March was a stressful month for IT and security managers as they struggled to keep up with
the roaring torrent of new viruses hitting as often as three or four times a day.
Industry analysts say high-tech managers have been under great strain in the past month or
two as they worked feverishly to keep their networks bug free. The Netsky and Bagle virus
families were mostly to blame, with nearly 50 variants between them being hitting the wild.
”We’ve never seen anything quite like this,” says Ken Dunham, director of malicious code
at iDefense, Inc., a security intelligence company based in Reston, Va. ”The war between
these two viruses is quite significant… There was a synergy in these two viruses hitting
at the same time. It became an issue of pride and the war broke out.”
That war of viruses has meant that variants have appeared, rolling through the wild, nearly
on top of each other. Multiple variants have even hit on the same day. And since each
variant is different enough to warrant an update in detection systems and anti-virus
software, each variant has called for an emergency update. That has kept the anti-virus
community and IT and security managers hopping.
”What’s keeping this going is that the actual pool of compromised machines is so great,”
says Steve Sundermeier, vice president of products and services at Central Command Inc., an
anti-virus company based in Medina, Ohio. ”They’re using those machines, and they’ll use
them until the pool is closed. What’s worrisome is that other spammers will see this
success, and will try the same methods.”
Sundermeier also notes that while it’s not totally unheard of, it’s rather unusual for a
virus, especially two at the same time, to rack up so many variants. The Netsky virus is up
to an R variant, and Bagle is up to V. If both viruses keep going, which analysts say they
undoubtedly will, they’ll move into double letter range. Once a virus has run its course
through the alphabet, new variants will receive names such as Bagle.AA or Netsky.AB.
”A huge part of the problem here is that the variants continue to be successful,” says
Sundermeier. ”IT professionals always have to be on alert, and so do we. Every successful
variant requires an emergency update… It used to be that you were fine with a daily
update. We’re posting two, three or four updates in a day, and that kind of strains things.
”You’re only as good as your last update,” he adds.
The Netsky and Bagle viruses not only made the month of March crazy in the virus community,
it actually defined it.
Sophos, Inc., an anti-virus and anti-spam company based in Lynnfield, Mass., reported today
that the two virus families made up nine out of the top 10 virus rankings for March.
MyDoom-A slipped into the tenth spot.
Sophos ranked the top nine viruses as: Netsky-D, Netsky-B, Netsky-C, Bagle-C, Netsky-J,
Bagle-E, Netsky-P, Bagle-H and Bagle-J.
The top three Netsky variants racked up a large percentage of the virus-related problems
this past month. Netsky-D accounted for 3.2 percent of all reports, while Netsky-B
accounted for 12.3 percent and Netsky-C accounted for 11.7 percent.
”The Netsky author wins the dubious accolade of the month’s biggest virus, accounting for
almost 60 percent of all reports to Sophos, but the biggest losers are the innocent
computer users who have been caught in the crossfire of the Netsky/Bagle spat,” says
Carole Theriault, security consultant, Sophos.