Worm writers' war of words throwback to days of old

The recent worm war between the creators of the Netsky and Bagle worms represents a throwback of sorts to when worm writers would boast and brag to all who would listen.

The recent war or words between the creators of the Netsky and Bagle worms recalls the days when worm writers would brag to all who would listen.

Since late last month, a spate of new Netsky and Bagle variants have surfaced. In some cases, the worms feature messages, often in broken, misspelled English, to taunt rival worm creators. For example, Bagle-J features the following message: "Hey, NetSky ... don't ruine our bussiness, wanna start a war?"

The authors of the Netsky and Bagle worms seem a little more childish than the people who wrote the Sobig worms or Blaster.


Graham Cluley
Senior technology consultantSophos
Netsky-F, by contrast, contains this missive: "Skynet AntiVirus - Bagle - you are a looser!!!"

Such dialogue is reminiscent of the times when worm writers used message boards to brag about their creations. "They are clearly more vocal then we have seen for the last year or year and a half," said Vincent Gullotto, vice president of McAfee AVERT.

Echoing those sentiments, Graham Cluley, senior technology consultant with U.K.-based Sophos PLC, said, "The authors of the Netsky and Bagle worms seem a little more childish than the people who wrote the Sobig worms or Blaster."

It's widely believed that the Sobig worms were created to set up open relays for spamming. For that reason, it's believed, the creators didn't even want the worms to be discovered. "The more you say in a worm, the greater chance that you say something that can incriminate you," Clulely said.

At least one virus researcher thinks there is nothing unusual about the bravado displayed by the Bagle and Netsky writers.

"This is probably the first time the comments within worms have gotten so much attention in the media," said Joe Hartmann, director of North American research for Trend Micro Inc. "Almost all worms have comments in them."

Hartmann thinks the attention generated by the succession of worms comes from researchers' inclusion of as many details as possible in their advisories -- including the comments.

For more information

Check out this news exclusive "Heeding the wakeup call".

Or click here for Best Web Links on malicious code.

Messages are hardly new in worms. For example, the Blaster worm, which struck last August, contained the message "I just want to say LOVE YOU SAN!! bill." In fact, many originally called the worm Lovsan because of that message.

Others have created worms as a way of applying for a job with an antivirus company. "I want a good job, I must support my parents. Now you have seen my technical capabilities," the writer of Klez-E wrote. "Don't call (me) names, I have no hostility. Can you help me?"

The creators of the Bagle and Netsky worms don't appear to want jobs. Their mission seems to be publicity. During the weekend of Feb. 28, a new variant of Bagle would appear shortly after the antivirus software vendors created protection for the previous one. Late in the week, Mydoom-G and -H added to the fray.

Things appear to be slowing down as of Monday morning. The writers may be getting bored -- or they may have finally become wise to the risks of releasing worms.

This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close