The onslaught of worm variants has slowed slightly in the past few days, but at least one
security analyst says the attack of three vicious viruses seems far from over.
The Bagle, Netsky and MyDoom worms have been hitting the Internet in an incessant series of
waves over the past several weeks, straining IT managers, corporate networks and anti-virus
vendors. Earlier this week, seven variants of the Bagle worm were let loose in the wild
within a 72-hour period. Netsky had quickly revved up to the D-variant.
In the past few days, the pace has slowed but the variants keep on coming.
Bagle-K has been released. As for Netsky, variants F,G and H have hit the wild. And not to
be forgotten, the H variant of the virulent MyDoom virus was released as well.
”It’s been a pretty bad few weeks,” says Chris Belthoff, a senior analyst with Sophos,
Inc., a Lynnfield, Mass.-based anti-virus an anti-spam company. ”It’s not that any
particular variant is so bad, but it’s the incessant nature of this continual stream of
variants that is causing so many problems.”
And the viruses are wreaking a lot of havoc.
The Netsky family of worms has caused between $25.6 billion and $31.3 billion in damages
worldwide, according to mi2g, a security intelligence firm based in London. The Bagle family
has caused between $733 million and $896 million in damages. Bagle, Netsky and MyDoom have
infected more than 215 countries, reports mi2g analysts.
And analysts say that wave after wave of variants is running the industry ragged.
Every variant, even though they’re being released almost right on top of each other, is
different from its predecessor just enough to require the anti-virus vendors to update their
detection and filtering capabilities for each one. Central Command, Inc., an anti-virus
company based in Medina, Ohio., is advising its large users to update their anti-virus
software every hour, instead of once a day or several times a day.
Belthoff says keeping up this kind of pace is taking its toll.
”It’s keeping the anti-virus vendors on their toes, certainly,” adds Belthoff. ”And, of
course, it’s impacting corporate IT because of the increased load on their networks and
because they’ve having to deal with so many frustrated end users.”
What appears to be fueling the virus writers’ fire is that they’re actually sniping at each
other.
Belthoff explains that the Netsky worm, once it infected a computer, wiped out any Bagle
infection that might have been there. Three Netsky variants hold messages inside its coding,
sniping at the authors of Bagle and MyDoom. One message reads, ”We kill malware writers.
They have no chance.”
The Bagle authors quickly struck back, including their own messages, many of them R-rated at
the minimum, in several variants. One message reads in part, ”Hey Netsky… Don’t ruin our
business. Wanna start a war?”
This back and forth could keep the worms coming fast and furiously, Belthoff says.
”These virus writers are fighting a war amongst themselves for attention and
one-ups-manship, and we’re all getting caught in the crossfire,” he adds. ”The war definitely increases the chances that the variants will continue to come. But hopefully, it will help us pick up on clues as to who the virus writers are.”