Thu 4 Mar 2004
Will Knight, New Scientist, reports:
Messages buried in the code of three current computer worms may be evidence of a simmering feud between rival worm writers each determined to infect as many PCs as possible.
But experts note that the messages could just as easily be a smokescreen designed to throw the authorities off the scent.
The three most recent variants of the Netsky worm are designed to remove two rival worms, Bagle and MyDoom, from infected computers.
The latest version of the Bagle worm, known as Bagle J, contains abusive messages aimed at the author of Netsky. Bagle J contains the missive: Hey, NetSky, [expletives removed], don’t ruine our business (sic), wanna start a war?.
And analysis carried out by the Finnish anti-virus company F-Secure, also suggests that the latest version of MyDoom, known as MyDoom H, is not only immune to removal by Netsky, but also contains a challenge to meet with the creator of Bagle.
“It contains encrypted Global Positioning System coordinates,” says Mikko Hypponen, director of anti-virus research at F-Secure.
Underground network
But Hypponen adds that the whole affair could turn out to be an elaborate hoax screen. “It might just be an exercise to use up the resources of anti-virus companies,” he told New Scientist.
New variants of these worms have appeared with unusual frequency in recent days. Experts believe the programmers behind them are modifying their creations to stay ahead of anti-virus software updates designed to catch the latest strains.
Computers that have already been infected may play a role in the release of each new variant.
“We believe both authors may have access to an underground network consisting of thousands of compromised computers owned by innocent users,” says Graham Cluley, senior technology consultant with the UK anti-virus firm Sophos. These “are being exploited to launch each new version of their worms,” he adds.
Fortunately, none of these virus variants have had a very wide impact, says Natasha Staley, an information security analyst with UK email filtering company MessageLabs. But she adds that “the side effect is that they are hurting innocent user’s computers”.
Computer worms have been increasingly linked to email spam and even extortion in recent months. Some worms can create spam gateways on a victim’s computers, while others may install tools that can be used to remotely knock a web site off line. A number of gambling sites been ordered to pay money or have their business disrupted by this type of attack.