Virus Feud: All’s Fair in Spam and War
Call it the war of the drones.
Competing Internet virus writers have begun updating their wares as often as three times daily and sending them forth in an escalating battle for control of hundreds of thousands of computers.
On Wednesday, the authors weren’t only knocking each others’ viruses out of infected PCs; they were trading barbs in written comments sprinkled among the copious lines of code that tell their malicious programs what to do.
The three evolving virus families -- Bagle, MyDoom and Netsky -- accounted for seven of the 10 problems most frequently reported to Tokyo-based computer security firm Trend Micro Inc. in the 24 hours ended Wednesday afternoon. The viruses spread through e-mail attachments opened by unsuspecting recipients and create waves of spam as they propagate.
Most are blocked by up-to-date antivirus software.
Computers infected by MyDoom have been responsible for denial-of-service attacks against corporate websites owned by software makers Microsoft Corp. and SCO Group.
A recent version of MyDoom also deletes documents, spreadsheets and images from compromised machines. Both MyDoom and Bagle open ports on their host computers that allow them to receive instructions from an outsider.
But it was Netsky that sparked the rivalry when it surfaced two weeks ago. Netsky searches for the ports opened by the other viruses, then crawls in through those holes -- and deletes some parts of MyDoom and Bagle.
The latest versions of MyDoom and Bagle take swipes at Netsky’s author or authors.
“Hey Netsky,” the Bagle author or authors wrote in a poorly spelled version detected Tuesday, “don’t ruine our bussiness, wanna start a war?”
Netsky’s authors responded in kind: “Bagle -- you are a looser!”
“It’s a bunch of adolescents screaming at each other,” said Joe Hartmann, Trend Micro’s director of North American research.
Hackers have engaged in dogfights for more than a decade, but they usually take place out of public view.
Now, with so many infected machines spewing copies of viruses via e-mail, “this is the first time it’s been as visible to as many people,” said Vincent Weafer, senior director of security response at Cupertino-based Symantec Corp.
Security experts don’t know the ultimate goal of the MyDoom, Bagle and Netsky authors but say the arms race isn’t encouraging.
Compromised computers have been turned into tools for sending commercial spam, assaulting websites and blackmailing people.
Some sports betting sites were recently threatened with denial-of-service attacks by hackers seeking cash payments.
Bagle and Netsky might each inhabit about 100,000 machines, said Brian Mann, an outbreak manager at Santa Clara, Calif.-based Network Associates Inc.’s McAfee security division. An early version of MyDoom at one point had infected 1.7 million computers, but the virus has since been removed from many of them.
As they upgrade their programs, virus writers have incorporated changes that seem designed to outwit the rival viruses -- or at least beat them to target machines.
Said Mann: “It’s a bragging-rights type of thing.”