Viral turf war

I remember very well the competing worms that came out in early 2004, Netsky and Bagel (Beagle) and to a degree Mydoom as well. One would try to uninstall the other as they fought for control of a pc. They were done by competing gangs and were literally waging a turf war with home (and business computers.) The same seems to be happening with the latest round of plug ‘n play (worms) viruses (bots).

According to the Security Fix, F-secure has details on the different “families” of worms and bots fighting for control of vulnerable pcs. They detail three Zotob variants, one Rbot, one sdbots (sic), three IRC bots and two variations of bozori.

They go on to say…

RCBot.EU variant deletes Zotob.A and B, the Bots that are using the Plug-and-Play vulnerability and some adware.

Bozori.B variant is trying to remove Zotob.A and.B as well as some of the Bots that are using the same vulnerability.

So what is the goal? Bot networks are sold in some of the seedier spots online for dollars per thousand machines. Essentially the “buyer” gets to control the network to relay junk mail or who knows what other purposes (store illicit content for various websites?) Also, when you have that large a number of machines a distributed Denial of Service attack is do-able. So, one group might dDoS the other groups website, or the website of a group they don’t like.

It is VITAL that if you have a machine that has not been patched *(or even those that have), please do yourself (and EVERYONE) a favor by making sure you have current antivirus and run a scan using recent (today’s) definitions. Otherwise you might not be the person that “owns” your machine. The recent bots heavily affected Windows 2000 primarily. They do not seem to affect, but can run on, other variations of Windows (2003, XP, even NT, 98, 95 and ME can run the code).

Even if you’re on an unaffected platform (by this worm) this might be good motivation to see if you’re one of the folks that still has a version of netsky or mydoom on their PC.

Related Posts

Blog Traffic Exchange Related Posts
  • Linux network worm... There is a linux network worm (virus) in the wild, which I've mentioned already in an earlier post. I did want to take a few moments to highlight this and dispell a few myths. (This is the first linux virus I recall seeing over at SARC in the last couple......
  • Zotob aftermath and analysis The dust over the zotob worm infection has settled a bit at this point. (You can bet there are still infected machines out there though so if you haven't patched yet - DO IT and check for signs of infection.) Among other things, The Security Fix is analyzing the impact.......
  • Zotob details Here are some details on the zotob worm (s) culled from several sources.... It copies itself to the Windows system folder as BOTZOR.EXE, it modifies the hosts file to frustrate attempts to access antivirus sites. The .b variant copies itself as csm.exe in the Windows System folder. Both variants create......
Blog Traffic Exchange Related Websites
  • Choosing the Right Trumpet There are some truly wonderful images out there of trumpets and what they are capable of in film, in print, advertising and so on and so forth. In film, we often see kings and queens as they arrive with the accompaniment of trumpets. The trumpet was once an instrument of......
  • Trojan Horse Protection - Antivirus Trojan Software In today’s online environment it’s important to know what risks lie ahead at each click. This paper will describe so of the malicious kinds of attacks your Home/Office PC may encounter online. Now I’m sure we have all heard of Viruses online and some of you have heard of Trojans.......
  • The Ultimate Contrarian Portfolio, Part 1 True contrarian investors are made of sterner stuff than you and I are. If you're like most people, you may find it tough to buck market consensus -- to go against what you hear and see in the media everyday. On one level, contrarianism is just about going against......    Send article as PDF   

Similar Posts

See what happened this day in history from either BBC Wikipedia
Amazon Logo

Comments are closed.

Switch to our mobile site