Bugwatch: Worm wars

This week David Kopp, head of TrendLabs Europe, considers recent developments affecting virus proliferation.

If prizes were handed out for upping the ante, then surely the latest breed of malware authors would take this year's top trophy.

They've already amassed an array of alerts from antivirus vendors and seem intent on continuing their conveyor-belt production of new viruses and variants.

In March alone, we issued six new alerts relating to worm-based viruses, showing that worms remain the number one threat to home users and corporate networks.

The majority of these warnings concentrated on two main virus sources: Netsky and Bagle. The profusion of viruses from these two sources is the product of an ongoing worm war that can be traced over a number of months.

For instance, each time a new variant of Netsky is released, a new Bagle derivative also appears. The battle is being pitched on a number of levels, including counter-insurgence operations.

Bagle, for example, is able to disable previous Netsky variants, while Netsky can neutralise previous Bagle viruses and others including MyDoom and Nachi.

It also seems apparent that the virus writers are keen to align themselves strategically.

For example, neither one exploited application vulnerabilities originally. However, as soon as Bagle did, Netsky seemed to follow suit. And the ferocity of the conflict is being amplified by changes in the arena where the cyber-battle is being fought.

One fundamental development is the growing number of users connected to the internet, and, more importantly, the number of home users connected via broadband connections.

Mass-media advertising campaigns have successfully encouraged users to seek out faster, always-on connections that facilitate quick downloads and an improved online experience.

Unfortunately, users are often unaware of the potential threats associated with this kind of connection and can therefore fail to take the appropriate steps to protect themselves.

By plugging straight into the internet without the buffer of an early warning system, home users are increasingly the target for malicious attacks and are emerging as the main vector of virus propagation.

Of course, this isn't the only development affecting virus proliferation. Money also plays its part.

Gone are the days, for example, when virus authors developed malicious code as a means of testing their technical abilities. Now many viruses attempt to steal valuable information.

Most incorporate backdoors, which enable hackers to access computers without the knowledge of the user. While inside, the uninvited guest can spread malicious code, gather email addresses for spam or pilfer credit card numbers.

While it is impossible to predict the future, it seems likely that the growing popularity of broadband connections and the apparent naivety of home users will help the continued proliferation of new viruses and prolong the bitter battle between Bagle and Netsky.