Virus Writers Battle in War of Worms

Like a city corner that has fallen victim to the graffiti tag signs of rival gangs, the Internet has now become the basis of a war of words and worms between virus writers, who are unleashing virus variants to eat one another's work and spread to more computers.

The exchange among virus writers and the release of several variants taking part in the battle -- different versions of the Netsky, Bagle and Mydoom worms -- does not involve particularly damaging or malicious code, but it is causing chaos, according to virus fighters.

"The volume and rate at which these new Netsky, Bagle and Mydoom variants are surfacing is unprecedented," said an advisory earlier this week from Network Associates' (NYSE: NET) McAfee Avert. The company reported that messages in the code of the variants were directed at other virus authors, adding that some of the variants had infected at least two Fortune 500 companies.

McAfee fellow Jimmy Kuo told TechNewsWorld that with one or two variants being raised to a medium-level threat most days so far this week, the fight seems to be settling somewhat as the weekend approaches. However, Kuo indicated the spate of variants has been a burden on the security community.

"It's a huge drain on our resources and on the energy of administrators managing networks and computers and securing the Internet," Kuo said. "It's keeping us all at our terminals. It's just a very draining affair."

Turf War

Ken Dunham, iDefense director of malicious code, told TechNewsWorld that the variants -- which he described as trivial to create -- all are targeting easy-to-infect computers to try to outdo one another.

"It's interesting to note that a variant of Netsky attempts to remove a recent variant of Bagle, Bagle.C," Dunham said. "It looks like a turf war out there, with the bad guys fighting over the infected computers."

Dunham also warned that a number of the variants -- including at least six Bagle versions, two Netsky derivatives and at least one Mydoom variant -- went undetected by multiple antivirus vendors.

"There is no single magic bullet and no comprehensive patch against all of these new worms," he said.

Malware Mitigation

McAfee's Kuo said that although a few companies have been hit by the variant battle, general security rules and file blocking by large corporations have kept infections to a minimum.

Kuo said the biggest problem with virus outbreaks centers around small to medium businesses and university computing environments, many of which have reported being hit by one of the variants repeatedly this week.

Kuo added that some ISPs are filtering traffic and viruses to prevent them from reaching home users. However, he echoed Dunham's point that there are a large number of computers the virus writers know they can count on.

"What generally happens is, some people have learned and they are no longer hit by these," Kuo said. "Some people will get hit by every single one of them."

Vigilante Viruses

Although there were reports of e-mail slowdowns based on the war raging among worm variants, Kuo downplayed the effect of the struggle on the overall Internet community.

He did indicate that the worm-hunting capabilities of the latest malware -- an effort that, while not new, has been roundly rejected by the antivirus community -- represent a more general trend.

"It is a trend on the rise because virus writers have long been labeled as malicious," Kuo said. "We still believe that to be true. Now, they're trying to develop a different reputation for themselves, saying, 'We're doing this because we're trying to save the world.'"

Kuo, who said he believes the malware authors have been overtaken by their egos, also indicated the noise surrounding the variant skirmish could pave the way for a more damaging or devious worm or attack.

"They may be doing it to unload the world of various variants, but they're creating chaos and benefiting organized crime," he said. "They're making it easier [for worms] to be for spam, phishing attacks and so forth."