a computer worm that can spread through network servers and the Internet. On May 38, 2006+July 0 13, the red team spread from the network server. It aims to attack the network server running Microsoft Internet information service software. Ironically, before this, in mid-June, Microsoft released a patch to fix this vulnerability. After being infected by it, the network site controlled by the attacked host will display such information: "Hello! Welcome, then the virus will take the initiative to find other vulnerable hosts to infect. This behavior lasted about 20 days, and then it launched a denial of service (DoS) attack on some IP addresses. In less than a week, nearly 400,000 servers were infected, and 1 10,000 computers were infected. No.5 "Blaster" outbreak year: The summer shock wave in 2003 was intercepted by Rising Global Anti-virus Monitoring Network for the first time on August 12, 2003. When the virus is running, it will constantly use IP scanning technology to find computers with Win2K or XP system on the network, and attack the system by using DCOM RPC buffer vulnerability after finding it. Once successful, the virus will spread to the other computer for infection, making the system run abnormally, constantly restarting, and even causing the system to crash. In addition, the virus will also conduct a denial-of-service attack on an upgraded website of Microsoft, resulting in the website being blocked and users unable to upgrade their systems through the website. /kloc-After August of 0/6, the virus will also make the attacked system lose the ability to update the vulnerability patch. Loss estimation: tens of billions of dollars No.6 "Sobig" outbreak year: August 2003. Big Mac (2003) spread through the local area network, looking for all computers on the local area network, and tried to write itself into the startup directory of every computer on the Internet to start itself. Once the virus runs, it will automatically download the virus from the designated website every two hours when the computer is connected to the internet. At the same time, it will look up all email addresses on the computer hard disk, and send virus emails with titles such as "Re: Movies" and "Re: Sample" to these addresses for mail dissemination. The virus will also download the virus from the designated website every two hours and send the user's privacy to the designated mailbox. As part of the email content comes from the data in the infected computer, it is possible to disclose the confidential files of users, especially enterprises and institutions that use local area network to work, it is best to use online antivirus software to prevent important data from being stolen! Loss estimate: 5 billion-1000 billion USD No.7 "mydoom" outbreak year: 65438+20041October. MyDoom(2004) is a virus more powerful than "Big Mac virus", which broke out on June 26, 2004, resulting in peak network loading time. It will automatically generate virus files, modify the registry, and spread it by email. It will also try to download and execute backdoor programs from multiple URLs. If the download is successful, it will be saved in a Windows folder named winvpn32.exe. This backdoor program allows malicious users to remotely access infected computers. The virus uses its own SMTP engine to send toxic e-mails to spread. The virus collects e-mail addresses from related key values in the registry and files with various extensions. The virus will also request e-mail addresses according to some established rules and send toxic e-mails to these addresses. The virus also ignores email addresses with specific characters. Loss estimation: Billions of dollars. No.8 "Sasser" outbreak year: April 2004. Shockwave (2004) broke out on April 30, 2004, causing tens of millions of dollars in losses to the world in a short time. It also reminds everyone that in April 2004, the virus was a third-party modified version of I-worm/sasser.a. Like the previous version of the virus, it was also spread through the latest LSASS vulnerability of Microsoft. We remind users to download Microsoft patches in time to prevent virus invasion. If the virus file is executed in a pure DOS environment, English sentences condemning American soldiers will be displayed. Systems infected by shock wave include Windows 2000, Windows Server 2003 and Windows XP. After the virus runs, it will skillfully copy itself as %WinDir%napatch.exe, randomly search the machines on the network, and send illegal data containing backdoor programs to port 445 of the remote computer. If the remote computer has MS04-0 1 1 vulnerability, it will automatically run the backdoor program and open the backdoor port. Ghost estimate: 500 million-65.438+0 billion US dollars NO.9 "Nimaya" outbreak year: 2006 panda burning incense (2006) To be precise, the large-scale outbreak began at the end of 2006. Take worms for example. Take WhBoy.h as an example, it is written with Delphi tools, which can stop a large number of antivirus software and firewall software processes, and the virus will be infected by "panda burning incense". exe,*。 com,*。 pif,*。 src,*。 Html and *. The asp files of the system cause IE to automatically connect to the designated virus website to download the virus as soon as the user opens these web files. Autorun.inf and setup.exe files are generated for each partition of the hard disk. The virus can also spread through USB flash drives and mobile hard disks, and run with the automatic playback function of Windows system. " "Panda Burning Incense" can also modify the registry startup items, and the infected file icon will become a "Panda Burning Incense" pattern. Viruses can also spread through shared folders and weak system passwords. Loss estimation: Hundreds of millions of dollars 10 "Cyber Robber" Outbreak Year: 2007 Cyber Robber (2007) is a virus that steals online game accounts and passwords, and its variant wm is a typical variety. Jws, the English version of Troy /PSW. Jws, one of the latest variants of the Trojan family, is written in VisualC++ with shelled. After jws, a variant of "online robber", runs, it will copy itself to the Windows directory and register it as a "Windows_Down" system service, thus realizing self-startup. The virus will steal the accounts and passwords of many online game players, including World of Warcraft, Perfect World and Journey. , and download other viruses to run locally. Once the player's computer is poisoned, it may lead to the loss of the game account and equipment. In 2007, it was a sensation, and online gamers were on pins and needles. Loss estimate: about $2.6 billion worldwide.