A Battle Royale of Bagle, MyDoom and NetSky?
- By Scott Bekker
- March 04, 2004
The incessant flood of variants of three major new worms -- Bagle, NetSky and MyDoom -- may be more than a coincidence. Some security vendors suspect the worm authors aren't primarily interested in causing havoc among corporate and home users, although that clearly is a major goal. Instead their obsession may be one-upping each other.
"It's a direct attack on the response times of antivirus companies, a strain on IT professionals, a financial impact on businesses, and appears to be a war over power and seniority among these authors," says Steven Sundermeier, vice president of products and services at Central Command.
Sundermeier points to the short interval between each worm variant release, the way the worms target one another's armies of compromised computers and the nasty text references the worm authors put in their code about the writers of the rival worms.
Since Feb. 27, according to Central Command:Bagle authors have released nine variants (C through K).
NetSky authors have released three variants (D through F).
MyDoom authors responded with a G variant that is immune to a NetSky attack that disables earlier versions of MyDoom.
Then again, maybe it's all a ruse, Sundermeier says: "Obviously, virus writers can't be trusted. So, what might appear as a malicious cat-and-mouse game between virus writing groups may actually be a well-organized cover-up to disguise their true intentions."
Scott Bekker is editor in chief of Redmond Channel Partner magazine.