This virus, which Xiaoji called "almost omnipotent", was recently called the strongest virus in history-"Flame". When you open a seemingly perfect web page and file, when you copy and paste materials with your own USB, when you open a Bluetooth device to transfer files ... "Flame" may have quietly invaded your computer.
The flame has been lurking for five years.
The earliest appearance of the "flame" virus can even be traced back to 2007. It is extremely complicated and threatening. This is not only a backdoor program, but also a Trojan horse. However, it has the characteristics of a worm, recording through the microphone of the victim's computer, capturing computer pictures, recording keyboard operation behavior, detecting network traffic, and communicating with peripheral Bluetooth devices. At present, the flame is mainly spread in the Middle East countries such as Iran, Israel and Palestine, and it is also found in Macao and Hong Kong. Anti-virus experts say that the "flame" may spread all over the world.
"Flame" is similar to the notorious viruses Stuxnet and Duqu. The size of Stuxnet and Duqu virus is about 500KB, but the size of the whole flame can exceed 20MB! It can be hidden with a huge "body" for five years without being discovered, and the "flame" virus should not be underestimated. Foreign media reported that it may take at least 10 years to completely crack the "flame".
Two methods of checking "flame"
Even if you update to the latest Windows 7 computer, you can't escape the infection of this virus. Therefore, we must not take it lightly. At present, everyone can judge whether the computer is infected with "flame" through simple inspection methods.
1. Click Start-Search-Select a file or folder and find the file "~DEB93D.tmp". If such a file exists in the system, it means that it has been infected by the "flame" virus.
2. If you are not sure about the above methods, you can click Start-Search-Select a file or folder, find the file "regedit", click Open Registry, and check the registry key HKLM _ System \ Current Control Set \ Control \ LSA \ Authentication Package. If you find the mssecmgr.ocx or authpack.ocx file, your device has been infected by Flame.
Experts suggest "calm response"
It is understood that the most reliable way to prevent "flame" at present is to install professional anti-virus software and upgrade to the latest version, and at the same time turn on real-time monitoring function. Large anti-virus software companies at home and abroad have issued relevant preventive measures:
Security experts said that the "flame" virus was recently discovered by the security industry, mainly because it used Microsoft's digital signature to cheat loopholes and disguised as a file signed by Microsoft. At present, Microsoft has released a patch for this vulnerability, and 360 security guards also pushed the patch for all users at the first time, which can protect the computers of netizens in China and effectively "extinguish the fire".
The network anti-virus engineer pointed out that the "flame" virus is indeed complex enough. There are seven main files that constitute the "flame" virus, each of which performs its own duties, * * * completing system intrusion and intelligence collection, which can be called a computer network intelligence collection system with virus characteristics.
In addition, experts reminded that the characters contained in the internal code of the virus are mostly "flames". Therefore, if you see a file ending in "flame" recently, you must be vigilant and don't open it easily.