A virtual blitz of worms is descending on the Internet, report anti-virus software vendors. In the past four days, six new variants of the mass-mailing Bagle worm and two new variants of the Netsky worm have been spotted in the wild.
"It`s interesting to note that a variant of Netsky attempts to remove a variant of Bagle, Bagle.C. It looks like a turf war out there, with the bad guys fighting over the infected computers," says Ken Dunham, director of malicious code at iDefense.
Mikko Hypponen, director of anti-virus research at F-Secure, says the new Bagle variants - Bagle.C, D, E, F, G and H - appear to have been written by the same virus author. The new variants surfaced in quick succession from Friday.
"It seems the writer is waging a virus war," he notes. "Apparently he has been monitoring closely how quickly the anti-virus vendors have released detections, then made the necessary alterations to avoid detection and released the new versions immediately."
Meanwhile, one of the new Netsky variants, Netsky.D, is described as by far the worst new worm to emerge since Friday.
Brett Myroff, CEO of local Sophos distributor Netxactics, says the virulent new variant looks set to become one of the most prevalent worms of the year.
The worm arrives in an e-mail carrying a PIF file attachment. Myroff notes that although many PC users are wise to the potential dangers of attachments with EXE, SCR and VBS file endings, they may not realise that PIF files can also carry malicious code.
Kaspersky Labs reports that in addition to targeting Bagle.C, Netsky.D also deletes the keys of another virus, MyDoom, from a system registry and tries to terminate Kaspersky Anti-Virus. Netsky.D also has an additional feature of causing the speakers of an infected PC to beep at random today.
Symantec security response says it has upgraded Netsky.D to a level four threat, due to the high number of submissions of the worm. Another new Netsky worm, Netsky.E, was discovered late yesterday.
"Whoever is behind the Netsky and Bagle worms is hell-bent on causing as much chaos as possible," says Myroff.
Related story:
Another week, another worm
Share