Tuesday, March 5, 2024

Hacker War Keeps the Worms Coming

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

The onslaught of worm variants has slowed slightly in the past few days, but at least one

security analyst says the attack of three vicious viruses seems far from over.

The Bagle, Netsky and MyDoom worms have been hitting the Internet in an incessant series of

waves over the past several weeks, straining IT managers, corporate networks and anti-virus

vendors. Earlier this week, seven variants of the Bagle worm were let loose in the wild

within a 72-hour period. Netsky had quickly revved up to the D-variant.

In the past few days, the pace has slowed but the variants keep on coming.

Bagle-K has been released. As for Netsky, variants F,G and H have hit the wild. And not to

be forgotten, the H variant of the virulent MyDoom virus was released as well.

”It’s been a pretty bad few weeks,” says Chris Belthoff, a senior analyst with Sophos,

Inc., a Lynnfield, Mass.-based anti-virus an anti-spam company. ”It’s not that any

particular variant is so bad, but it’s the incessant nature of this continual stream of

variants that is causing so many problems.”

And the viruses are wreaking a lot of havoc.

The Netsky family of worms has caused between $25.6 billion and $31.3 billion in damages

worldwide, according to mi2g, a security intelligence firm based in London. The Bagle family

has caused between $733 million and $896 million in damages. Bagle, Netsky and MyDoom have

infected more than 215 countries, reports mi2g analysts.

And analysts say that wave after wave of variants is running the industry ragged.

Every variant, even though they’re being released almost right on top of each other, is

different from its predecessor just enough to require the anti-virus vendors to update their

detection and filtering capabilities for each one. Central Command, Inc., an anti-virus

company based in Medina, Ohio., is advising its large users to update their anti-virus

software every hour, instead of once a day or several times a day.

Belthoff says keeping up this kind of pace is taking its toll.

”It’s keeping the anti-virus vendors on their toes, certainly,” adds Belthoff. ”And, of

course, it’s impacting corporate IT because of the increased load on their networks and

because they’ve having to deal with so many frustrated end users.”

What appears to be fueling the virus writers’ fire is that they’re actually sniping at each


Belthoff explains that the Netsky worm, once it infected a computer, wiped out any Bagle

infection that might have been there. Three Netsky variants hold messages inside its coding,

sniping at the authors of Bagle and MyDoom. One message reads, ”We kill malware writers.

They have no chance.”

The Bagle authors quickly struck back, including their own messages, many of them R-rated at

the minimum, in several variants. One message reads in part, ”Hey Netsky… Don’t ruin our

business. Wanna start a war?”

This back and forth could keep the worms coming fast and furiously, Belthoff says.

”These virus writers are fighting a war amongst themselves for attention and

one-ups-manship, and we’re all getting caught in the crossfire,” he adds. ”The war definitely increases the chances that the variants will continue to come. But hopefully, it will help us pick up on clues as to who the virus writers are.”

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles