Automated kits fuel virus epidemic

The flood of variants of the Bagel and Netsky viruses shows that more and more people are learning more about viruses and how to tweak them.

Netsky.D and Bagel.G have been discovered today, and the rate of new variants shows no sign of slowing.

Netsky.D spreads via email as an executable attachment only. It scans both the local PC and network drives for email addresses to send itself too. Tomorrow, any computer infected by the worm will beep constantly from the PC's speaker from 06:00 to 08:59.

Bagel.G is more of a social engineering attack, with the infected email using a wide variety of headers and messages to convince the user to open its Trojan payload.

Some experts blame the rush of virus variants on the increasing number of relatively inexperienced computer users who are using automated virus creation kits.

"There are so many more people out there who can tweak the code and release a new variant these days," said Jack Clark, technical consultant for McAfee.

"Unfortunately they're succeeding because people are still making the same mistakes, like opening unidentified attachments. In the last months we've seen evidence of antivirus software being studied by malware writers to understand how heuristics engines work."

One such example is virus writers hiding malware within password-protected Zip files, which are generally not scanned by antivirus software.

"A password-protected file is essentially encrypted so they can't be scanned by some of the other antivirus packages," said David Emm, product marketing manager for Network Associates.

"It's difficult to say if we're seeing a growth in the number of virus writers, but some of the techniques being used are effective - chiefly the mass mailing of infected mails.

"Making icons look familiar by portraying them as a standard folder or spreadsheet is also making them more effective."