Review the past five malicious attacks and predict

Review the past five malicious attacks and predict the future five attack means

this paper selects the five malicious attacks that have the widest impact and the strongest destruction in the past five years, and also predicts the five attack means that may have the greatest impact in the next five years

one, five attacks with the greatest impact

1 Red code (2001)

2 Nimda (2001)

3 Melissa (1999) and loveletter (2000)

4 Distributed denial of service attack (2000)

5 Remote control Trojan horse backdoor ()

II. Five attack methods in the future

1 Super worm

2 Stealth attacks

3 Use the program to automatically update the existing defects

4 Attacks against routing or DNS

5 Computer network attacks and terrorist attacks occurred at the same time. Looking back on the series of attacks suffered by Intel in the past five years, although there were many malicious attacks that caught people unprepared, such as the amazing propagation speed, the amazing victimization surface, or the amazing penetration depth, they were defeated one by one in the end. But after going through this baptism again and again, is our network now indestructible? This is a difficult question to answer, although everyone hopes that Luo is strong

based on a survey of more than 200 readers, we selected five malicious attacks that have the widest impact and the strongest destruction in the past five years, and also predicted five attack methods that may have the greatest impact in the next five years

it should be noted that the following selection and prediction confirm that the output of building steel structures of 36 million tons, 41 million tons and 46 million tons respectively cannot fully conform to everyone's point of view, but the author believes that our selection and prediction results should be very representative and meaningful

one or five attacks with the greatest impact

the reason for the selection result is that the destructive power of each of them almost shook most people's confidence in Intel at that time, from the CEO and CIO of the enterprise to the system administrator, station administrator, and even the end-user of the family or company. They have unprecedented doubts about the security of e-commerce, and even when opening their e-mail, they are uneasy and hesitant. In short, the panic they showed at that time simply shocked the author

1. Red code (2001)

one day in July 2001, IDS around the world almost simultaneously reported being attacked by unknown worms. Information security organizations and professionals quickly took action, using honeypots technology to capture data packets from the Internet for analysis, and finally found that this is a variant worm infected by Microsoft IIS buffer overflow vulnerability. In fact, this security vulnerability was discovered by eye digital security as early as a month ago, and Microsoft has also released the corresponding patch, but few organizations and enterprises have paid enough attention to it, downloaded and installed the patch

in just nine hours after the first outbreak of the red code, this small worm quickly infected 250000 servers without covering its ears, and its speed and wide range of depth quickly attracted the attention of the global media. The first red code worm found was just tampering with the home page of an English site, displaying "welcome to! Hacked by Chinese!" And other information. However, the subsequent red code worm flooded the Internet like a flood, launching DOS (denial of service) attacks and formatting the hard disk of the target system, and launching DoS attacks on the IP address of the White House WWW site from the 20th to the 28th of each month, forcing the White House WWW site to change its own IP address. After that, the red code continued to mutate, and its destructive power was stronger. When the red code II was rampant, nearly 20000 servers/5million stations were infected

with such excellent "skills", the red code ranked first with Nimda with an absolute advantage of 44% of the votes in our 1997-2002 poll

users can get the following enlightenment from the rampant red code:

as long as you pay attention to updating patches and fixes in time, the spread of general worms can be completely avoided. Therefore, as a system administrator, you should pay more attention to the latest vulnerabilities and fixes in your system and applications at ordinary times, and those who provide fixes and solutions should be installed and implemented immediately

when the network is attacked, the use of honeypot is a very effective method for further analysis

the reason why the red code stormed the White House was successfully suppressed was that ISPs cleared all the IP addresses of the White House in the routing table in time. Before this worm code attempted to block the network, it was discarded at the Internet border. In addition, the White House station immediately changed the IP addresses of all servers

2. Nimda (2001)

Nimda appeared exactly a week after the 9/11 terrorist attacks. The author still clearly remembers that the American network is often the target of terrorist organizations and hostile hackers. In addition, conflicts and frictions between regions will also lead to mutual attacks by hackers on both sides. At that time, it was rumored that China spread Nimda virus in order to test the rapid response ability of the United States to cyber terrorist attacks. Some security experts even shouted the slogan "we urgently need to formulate another 'Manhattan plan' to deal with cyber terrorism at any time", which shows the panic caused by Nimda at that time

