God of Rebirth Trader

"This is the first case of computer virus production in China. You must win this case no matter what!"

February 30, 2007.

The 11th Bureau of the Ministry of Public Security urgently called the Hubei Provincial Public Security Department and requested that the local government crack down on this "cyber virus" case as quickly as possible.

On that day, six Internet surveillance experts from Hubei Province, experts from the National Computer Virus Emergency Response Center and the Internet surveillance team gathered in Jiangcheng.

As for the cause of the case, we have to start from four months ago.

In December 2006, a new type of virus called "Nimya" began to spread on the Internet.

In this era, viruses in computers are actually not a rare thing. It can even be said that every computer user has had the experience of being "poisoned" at one time or another.

Netizens are also used to it.

Because no matter what kind of virus is infected, all the problems can be solved by simply reinstalling the system.

At most it will only waste a little time.

Therefore, at this time, the "Nimya" virus had not yet been taken seriously by network regulators and even netizens, leaving time for "Nimya" to spread on a large scale.

However, in just four months, "Nimya" quickly infected tens of millions of computers with lightning speed.

What is even more surprising is that this virus is more destructive than ever.

Even if you reinstall the system, it won't help.

Because the virus will delete files with the extension gho, users cannot use ghost software to restore the operating system.

Not only that, this virus will also infect all webpage files on the hard disk and add virus URLs to them. As a result, as soon as users open these webpages, IE will automatically connect to the designated virus website to download the virus.

Simply put, this virus is also an "opener" for other viruses.

Once you are infected with this virus, it is equivalent to moving all the viruses on the Internet to your computer.

Of course, this function is not all that this virus has, but it is just the appetizer it gives you before it destroys your computer.

After being infected with this computer virus, all software icons on your computer desktop, including the desktop wallpaper, will be uniformly modified into a pattern of "a panda holding three sticks of incense, folding its hands and bowing".

Combined with the previously implanted virus website, a two-pronged approach will destroy your files until your computer displays a blue screen or restarts repeatedly.

Basically, after reaching this level, the only thing you can do is to cut off the power and go out to explore the great rivers and mountains of the motherland.

No matter how powerful the Internet addiction is, I will give you up.

For some website editors, this virus is a nightmare within a nightmare.

Because this virus can not only spread through U disks and shared files, it will also automatically add program code at the end of the computer's web page files.

In other words, if the editor of the website uploads data to the website after being infected with this virus, then all users who browse this webpage after that will be infected with this virus.

Among them, Jiangsu Province has become the "hardest hit area" focused on by this virus.

A large number of corporate computers were paralyzed.

By the time the National Computer Virus Emergency Response Center paid attention, thousands of companies and government agencies, including finance, taxation, energy, and other units related to the national economy and people's livelihood, had been infected.

At first, some people tried to use anti-virus software to kill computers, but this virus, known as "Panda Burning Incense", is highly resistant to anti-virus software and can terminate a large number of anti-virus software programs.

Ordinary system reinstallation has no effect at all.

Because when you are infected with a virus, the virus has already left a backup file for itself, waiting for you to reinstall it.

Unless the user completely formats the hard drive and then reinstalls it.

Only this method can completely put an end to "panda burning incense".

However, during this period, most people knew nothing about computers. Not to mention operations such as formatting and reinstalling the system, many people did not even know how to download anti-virus software.

They could only rush to the computer store and ask the boss for help.

For some computers used to store work files, this virus will cause the greatest harm to them.

Even if they install Jiangmin Antivirus, Rising Antivirus, Kingsoft Antivirus, 360 Security Guard, and a series of well-known domestic antivirus software, they still cannot truly completely kill the virus.

In less than ten minutes, "Panda Burning Incense" will be revived.

In order not to lose important files in their computers, many people do not dare to format their hard drives and can only wait anxiously for the emergence of a tool specifically designed to kill this virus.

However, at this time, the "Panda Burning Incense" virus has entered a period of rapid mutation.

Traces of possession by "Panda Burning Incense" have begun to appear in portals such as Tianya Community, Silicon Valley Power, pconline, and download links for well-known software such as Qvod and Baofeng Video.

From the traditional point-to-point to the current point-to-point, "Panda Burning Incense" is spreading rapidly with the amazing number of visits to the poisoned website.

Xiao Jiang is the network administrator of an Internet cafe in Heilong Province.

During the two days from March 2 to March 4, the Internet cafe where he was located was empty with no customers. When he turned on more than 40 computers in the Internet cafe, the screen was covered with "Panda Burning Incense" icons, and the system crashed and could not run.

.

"The virus was infected on the morning of the 2nd. It was just one machine at first. When I was killing the virus, other machines in the local area network were infected one after another." Xiao Jiang said in an interview with reporters.

On the morning of the same day, Mr. Liu, who worked in an IT company in Baijing, discovered after work that nearly 30 computers in the company were all infected with "Panda Burning Incense". The virus destroyed the program files in the computers and deleted the computer backups. The company was developing the virus

of half-finished software was destroyed.

Mr. Liu was so angry that he almost fainted, but there was nothing he could do.

On the same night, at a newspaper office in Baijing, technicians were running around, and dozens of editors and reporters were waiting for them to clear the "Panda Burning Incense" from their computers.

On March 5, Mr. Zhang, an employee of a Taiwan-funded company in Donghai City, turned on his computer and was greeted by rows of pandas holding incense.

Looking around, he found that his colleagues had the same surprised expression on their faces.

For a whole day, the company's business was paralyzed.

…

March 6, ten o'clock at night.

Infinity Company Headquarters, 14th Floor, Network Security Department.

A group of anti-virus engineers gathered around a computer isolated from the network.

As the mouse clicks, hundreds of panda icons appear on the screen. This is the "Panda Burning Incense" variant virus that engineers captured that day.

Jiang Yuan is an anti-virus engineer in the virus team of Infinity Company’s network security department.

His daily job is to work with dozens of partners to capture viruses circulating on the Internet, then "disassemble" the viruses, study their internal structures, and then upgrade the virus database within Infinite Company.

After capturing the virus sample, members of the virus team immediately put the virus into the "honeypot".

"Honeypots" are weakly defensive servers set up by virus teams on the Internet. Engineers deliberately set up multiple vulnerabilities on the servers to induce viruses to invade.

It's like a honey trap made by a hunter to attract prey.

Subsequently, they conducted an "anatomy" of the "Panda Burning Incense" in an isolated network environment.

After analysis, engineers discovered that beneath the cartoonish appearance of the virus, there was a huge potential for infection. Its infection mode and killing methods were very similar to the popular "Wiking" virus.

The technology of "Panda Burning Incense" is far from superb. It mainly depends on the author's continuous and crazy updates. As long as it is updated, Jiang Yuan and the others must update the special killing tool at any time.

In just the past two days, the specialized killing tool developed by Jiang Yuan and his colleagues has been upgraded more than ten times.

It can be said to be very passive.

Moreover, for such an easy-to-use virus, many hackers in the IT industry are already using it secretly. It is difficult to guarantee that this virus will not mutate again.

"It seems that this virus cannot be eliminated at all, unless its program is decompiled."

An old man with gray hair stood behind Jiang Yuan and the others, adjusted his glasses on the bridge of his nose, and said worriedly.