Network News

X My Profile
View More Activity

Latest Worms Duke It Out

It appears that the numerous variants of the Zotob worm that have emerged over the past couple of days may have been salvos in a new worm war between rival online crime groups, according to analysis by Finnish antivirus company F-Secure Corp.

The three worm variants -- dubbed "Bozori," "Zotob," and "IRCBot" -- all exploit a security flaw in Windows that Microsoft issued a patch for last week, and each tries to supplant the other on infected machines, said Mikko Hypponen, chief research officer at F-Secure. Hypponen said it appears that three different virus-writing groups are behind the 11 different versions the company has detected since Sunday.

"This is the worm war of spring 2004 all over again," Hypponen said. "Only now it's king of the bot hill."

Hyponnen is referring to the battle between the author(s) of the Bagle, Mydoom and Netsky worms, which contained within their code plain-text messages insulting rival virus-gang members. The worms also tried to uninstall each other from victimized machines, which rival groups  used to relay spam, attack other machines and host phishing scams.

The battle between the Bagle and Mydoom worms continues to this day, with several new variants of each released nearly every month, and their authors remain at large. The Netsky worm also tried to uninstall Bagle and Mydoom, but its original author -- a German teen named Sven Jaschan -- recently pleaded guilty to creating Netsky and the Sasser worm. Jaschan was setenced to a mere 22 months' probation, even though the effects of his activities are still being felt around the world: Netsky variants accounted for 25 percent of all virus reports in the first half of 2005, according to Internet security firm Sophos. The company said Netsky and Sasser combined are were responsible for 70 percent of virus infections in 2004.

By Brian Krebs  |  August 17, 2005; 5:55 PM ET
 
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: As the Worm Turns
Next: SoBig.F's Second Anniversary

Comments

As one of your earlier insightful articles pointed out, viruses, worms etc. are major money earners for software and hardware companies anxious to sell antidotes (or new PCs). It is disheartening, and one cannot but wonder how really serious the Windows based PC industry is about solving the problem. Perhaps even more disheartening is there is a readily available, very viable solution, and its free! Take that messed up Windows based PC, set it to boot from the CD drive, put in a live Linux CD (www.mepis.org, or www.ubuntulinux.org ), and turn it on. With at least one of these (www.mepis.org) you sit back and in a very few minutes you have a fully functional PC ready to go with browser, office application suite, email client, multimedia player, etc. etc. I know this has been said before, but we have to stop advising PC users to constantly go through the mill of updating their MS Windows software to the latest versions, and the latest security holes, and to constantly spend more money on the Windows-based software security industry. That is poor advice. The responsible advice is use Linux.

Thanks for your column

Posted by: mjm | August 17, 2005 9:18 PM | Report abuse

What happens if a user wants to save something, say a media file, an email, some download from the Internet, etc? A Live CD doesn't help much there.

So you install a full blown version of Linux. Which is fine. But if you think a Linux OS doesn't need to be patched as much as a Windows box, you are sadly mistaken.

Posted by: Matt | August 17, 2005 9:27 PM | Report abuse

Mike,
Most linux live cds support writing to either the internal harddrive, a removable USB drive, or a usb memory stick for storage. Some now are offering UnionFS which makes it possible to write to the disc itself (with a rewritable cd drive and media). There are numerous options.

Posted by: Avery | August 17, 2005 9:54 PM | Report abuse

Sorry, must be late, I should have addressed that to Matt and misread.

Posted by: Avery | August 17, 2005 9:55 PM | Report abuse

linux has been exploited proportionally to its use and the number of PC virii is obviously correllated well with the time spent developing them. linux may be inherently faster or robust as an OS but if time were taken to ferret out vulnerabilities, probably in a way most PC-thinker haven't considered, you'd see more linux exploits.

Posted by: justin | August 18, 2005 1:20 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company