New versions of Netsky, MyDoom and Bagle are being released on nearly a daily basis, forcing administrators to accelerate patching of anti-virus systems and clean up infections. SMEs and home users, with less up-to-date AV software and limited ability to tackle incidents, are particularly at risk.
In a three-day spree at the end of February, two new variants of NetSky and five variants of Bagel were released. "It seems the [Bagle] writer is waging a virus war", says Mikko Hypponen, director of AV at F-Secure. "Apparently he has been monitoring closely how quickly the antivirus vendors have released detections, then made the necessary alterations to avoid detection and released new versions immediately."
In addition, the virus authors have been taking pot-shots at each other, with derogatory messages concealed in the payloads. Netsky.F includes the text "Skynet AntiViris – Bagle – you are a looser" [sic], while variants of Bagle heap profanity on the author of Netsky, as does the recent MyDoom.G.
Netsky attempts to remove infections of Bagle from victims' computers, which may be fuelling the battle which experts expect to become more severe in the immediate future. "The two worm authors are goading each other with taunts and malicious code to release more powerful versions of their viruses," said Graham Cluley, senior technology consultant for Sophos. "We believe both authors may have access to an underground network consisting of thousands of compromised computers owned by innocent users, which are being exploited to launch each new version of their worms."