SPACE WIRE
Virus whiz-kids using cyberspace as playground for gangland wars
HELSINKI (AFP) Mar 07, 2004
 A recent barrage of internet viruses and worms may be the work of rival computer whiz kids, fighting for supremacy by bombarding hapless computer users with ever more virulent versions of cyberspace bugs, internet security experts said.

"It seems that the virus creators are fighting a war, fighting each other with releasing new viruses all the time," Mikko Hyppoenen, in charge of anti-virus research at Finnish Internet security firm F-Secure, told AFP.

Since last weekend the creators of the three currently most active Internet worm families, Bagle, Mydoom and Netsky, have continuously released new versions of their bugs, with some even containing hidden messages, he said.

"It's pretty wild, and in my 15 years in the business I have never seen anything like it."

California-based Panda Software said in the week that the recent spread of viruses and their variants "has reached epidemic proportions worldwide".

One indication that the virus makers are not just targeting computer users, but each other, is that recent Netsky Internet worms, dubbed 'harmless' as they do not compromise the security of the machines they infect, actually remove Bagle bug from contaminated computers.

This has clearly upset the group behind the Bagle virus family -- believed to be spammers who make money by sending unsolicited bulk e-mail advertisements -- as it damages their effort to build up a network of infected computers from which to relay spam, analysts said.

"The two worm authors are goading each other with taunts and malicious code to release more powerful versions of their viruses," noted Graham Cluley, senior technology consultant for software firm Sophos.

One of the latest versions of the Bagle virus, Bagle.J, contained a hidden message to Netsky's creators in its programming code, according to F-Secure: "Hey, NetSky, f*ck off you b*tch, don't ruine our bussiness, wanna start a war?"

Netsky replied: "Skynet AntiVirus - Bagle - you are a loser!!!," F-Secure reported.

The reason why Netsky removes the Bagle virus from computers is probably to avoid machines breaking down due to compatibility problems, alerting users that they are contaminated, Hyppoenen noted.

To stay ahead of the game, the different creators are continuously releasing new versions of their bugs, he noted.

"Just in sixty minutes on Wednesday morning we received one new version of the three virus families," Hyppoenen noted.

By this weekend the authors of the Netsky virus family had released a total of eight versions of their bug, running to the H variant, while the group behind the competing Bagle family had issued 10 bugs, all the way up to J.

"If it's continuing like this, they will soon run out of letters," Hyppoenen noted with a smile.

Not to be outdone, the creators of the Mydoom viruses also got back into the game, on Thursday releasing two new bugs alone, the Mydoom.G and Mydoom.H, but they were much less dangerous than their infamous predecessor Mydoom.A, he stressed.

While the turf battles in cyberspace are being fought, it is already obvious that the real losers are computer users worldwide, who constantly have to update their virus software, or decontaminate their machines, analysts said.

SPACE.WIRE