Hacker War Keeps the Worms Coming

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
The onslaught of worm variants has slowed slightly in the past few days, but at least onesecurity analyst says the attack of three vicious viruses seems far from over.

The Bagle, Netsky and MyDoom worms have been hitting the Internet in an incessant series ofwaves over the past several weeks, straining IT managers, corporate networks and anti-virusvendors. Earlier this week, seven variants of the Bagle worm were let loose in the wildwithin a 72-hour period. Netsky had quickly revved up to the D-variant.

In the past few days, the pace has slowed but the variants keep on coming.

Bagle-K has been released. As for Netsky, variants F,G and H have hit the wild. And not tobe forgotten, the H variant of the virulent MyDoom virus was released as well.

''It's been a pretty bad few weeks,'' says Chris Belthoff, a senior analyst with Sophos,Inc., a Lynnfield, Mass.-based anti-virus an anti-spam company. ''It's not that anyparticular variant is so bad, but it's the incessant nature of this continual stream ofvariants that is causing so many problems.''

And the viruses are wreaking a lot of havoc.

The Netsky family of worms has caused between $25.6 billion and $31.3 billion in damagesworldwide, according to mi2g, a security intelligence firm based in London. The Bagle familyhas caused between $733 million and $896 million in damages. Bagle, Netsky and MyDoom haveinfected more than 215 countries, reports mi2g analysts.

And analysts say that wave after wave of variants is running the industry ragged.

Every variant, even though they're being released almost right on top of each other, isdifferent from its predecessor just enough to require the anti-virus vendors to update theirdetection and filtering capabilities for each one. Central Command, Inc., an anti-viruscompany based in Medina, Ohio., is advising its large users to update their anti-virussoftware every hour, instead of once a day or several times a day.

Belthoff says keeping up this kind of pace is taking its toll.

''It's keeping the anti-virus vendors on their toes, certainly,'' adds Belthoff. ''And, ofcourse, it's impacting corporate IT because of the increased load on their networks andbecause they've having to deal with so many frustrated end users.''

What appears to be fueling the virus writers' fire is that they're actually sniping at eachother.

Belthoff explains that the Netsky worm, once it infected a computer, wiped out any Bagleinfection that might have been there. Three Netsky variants hold messages inside its coding,sniping at the authors of Bagle and MyDoom. One message reads, ''We kill malware writers.They have no chance.''

The Bagle authors quickly struck back, including their own messages, many of them R-rated atthe minimum, in several variants. One message reads in part, ''Hey Netsky... Don't ruin ourbusiness. Wanna start a war?''

This back and forth could keep the worms coming fast and furiously, Belthoff says.

''These virus writers are fighting a war amongst themselves for attention andone-ups-manship, and we're all getting caught in the crossfire,'' he adds. ''The war definitely increases the chances that the variants will continue to come. But hopefully, it will help us pick up on clues as to who the virus writers are.''