Viral turf war

I remember very well the competing worms that came out in early 2004, Netsky and Bagel (Beagle) and to a degree Mydoom as well. One would try to uninstall the other as they fought for control of a pc. They were done by competing gangs and were literally waging a turf war with home (and business computers.) The same seems to be happening with the latest round of plug ‘n play (worms) viruses (bots).

According to the Security Fix, F-secure has details on the different “families” of worms and bots fighting for control of vulnerable pcs. They detail three Zotob variants, one Rbot, one sdbots (sic), three IRC bots and two variations of bozori.

They go on to say…

RCBot.EU variant deletes Zotob.A and B, the Bots that are using the Plug-and-Play vulnerability and some adware.

Bozori.B variant is trying to remove Zotob.A and.B as well as some of the Bots that are using the same vulnerability.

So what is the goal? Bot networks are sold in some of the seedier spots online for dollars per thousand machines. Essentially the “buyer” gets to control the network to relay junk mail or who knows what other purposes (store illicit content for various websites?) Also, when you have that large a number of machines a distributed Denial of Service attack is do-able. So, one group might dDoS the other groups website, or the website of a group they don’t like.

It is VITAL that if you have a machine that has not been patched *(or even those that have), please do yourself (and EVERYONE) a favor by making sure you have current antivirus and run a scan using recent (today’s) definitions. Otherwise you might not be the person that “owns” your machine. The recent bots heavily affected Windows 2000 primarily. They do not seem to affect, but can run on, other variations of Windows (2003, XP, even NT, 98, 95 and ME can run the code).

Even if you’re on an unaffected platform (by this worm) this might be good motivation to see if you’re one of the folks that still has a version of netsky or mydoom on their PC.

Related Posts

Blog Traffic Exchange Related Posts
  • Esbot.a Symantec's site is also reporting another virus (technically a worm) targetting the MS05-039 vulnerability. This one is called w32.esbot.a and is also rated at level 3 on their 5 level threat assessment scale. This one creates a mutex called mousebm so that it can only run once. It creates a......
  • Nugache the latest in bot-net technology... and why you should care about botnets... To show you where the threat with bot networks is going there's a story today on Nugache (Symantec summary) which is a bot that takes advantage of a number of clever tricks to avoid having the whole bot net shut down, allow command and control on an encrypted channel and......
  • IM worm acts as a come on to a Santa Claus site According to Information Week, there's a new IM worm out hitting the MSN, ICQ, Yahoo and AIM networks. It poses as a come on for a Santa Claus site. On visiting the site, users receive an unexpected "present" a rootkit which is hidden. IMlogic said that the worm, dubbed "M.GiftCom.All,"......
Blog Traffic Exchange Related Websites
  • The Ultimate Contrarian Portfolio, Part 1 True contrarian investors are made of sterner stuff than you and I are. If you're like most people, you may find it tough to buck market consensus -- to go against what you hear and see in the media everyday. On one level, contrarianism is just about going against......
  • Trojan Horse Protection - Antivirus Trojan Software In today’s online environment it’s important to know what risks lie ahead at each click. This paper will describe so of the malicious kinds of attacks your Home/Office PC may encounter online. Now I’m sure we have all heard of Viruses online and some of you have heard of Trojans.......
  • Choosing the Right Trumpet There are some truly wonderful images out there of trumpets and what they are capable of in film, in print, advertising and so on and so forth. In film, we often see kings and queens as they arrive with the accompaniment of trumpets. The trumpet was once an instrument of......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Comments are closed.

Switch to our mobile site