Viral turf war

I remember very well the competing worms that came out in early 2004, Netsky and Bagel (Beagle) and to a degree Mydoom as well. One would try to uninstall the other as they fought for control of a pc. They were done by competing gangs and were literally waging a turf war with home (and business computers.) The same seems to be happening with the latest round of plug ‘n play (worms) viruses (bots).

According to the Security Fix, F-secure has details on the different “families” of worms and bots fighting for control of vulnerable pcs. They detail three Zotob variants, one Rbot, one sdbots (sic), three IRC bots and two variations of bozori.

They go on to say…

RCBot.EU variant deletes Zotob.A and B, the Bots that are using the Plug-and-Play vulnerability and some adware.

Bozori.B variant is trying to remove Zotob.A and.B as well as some of the Bots that are using the same vulnerability.

So what is the goal? Bot networks are sold in some of the seedier spots online for dollars per thousand machines. Essentially the “buyer” gets to control the network to relay junk mail or who knows what other purposes (store illicit content for various websites?) Also, when you have that large a number of machines a distributed Denial of Service attack is do-able. So, one group might dDoS the other groups website, or the website of a group they don’t like.

It is VITAL that if you have a machine that has not been patched *(or even those that have), please do yourself (and EVERYONE) a favor by making sure you have current antivirus and run a scan using recent (today’s) definitions. Otherwise you might not be the person that “owns” your machine. The recent bots heavily affected Windows 2000 primarily. They do not seem to affect, but can run on, other variations of Windows (2003, XP, even NT, 98, 95 and ME can run the code).

Even if you’re on an unaffected platform (by this worm) this might be good motivation to see if you’re one of the folks that still has a version of netsky or mydoom on their PC.

Related Posts

Blog Traffic Exchange Related Posts
  • IM worm acts as a come on to a Santa Claus site According to Information Week, there's a new IM worm out hitting the MSN, ICQ, Yahoo and AIM networks. It poses as a come on for a Santa Claus site. On visiting the site, users receive an unexpected "present" a rootkit which is hidden. IMlogic said that the worm, dubbed "M.GiftCom.All,"......
  • Zotob details Here are some details on the zotob worm (s) culled from several sources.... It copies itself to the Windows system folder as BOTZOR.EXE, it modifies the hosts file to frustrate attempts to access antivirus sites. The .b variant copies itself as csm.exe in the Windows System folder. Both variants create......
  • A virus writer talks.... Along the lines of "Wishlist of Spyware Slime" that I referred to last week, it appears there's a chat transcript out from before the arrest of the suspected writer of the mytob and zotob worms. The security fix has the details. Among other things there are mentions of a profit......
Blog Traffic Exchange Related Websites
  • The Ultimate Contrarian Portfolio, Part 1 True contrarian investors are made of sterner stuff than you and I are. If you're like most people, you may find it tough to buck market consensus -- to go against what you hear and see in the media everyday. On one level, contrarianism is just about going against......
  • Tips for Playing the Violin Here are some tips for learning how to play the violin, which provide an accompaniment to the series we just did on learning how to properly play and practice the violin. 1 - If you want to learn more quickly, it would be wise for you to consult a private......
  • Trojan Horse Protection - Antivirus Trojan Software In today’s online environment it’s important to know what risks lie ahead at each click. This paper will describe so of the malicious kinds of attacks your Home/Office PC may encounter online. Now I’m sure we have all heard of Viruses online and some of you have heard of Trojans.......
PDF24    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Comments are closed.

Switch to our mobile site