Competing authors pump up virus statistics
Published: 01 Apr 2004 10:15 BST
NetSky variants accounted for 60 percent of all viruses reported in March, making it the most prolific worm in the month, according to a report released on Wednesday by security software vendor Sophos.
Fifteen versions of NetSky infected computers during March -- sometimes two different variants appearing in a single day. And on Wednesday, yet another NetSky variant was discovered, NetSky.R, the second variant to appear this week. Antivirus experts attribute the frequency of the NetSky and Bagle viruses to competition between the virus writers.
"The authors of the NetSky and Bagle worms have been battling for virus-writing supremacy in March, with both releasing new variants in a tit-for-tat game of one-upmanship," said Carole Theriault, a Sophos security consultant. "And in their latest message, NetSky said it will continue to release new variants, as long as Bagle does."
In that most recent message, embedded in the virus code of NetSky.R, the authors take a shot at Bagle's creator, noting: "He opens a back door and makes a lot of money... we will release thousands of our Skynet versions, as long as Bagle is there and the people."
Virus writers who open a back door for spam relaying, in essence make money by selling hordes of email addresses to spammers. NetSky claims its purpose is to remove Bagle viruses from computers.
"Big firms only want to make a lot of money. That is what we don't prefer. We want to solve and avoid it," reads a message embedded in NetSky.Q.
But antivirus experts say NetSky nonetheless creates a problem for companies by forcing them to fight off the constant barrage of viruses. Said Theriault: "There is this constant pounding away at computer users."
In Sophos' March tallies, NetSky variants ranked first, second and third. The NetSky.D variant accounted for 30.2 percent of all infections for the month, NetSky.B represented 12.3 percent, and NetSky.C accounted for 11.7 percent.
Theriault noted that in some cases it's easy to churn out a new version of the virus, simply by altering a few lines of code. Still, during the latter half of the month there were several instances when days would go by without a new version of the virus. The frequency, however, has picked up again this week.
Did you find this article useful?
63 out of 153 people found this useful
- Share this article:
