Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

Viral turf war

I remember very well the competing worms that came out in early 2004, Netsky and Bagel (Beagle) and to a degree Mydoom as well. One would try to uninstall the other as they fought for control of a pc…

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

I remember very well the competing worms that came out in early 2004, Netsky and Bagel (Beagle) and to a degree Mydoom as well. One would try to uninstall the other as they fought for control of a pc. They were done by competing gangs and were literally waging a turf war with home (and business computers.) The same seems to be happening with the latest round of plug 'n play (worms) viruses (bots). According to the Security Fix, F-secure has details on the different "families" of worms and bots fighting for control of vulnerable pcs. They detail three Zotob variants, one Rbot, one sdbots (sic), three IRC bots and two variations of bozori. They go on to say...
RCBot.EU variant deletes Zotob.A and B, the Bots that are using the Plug-and-Play vulnerability and some adware. Bozori.B variant is trying to remove Zotob.A and.B as well as some of the Bots that are using the same vulnerability.
So what is the goal? Bot networks are sold in some of the seedier spots online for dollars per thousand machines. Essentially the "buyer" gets to control the network to relay junk mail or who knows what other purposes (store illicit content for various websites?) Also, when you have that large a number of machines a distributed Denial of Service attack is do-able. So, one group might dDoS the other groups website, or the website of a group they don't like. It is VITAL that if you have a machine that has not been patched *(or even those that have), please do yourself (and EVERYONE) a favor by making sure you have current antivirus and run a scan using recent (today's) definitions. Otherwise you might not be the person that "owns" your machine. The recent bots heavily affected Windows 2000 primarily. They do not seem to affect, but can run on, other variations of Windows (2003, XP, even NT, 98, 95 and ME can run the code). Even if you're on an unaffected platform (by this worm) this might be good motivation to see if you're one of the folks that still has a version of netsky or mydoom on their PC.