Wednesday, August 17, 2005

Update: F-Secure: This is not a viruswar, this is a botwar!

Mikko writes over on the F-Secure "News from the Lab" Blog:




Here is a status update on the malware using the Plug-and-Play vulnerability (MS05-039).

For the last four days we got 11 different samples of malware using this vulnerability. Currently there are three Zotob variants (.A, .B and .C), one Rbot (.ADB), one Sdbot (.YN), one CodBot, three IRCbots (.ES, .ET and .EX) and two variants of Bozori (.A, .B).

Variants from both IRCBot and Bozori families are deleting competing PnP bots.

It seems there are two groups that are fighting: IRCBot and Bozori vs Zotobs and the other Bots.

See our high-tech illustration for details [above].

Update: Apparently, Reuters was quick to pick up on this story:

Computer worms that have brought down systems around the world in recent days are starting to attack each other, Finnish software security firm F-Secure said on Wednesday.

We seem to have a botwar on our hands," said Mikko Hypponen, chief research officer at F-Secure.

"There appear to be three different virus-writing gangs turning out new worms at an alarming rate, as if they were competing to build the biggest network of infected machines."

Hypponen said in a statement that varieties of three worms -- "Zotob," "Bozori" and "IRCbot" -- were still exploiting a gap in Microsoft Corp.'s Windows 2000 operating system on computers that had not had the flaw repaired and were not shielded by firewalls.

"The latest variants of Bozori even remove competing viruses like Zotob from the infected machines," Hypponen said in a statement on the company's Web site.


0 Comments:

Post a Comment

<< Home