Just as the industry was reeling yesterday from the weekend release of a new Netsky variant and five new Bagle variants, another two Bagle variants and one more Netsky variant have hit the Internet. The variants are coming so fast that at least one anti-virus vendor has warned its users to update their software every hour.
''It's like a tsunami wave, with all the variants crashing down at once,'' says Ken Dunham, Ken Dunham, director of malicious code at iDefense, Inc., a security intelligence company based in Reston, Va. ''We're getting wave after wave of attacks and they're significant attacks... It's a constant deluge. It's annoying and it's frustrating and people are getting tired of it.''
Anti-virus company, Panda Software, is calling the attacks an 'epidemic'.
Netsky-D, alone, has caused $58.5 million in damages worldwide, according to mi2g, a London-based security assessment company. And as that variant continues to wreak havoc across the Internet, Netsky-E has been discovered. The latest variant spreads via email and network shares, but so far is not causing as much trouble as its predecessors.
''Whoever is behind the Netsky worms is hell bent on causing as much chaos as possible,'' says Graham Cluley, senior technology consultant for Sophos, Inc., a Lynnfield, Mass.-based anti-virus and anti-spam company. ''They have deliberately released new versions of their virus, tweaked to try and avoid detection by anti-virus software. Computer users should heed the warning and be wary of any unsolicited email attachment.''
The Bagle family ushered in Bagle-H and Bagle-I yesterday. Bagle-H, which Sophos upgraded from a low to a medium threat, is an email worm which contains a password-protected Zip file which avoids anti-virus detection. When the attachment is opened, the worm opens up a backdoor on Port 2745 and waits for commands from the virus author. Bagle-I follows the same pattern but has been tweaked to avoid detection by anti-virus software programmed to stop Bagle-H.
''As soon as detection for a new variant is added to anti-virus software, literally, within a couple of hours we'll see the slightest modification done to a new variant to avoid detection,'' says Steve Sundermeier, a vice president at Central Command, Inc., an anti-virus company based in Medina, Ohio. ''It's very apparent to me that there's a cat and mouse game going on. With this kind of timing, this has to be a deliberate attack trying to strain anti-virus companies.''
But while anti-virus companies are struggling to keep up with the deluge of attacks, corporate IT managers are faced with the same problem. They're fighting to keep anti-virus software updated, to keep users from panicking and to keep software patched.
'' That strains us but IT managers have to be on their toes at all times, as well,'' says Sundermeier, who adds that Central Command has told its large customers to update their anti-virus software every hour, as opposed to once a day or every four to six hours. ''This is a definite strain on the IT field. When you have variants C,D,E,F,G,H,I within a matter of 72 hours, that's crazy.''
Dunham of iDefense says he's concerned that it's simply not feasible for some IT managers to have the time and capacity to update their anti-virus software that frequently.
''My question is, How reasonable is that?'', asks Dunham. ''IT managers are having to change the way they operate. It's all about how rapidly they can respond to wave after wave of attack. They're on the line to be in the know about what's going on as it's happening. If they don't have up-to-date information, they're hanging in the wind.''