Nimda virus was discovered at 9:08 a.m. it is obviously faster and more destructive than erythrovirus, and it spread all over the world in half an hour. Subsequently, 8.3 million computers were attacked around the world, causing a total economic loss of nearly $1billion

like "red code", Nimda is also a worm virus that infects the windows operating system through network. But the biggest difference between it and all previous Internet worms is that "Nimda" spreads through many different ways and infects many windows operating systems. "。" The red code "can only use the vulnerability of IIS to infect the system, and" Nimda "It uses at least four vulnerabilities of Microsoft products to spread:

defects in IIS;

JavaScript defects in browsers;

uses a security defect in Outlook E-mail client to send e-mail indiscriminately;

uses a defect in hard disk sharing to activate guest users and illegally promote them to administrators.

after a system is infected, Nimda will immediately find a breakthrough and quickly infect surrounding users The system uses most of the network bandwidth

from the whole process and characteristics of Nimda worm dissemination, network users can deeply realize that it is very important to have an emergency response ability to network attacks and establish a good relationship with security experts

in order to block the spread of malicious worms, it is often necessary to set a filter between the interface with the wide area, or simply temporarily disconnect the connection with the wide area

it is critical for network security to prohibit the execution of arbitrary scripts in e-mail clients and web browsers

lissa (1999) and loveletter (2000)

Melissa virus, which broke out in March 1999, and loveletter virus, which broke out in May 2000, also ranked among the top five in this selection because they can spread rapidly and cause great harm. Melissa is a microsoftword macro virus, and loveletter is a VBScript virus. In addition to using Outlook E-mail attachments to spread, malicious code is also using script language defects developed by Microsoft to attack, so the two are very similar

once the user opens this email in Microsoft Outlook, the system will automatically copy the malicious code and send a virus containing email to all email addresses in the address book. Soon, due to the large number of outlook users, its virus can be easily copied, and soon many companies' mail servers were flooded with spam and services were interrupted. Some companies immediately disconnect their internal networks from the Internet after discovering that they have been attacked or may be attacked, remove or isolate the worm infected machines internally, and connect to the Internet after the virus storm, so as to avoid its harm. At that time, the major anti-virus manufacturers immediately distributed virus signature files to their customers shortly after the outbreak of the virus, but because too many users had to download and update the virus database at the same time, it became very difficult to update the signature files in time, which undoubtedly contributed to the spread of the virus. It is also for this reason that the Meliss rotator rotates in a straight line without restraint along the plane. The harm caused by a and loveletter viruses is second only to red code and Nimda

Melissa and loveletter stimulated enterprises and companies' investment in network security, especially in anti-virus

the incompetence of many companies in emergency response to the network worm virus has stimulated the unprecedented growth of professional network security emergency response teams

4. Distributed denial of service attack (2000)

in the season of the new millennium, people in the field of information security think they can collectively breathe a long sigh of relief, because they think that due to the problem of the millennium bug, there should be no ripple in the field of information security for the time being. Then, after January, there was a flood that no one expected: after Yahoo, the world-famous station, was the first to announce that it had completely collapsed due to the distributed denial of service attack, then CNN, e*trade, ZDNet, excite, eBay and other seven famous stations also completely collapsed at almost the same time. This undoubtedly sounded the alarm of Internet again. In fact, people have been exposed to flood attacks from hundreds of machines before, but such a large-scale attack as Yahoo has never been witnessed or even imagined

what enlightenment can people get from the powerful DDoS attack on Yahoo

the key to prevent this attack is whether the anti spoofing filter of the network outlet is powerful. That is to say, if the source IP address of the packet received by your web server is forged, your border router or firewall must be able to recognize it and discard it

the network security incident response team realized that they must work with their ISP to prevent the flood attack of data packets. If you lose ISP support, even if your firewall is powerful, the bandwidth of your network outlet may still be used by all stations. The only effective and fastest way is to work with ISPs to stop this huge flood attack through packet loss and other methods

unfortunately, DDoS attacks continue even now