The recent war or words between the creators of the Netsky and Bagle worms recalls the days when worm writers would...
brag to all who would listen.
Since late last month, a spate of new Netsky and Bagle variants have surfaced. In some cases, the worms feature messages, often in broken, misspelled English, to taunt rival worm creators. For example, Bagle-J features the following message: "Hey, NetSky ... don't ruine our bussiness, wanna start a war?"
Such dialogue is reminiscent of the times when worm writers used message boards to brag about their creations. "They are clearly more vocal then we have seen for the last year or year and a half," said Vincent Gullotto, vice president of McAfee AVERT.
Echoing those sentiments, Graham Cluley, senior technology consultant with U.K.-based Sophos PLC, said, "The authors of the Netsky and Bagle worms seem a little more childish than the people who wrote the Sobig worms or Blaster."
It's widely believed that the Sobig worms were created to set up open relays for spamming. For that reason, it's believed, the creators didn't even want the worms to be discovered. "The more you say in a worm, the greater chance that you say something that can incriminate you," Clulely said.
At least one virus researcher thinks there is nothing unusual about the bravado displayed by the Bagle and Netsky writers.
"This is probably the first time the comments within worms have gotten so much attention in the media," said Joe Hartmann, director of North American research for Trend Micro Inc. "Almost all worms have comments in them."
Hartmann thinks the attention generated by the succession of worms comes from researchers' inclusion of as many details as possible in their advisories -- including the comments.
Others have created worms as a way of applying for a job with an antivirus company. "I want a good job, I must support my parents. Now you have seen my technical capabilities," the writer of Klez-E wrote. "Don't call (me) names, I have no hostility. Can you help me?"
The creators of the Bagle and Netsky worms don't appear to want jobs. Their mission seems to be publicity. During the weekend of Feb. 28, a new variant of Bagle would appear shortly after the antivirus software vendors created protection for the previous one. Late in the week, Mydoom-G and -H added to the fray.
Things appear to be slowing down as of Monday morning. The writers may be getting bored -- or they may have finally become wise to the risks of releasing worms.