WEBINAR: Live Event Date: September 20, 2017 @ 1:00 p.m. ET / 10:00 a.m. PT
Designing a Proactive Approach to Information Security with Cyber Threat Hunting REGISTER >
The Bagle, Netsky and MyDoom worms have been hitting the Internet in an incessant series of waves over the past several weeks, straining IT managers, corporate networks and anti-virus vendors. Earlier this week, seven variants of the Bagle worm were let loose in the wild within a 72-hour period. Netsky had quickly revved up to the D-variant.
In the past few days, the pace has slowed but the variants keep on coming.
Bagle-K has been released. As for Netsky, variants F,G and H have hit the wild. And not to be forgotten, the H variant of the virulent MyDoom virus was released as well.
And the viruses are wreaking a lot of havoc.
The Netsky family of worms has caused between $25.6 billion and $31.3 billion in damages worldwide, according to mi2g, a security intelligence firm based in London. The Bagle family has caused between $733 million and $896 million in damages. Bagle, Netsky and MyDoom have infected more than 215 countries, reports mi2g analysts.
And analysts say that wave after wave of variants is running the industry ragged.
Every variant, even though they're being released almost right on top of each other, is different from its predecessor just enough to require the anti-virus vendors to update their detection and filtering capabilities for each one. Central Command, Inc., an anti-virus company based in Medina, Ohio., is advising its large users to update their anti-virus software every hour, instead of once a day or several times a day.
Belthoff says keeping up this kind of pace is taking its toll.
''It's keeping the anti-virus vendors on their toes, certainly,'' adds Belthoff. ''And, of course, it's impacting corporate IT because of the increased load on their networks and because they've having to deal with so many frustrated end users.''
What appears to be fueling the virus writers' fire is that they're actually sniping at each other.
Belthoff explains that the Netsky worm, once it infected a computer, wiped out any Bagle infection that might have been there. Three Netsky variants hold messages inside its coding, sniping at the authors of Bagle and MyDoom. One message reads, ''We kill malware writers. They have no chance.''
The Bagle authors quickly struck back, including their own messages, many of them R-rated at the minimum, in several variants. One message reads in part, ''Hey Netsky... Don't ruin our business. Wanna start a war?''
This back and forth could keep the worms coming fast and furiously, Belthoff says.
''These virus writers are fighting a war amongst themselves for attention and one-ups-manship, and we're all getting caught in the crossfire,'' he adds. ''The war definitely increases the chances that the variants will continue to come. But hopefully, it will help us pick up on clues as to who the virus writers are.''