News

'Worm war' between virus writers to blame for recent worms, say experts

Antivirus experts have identified latest versions of three major e-mail worms and have said that a "war" between rival virus writers may be to blame for the number of outbreaks in recent weeks.

Latest versions of the MyDoom, Netsky and Bagle have all appeared on the internet in the past 24 hours.

Antivirus researchers have uncovered text messages in two of the worms which suggests a battle is under way between virus writers.

Examples of Netsky.F, Bagle.K and Mydoom.H were isolated, according to antivirus company F-Secure.

All three variants resemble their predecessors, which spread in e-mail messages with vague-sounding subjects using infected attachments such as Zip, EXE or PIF files.

The viruses have their own SMTP (Simple Mail Transfer Protocol) engines and harvest e-mail addresses from infected computers, which are then targeted with infected mail.

The Bagle and Mydoom worms also open communication ports on infected systems which can be used by remote attackers to route spam e-mail, send malicious instructions to the computer or install remote monitoring software, said Al Huger, senior director of engineering for security response at Symantec.

Bagle.J, Bagle.K, Netsky.F and Mydoom.G also contain comments that are part of a spirited dialogue between virus authors, according to antivirus company Sophos.

Text comments in the worm code are preserved in the binary format file that is created when the code is "compiled", or turned into a computer program that can be run.

Spiced with foul language and bad spelling, the messages portray a playground-style brawl between the authors, with the internet worms acting as messengers.

The tussle between virus authors started in January when Netsky began removing the Mydoom and Bagle viruses from machines it infected, Huger said.

The spat escalated in recent weeks, with multiple versions of the Bagle and Netsky worms appearing on an almost daily basis, primarily as vehicles for delivering new barbs and insults from the authors.

"This behaviour isn't new. The hacking community has been doing this for years," Huger added. "The more they talk, the more the open up chances to get caught."

Paul Roberts writes for IDG News Service


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy