"This is the first case of computer virus production in China, and you have to win this case no matter what!"

2007, 30 February.

The 11th Bureau of the Ministry of Public Security urgently called the Hubei Provincial Public Security Department, demanding that the local government crack this "network virus" case as quickly as possible.

On the same day, six network supervision experts from Hubei Province, experts from the National Computer Virus Emergency Response Center and the network supervision brigade gathered in Jiangcheng.

As for the cause of the case, it has to start from four months ago.

In December 2006, a new type of virus called "Nimuya" began to spread on the Internet.

In this era, viruses in computers are not uncommon, and it can even be said that every computer user has more or less experienced "poisoning".

Netizens are also accustomed to it.

Because no matter what virus you have, you only need to reinstall the system to solve all problems.

At most, it's a little bit of time.

Therefore, the "Nimuya" virus at this time has not been highly valued by Internet supervisors and even netizens, so that there is time for the large-scale spread of "Nimuya".

However, only four months have passed, and "Nimuya" has quickly infected and invaded tens of millions of computers.

What's even more surprising is that this virus is more destructive than ever.

Even if you reinstall the system, it won't work.

Because the virus deletes files with the gho extension, it is impossible for users to restore the operating system using ghost software.

Not only that, but this virus also infects all web files on the hard drive, adding virus URLs to them, causing IE to automatically connect to the designated virus website to download the virus as soon as the user opens these web pages.

To put it simply, this virus is also an "opener" for other viruses.

Once infected with this virus, it is equivalent to transferring the entire network of viruses to the computer.

Of course, this feature isn't all there is to this virus, but it's just a starter for you before it destroys your computer.

After being infected with this computer virus, all the software icons on your computer's desktop, including the desktop wallpaper, will be uniformly modified into a pattern of "panda holding three sticks of incense, making a combination".

Combined with the previous virus-planted websites, the two-pronged effort is to destroy your files until your computer appears with a blue screen or restarts repeatedly.

Basically, after reaching this point, the only thing you can do is cut off the power and go out to browse the great rivers and mountains of the motherland.

No matter how bad the Internet addiction is, you will quit it.

For some website editors, the virus is a nightmare within a nightmare.

Because this virus can not only spread by using USB flash drives, but also sharing files, it will also automatically add program code at the end of the web page file on the computer.

In other words, if the editors of the website upload data to the website after being infected with this virus, then all users who browse the page after that will be infected with the virus.

Among them, the Jiangsu Province has become the "hardest hit area" of the virus.

A large number of corporate computers are paralyzed.

By the time the National Computer Virus Emergency Response Center took it seriously, thousands of enterprises and government agencies, including finance, taxation, energy, and other units related to the national economy and people's livelihood, had been infected.

At first, some people tried to use antivirus software to disinfect computers, but this virus, known as "Panda Burning Incense", is very resistant to antivirus software and can put an end to a large number of antivirus software programs.

Ordinary system reinstallation is completely ineffective.

Because when you are infected with a virus, the virus has already left a backup file for itself, just waiting for you to reinstall it.

Unless the user completely formats the hard drive and then reinstalls it.

Only in this way can we completely put an end to "panda burning incense".

However, during this period, most people don't know anything about computer knowledge, let alone formatting, reinstalling the system, and even how to download antivirus software, many people don't know.

They could only rush to the computer store and ask the boss for help.

For some computers that store work files, the virus causes the most damage.

Even if they install a series of well-known domestic antivirus software, such as Jiangmin Antivirus, Ruixing Antivirus, Kingsoft Antivirus, 360 Security Guard, etc., they can't really completely kill the virus.

Within ten minutes, "Panda Burning Incense" was about to rekindle again.

In order not to lose important files in the computer, many people do not dare to format the hard drive, so they can only wait anxiously for this virus-killing tool to appear.

However, at this time, the "Panda Burning Incense" virus has entered a period of rapid mutation.

Traces of "panda burning incense" have begun to appear in the download links of well-known software such as Tianya Community, Silicon Valley Power, and PConline, as well as well-known software such as Kuaibo and Storm Audio.

From the traditional point-to-point to the current point-to-point, "panda incense" is spreading rapidly with the help of the astonishing number of visits to the poisoning website.

Xiao Jiang is the network administrator of an Internet café in Heilong Province.

For two days, from March 2 to March 4, the Internet café where he worked was empty, there were no customers, and when he opened more than 40 computers in the Internet café, the screen was covered with "panda incense" icons, and the system crashed and could not function.

"The poison was in the morning of the 2nd, and it was just a machine at first, and when I killed the virus, other machines in the LAN were hit one after another." Xiao Jiang said in an interview with reporters.

On the same morning, Mr. Liu, who works for an IT company in Baijing, found that nearly 30 computers in the company were infected with "Panda Burning Incense", and the virus destroyed the program files in the computers, deleted the computer backups, and destroyed the semi-finished software that the company was developing.

Mr. Liu was so angry that he almost fainted, but he was helpless.

That same night, in a newspaper office in Baijing, technicians were running around, and dozens of editors and reporters were waiting for them to clear the "panda burning incense" from their computers.

On March 5, Mr. Zhang, an employee of a Taiwanese-funded company in Donghai City, turned on his computer and was greeted by rows of pandas holding incense.

Looking around, he noticed the same look of surprise on the faces of his colleagues.

For a whole day, the company's business was paralyzed.

……

March 6, 10 p.m.

Infinity Corporate Headquarters, 14th Floor, Cyber Security Department.

A group of anti-virus engineers surrounding a computer isolated from the network.

With the click of the mouse, hundreds of panda icons appear on the screen, which is the "panda burning incense" variant of the virus that the engineers captured that day.

Jiang Yuan is an anti-virus engineer in the cybersecurity department of Infinity Corporation, the virus team.

His daily job is to work with dozens of partners to catch viruses circulating on the Internet, then "disassemble" the viruses, study their internal structure, and upgrade the virus database within Infinity.

After capturing the virus sample, the members of the virus team immediately put the virus into the "honeypot".

"Honeypots" are some weakly defended servers set up by the virus team on the Internet, and engineers deliberately set up multiple vulnerabilities on the servers to induce viruses to invade.

It's like a honey-stained trap made by a hunter to attract prey to the bait.

Subsequently, they conducted a "dissection" of the "panda burning incense" in an isolated environment on the Internet.

After analysis, the engineers found that under the cartoonish appearance of the virus, there is a huge potential for infection, and its infection mode and killing methods are very similar to the popular "Weijin" virus.

The technology of "Panda Burning Incense" is not superb, it mainly depends on the author's continuous and crazy updates, as long as it is updated, Jiang Yuan and they must update the killing tool at any time.

In just the past two days, the killing tools developed by Jiang Yuan and his colleagues have been upgraded more than ten times.

It can be said to be very passive.

Moreover, such a good virus has been secretly used by many hackers in the IT industry, and it is difficult to guarantee that this virus will not mutate again.

"It seems that this virus cannot be eliminated at all, unless its program is decompiled."

An old man with gray hair stood behind Jiang Yuan, lifted the glasses on the bridge of his nose, and said worriedly.

(End of chapter)