Deluge of Worms May be Work of Dueling Hackers

Some security experts believe the flood of malicious Internet worms over the last several days may be the work of competing hackers.

"It's not some attempt to destroy the world, but I see it as clearly concerted," said Vincent Gullotto, vice president of McAfee's AVERT virus research team, as reported by TechWeb News. "There's some kind of competition going on between two individuals or two groups," he said, referring to the Bagle and Netsky worm writers. "There's a level of pride at stake, and they're looking to one-up each other."

The Wall Street Journal reported that at least 15 variants of three virus families — Bagle, Netsky and Mydoom — have popped up during the last week.

Apparently, the authors are adding taunting messages into program codes. Messages containing "wanna start a war," and "you are a loser," were traded between Bagle and Netsky.

Ken Dunham, director of malicious code research at iDefense, said hackers can put out multiple variants almost simultaneously, hoping to overwhelm efforts to contain them so one can sneak by. Dunham thinks use of that technique will grow.

"The Bagle outbreak is no coincidence," he said. "They were all designed by the same person or person, and released on a rolling schedule."

The worst of the new viruses appears to be "Bagle.j," which carries a bogus virus warning from what appears to be the administrators of the recipient's e-mail server. It asks the recipient to open the attachment, using a password it provides "for security purposes." Opening the virus-laden file, which can end in .exe, .pif or .zip, causes infection and allows the virus to spread.

"The current wave of viruses has reached epidemic proportions worldwide," said security firm Panda Software in an e-mailed statement. Panda says millions of infected e-mail messages are circulating.

"There's a tit-for-tat war going on between the authors of these viruses," said Chris Belthoff, senior security analyst at Lynnfield, Mass.-based antivirus software maker Sophos Inc. "Unfortunately, we're sort of caught in the crossfire. Even if you're not infected, your mail system can still suffer just because there are so many messages going around."


Already a member? log in here.

Editor's Choice