Multiple computer worms released as "botwar" rages

There are no reviewed versions of this page, so it may not have been checked for adherence to standards.

Thursday, August 18, 2005

Security experts are calling it a "botwar". Multiple computer worms, with payloads that turn infected computers into sources of spam, viruses and security attacks, are being released by at least two separate groups. Now newer versions of one group's worm include the ability to disable earlier versions of the other group's infection. "The W32/Zotob-F worms (also known as Bozori) attempts to remove infections by earlier versions of the Zotob worm and other malware, so it can take control of the compromised computer for itself", a Sophos news item stated. F-secure's Weblog confirmed this and added "It seems there are two groups that are fighting: IRCBot and Bozori vs Zotobs and the other Bots."

Gregg Keizer of TechWeb News draws parallels between the current events and a prior example of criminal activity; "The most notable back-and-forth between [virus and worm writers] was in early 2004, when the writers of the Bagle and Netsky worm families engaged in a long-running tit-for-tat exchange where each tried to delete the other's code. The battle led to a veritable flood of malicious code that [lasted] weeks." While some see a repeat of those events, other experts indicate that the current situation is "business as normal" for the criminals that create these "bot networks".

A statement from Kaspersky Lab stated that confusion over the naming of the worms has combined with overzealous reporting by infected news organisations to create confusion as to the magnitude of the attack. At this stage they are not calling it an epidemic.

All of these worms currently exploit the MS05-039 Plug and Play vulnerability, for which a patch has already been released.

Sources

"War of the worms: Malware fights for control of insecure computers, Sophos reports" — sophos.com, August 17, 2005

"This is not a viruswar, this is a botwar!" — f-secure.com, August 17, 2005

Agence France-Presse. "Rival Hacker Groups Spread Worms" — newsfactor.com, August 17, 2005

"The biggest virus epidemic since Sasser and Mydoom? Kaspersky Lab comments on the current situation" — kaspersky.com, August 17, 2005

Gregg Keizer. "Bot Battle Brewing?" — cmpnetasia.com, August 17, 2005

Share this:

The text of this article has been released into the public domain. In the event that this is not legally possible, this article may be used for any purpose, without any condition, unless such conditions are required by law. This applies worldwide. Copyright terms on images, however, may vary, so please check individual image pages prior to duplication.
Please note that this only applies to Wikinews content created prior to September 25, 2005. All content created after that date is released under a Creative Commons license which is mentioned at the bottom of each article. This is currently the Creative Commons Attribution 2.5 License.

This page is archived, and is no longer publicly editable.

Articles presented on Wikinews reflect the specific time at which they were written and published, and do not attempt to encompass events or knowledge which occur or become known after their publication.

Got a correction? Add the template {{editprotected}} to the talk page along with your corrections, and it will be brought to the attention of the administrators.

Please note that due to our archival policy, we will not alter or update the content of articles that are archived, but will only accept requests to make grammatical and formatting corrections.

Note that some listed sources or external links may no longer be available online due to age.