Anti-virus vendors say the writers of the MyDoom, Bagle and Netsky worms appear to be making personal attacks on each other as "the first a major cyber war" erupts across the Internet.
The writers of the latest series of Internet worms appear to be trading insults as they battle for control of Internet-connected computers. Batches of new mass-mailing Bagle, Netsky and MyDoom worms have been spreading fast around the world since last Friday. Some of them attempt to remove "rival" worms, and others trade insults within their code.
Steven Sundermeier, VP of products and services at Central Command, says this appears to be the start of the "first major global cyber war".
"The short period of time between each new worm release, by the same set of virus-writing groups, is real reason for alarm, especially since so many of them have successfully compromised systems worldwide. It`s a direct attack on the response times of anti-virus companies, a strain on IT professionals, a financial impact on businesses, and appears to be a war over power and seniority among these authors."
Since 27 February, the authors of the Bagle worm have released nine separate variants (Worm/Bagle.C-K), while the authors of the Netsky Internet worm have released three versions of their own (Worm/Netsky.D-F).
Netsky`s apparent agenda is the disabling of the Bagle and MyDoom worms. The authors of MyDoom have responded with the release of MyDoom.G, an updated version that was not disabled by Netsky. Within the code of the various worms are insults aimed at the rival virus-writers.
Anti-virus experts say the following text has been extracted from the codes of the worms:
* Worm/Bagle.J: Hey, NetSky, <explicit> off you bitch, don`t ruine our bussiness, wanna start a war?
* Worm/Bagle.K: Hey, NetSky, <explicit> off you bitch!
* Worm/Netsky.F: Skynet AntiVirus - Bagle - you are a looser!!!!
* Worm/Netsky.D: be aware!...
* Worm/Netsky.C: we are the skynet - you can`t hide yourself! - we kill malware ... MyDoom.F is a thief of our idea! ... SkyNet AV vs. Malware
* Worm/Mydoom.G & H: to netsky`s creator(s): imho, skynet is a decentralized peer-to-peer neural network. we have seen P2P in Slapper in Sinit only. they may be called skynets, but not your shitty app.
Describing the war as "particularly interesting", Eugene Kaspersky, head of anti-virus research at Kaspersky Labs, says: "This exchange of courtesies between virus-writers has undoubtedly worsened the situation on the Internet, causing a serious epidemiological incident. Indeed, this latest incident may cause some to think that the Internet has been irrevocably transformed into an arena for a bloody battle of the viruses.
"It`s hard to imagine a more comical situation: a handful of virus writers are playing unpunished with the Internet, and not one member of the Internet community can take decisive action to stop this lawlessness."
"It almost seems like they are playing a war of one-upmanship," says Chris Belthoff, senior security analyst at Sophos. "They could be jealous over the media attention the others are getting."
Justin Stanford, managing partner of local NOD32 distributor 4D Digital Security, says it is unfortunate that Internet and e-mail users find themselves caught in the crossfire of the war. "This week has proven that relying on patches just doesn`t cut it. We have never seen anything like this - just as anti-virus vendors create a new patch, another variant of that same virus is released, leaving the patch obsolete and another has to be created - sometimes within minutes of each other."
Sundermeier points out that it could all be an elaborate hoax. "Obviously, virus writers can`t be trusted. So, what might appear as a malicious cat-and-mouse game between virus writing groups may actually be a well-organised cover-up to disguise their true intentions."
Related story:
Turf war as worms blitz computers
Share
