Advertisement
Promo

Security threats Toolkit

Bagle eats Netsky as the worm turns

Munir Kotadia ZDNet.co.uk

Published: 16 Mar 2004 17:35 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

The latest variants of the Bagle worm are designed to attack and destroy the Netsky worm, in a development that has security companies worried that even more spam is on the way.

Earlier this month, security researchers discovered that the authors of MyDoom and Bagle were exchanging insults, and that the author of the Netsky worm was using text hidden inside the virus's code. Researchers believe that the insults were flying because the Netsky worm had been designed to kill any copies of the Bagle and MyDoom worms.

Finnish security company F-Secure's Mikko Hyppönen told ZDNet UK that Bagle has never before retaliated with anything but insults: "This is the first time Bagle has retaliated and tried to hit back by removing the Netsky worm," he said.

The latest variants of Bagle (N, O and P) can kill some of Netsky's processes and also delete its start-up keys from the Windows Registry, said Hyppönen. This is not a good sign for Internet users because although Netsky was a virus and caused many problems, it may have actually reduced the amount of spam circulating around the Web: "Although viruses are always bad, by removing the email proxy inserted by MyDoom and Bagle, Netsky probably has limited the size of these attack networks quite considerably, which has limited the amount of spam people receive," he said.

Last Tuesday, the author of Netsky told security researchers through a coded message that he was not going to produce any more variants, but he warned them he would be publishing the worm's source code. Since then, there have been three new variants of Netsky, but without many of the original traits, which makes researchers believe the new variants have been written by different people.

This change in Netsky's "ownership" combined with a more aggressive Bagle is likely to mean that more computers will be infected and converted into spam proxies, which will mean more spam. "It depends on how widespread the new versions [of Bagle] become -- at the moment they are not very widespread, but that may change. I have accepted the fact that the end users will click on attachments -- that is something we have to take for granted and build protection around that," he said.

  • Email
  • Trackback
  • Clip Link
  • Print friendlyPrint with EPSON

Did you find this article useful?
68 out of 130 people found this useful


In association with Network Liberation Movement

Talkback

Post a comment


Full Talkback thread

1 comment

  1. Worms, viruses, addware and so on seems to me noth... Anonymous

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:









Related BlackBerry Resources

Protecting the BlackBerry Device Platform Against Malware

BlackBerry Devices with Bluetooth - Security Overview

BlackBerry Enterprise Server IT Policy

BlackBerry Enterprise Solution - Security Technical Overview

BlackBerry Enterprise Solution and RSA SecurID

CIO's Guide to Mobile Security

See All White Papers

Video icon

Video

Sentry Posts Blog

DNA details of innocent will be kept f...

The government has announced that it plans to keep innocent people's DNA details for up to six years. In response to a consultation it launched last December, the government said... More

5 comments

Motorola Droid Drops Today: Happy Droi...

Motorola Droid Drops Today: Happy Droid Day America! Author: Eric Everson, Mobile Security Expert If you’re wondering what all of the buzz is about with words like Droid and Android... More

Post a comment

Mobile Security Profile: BlackBerry St...

Mobile Security Profile: BlackBerry Storm2 Author: Eric Everson BlackBerry handsets are a staple of office culture; from syncing calendars to sharing business-related data,... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

ALL TOOLKITS

Blogs

Newsletters