Bagle, Netsky and MyDoom feud at your expense

By

Virus writers are engaged in a to-and-fro battle resulting in misery for worm victims around the world.

New versions of Netsky, MyDoom and Bagle are being released on nearly a daily basis, forcing administrators to accelerate patching of anti-virus systems and clean up infections. SMEs and home users, with less up-to-date AV software and limited ability to tackle incidents, are particularly at risk.


In a three-day spree at the end of February, two new variants of NetSky and five variants of Bagel were released. "It seems the [Bagle] writer is waging a virus war", says Mikko Hypponen, director of AV at F-Secure. "Apparently he has been monitoring closely how quickly the antivirus vendors have released detections, then made the necessary alterations to avoid detection and released new versions immediately."

In addition, the virus authors have been taking pot-shots at each other, with derogatory messages concealed in the payloads. Netsky.F includes the text "Skynet AntiViris – Bagle – you are a looser" [sic], while variants of Bagle heap profanity on the author of Netsky, as does the recent MyDoom.G.

Netsky attempts to remove infections of Bagle from victims' computers, which may be fuelling the battle which experts expect to become more severe in the immediate future. "The two worm authors are goading each other with taunts and malicious code to release more powerful versions of their viruses," said Graham Cluley, senior technology consultant for Sophos. "We believe both authors may have access to an underground network consisting of thousands of compromised computers owned by innocent users, which are being exploited to launch each new version of their worms."

 

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

CBA using facial recognition logins to verify disputed payments

CBA using facial recognition logins to verify disputed payments

Researchers demo AI-crippling GPUHammer attack

Researchers demo AI-crippling GPUHammer attack

Google Gemini for Workspace vulnerable to prompt injection attacks

Google Gemini for Workspace vulnerable to prompt injection attacks

UK police arrest four over cyberattacks on M&S, Co-op and Harrods

UK police arrest four over cyberattacks on M&S, Co-op and Harrods

Log In

  |  Forgot your password?