The Virus Turf War

By | March 3, 2004

More on who’s behind the latest wave of virus attacks.

Mary Landesman of About.com looks at text strings contained in the viruses of Bagle (sometimes Bagel) and MyDoom to show how ”a battle is waging between three groups of virus writers, each attempting to prove superiority over the other.” It’s a very good piece.

But it’s not quite that simple, I suspect. While she quotes a virus analyst at Norman Data Defense Systems, the excellently named Snorre Fagerland, as saying, “We suspect that several virus authors ā€“ or factions of virus authors ā€“ are competing in creating the most successfully spreading worm. So far we see three different groups or persons, each responsible for their own worm family; NetSky, Bagle, and MyDoom. Text messages inside these worms points in this direction. It seems like they are accusing each other of stealing ideas and code, in an attempt to achieve the highest number of copies spread on the Internet as fast as possible.”

I believe it’s more complex than that. A message in Bagle.J goes: “Hey,NetSky, [expletive] off you [expletive], don’t ruine our bussiness, wanna start a war?” This, Landesman points out, is apparently in response to a string contained in Netsky.C that reads, “]MyDoom.F is a thief of our idea! – -“

My belief is this: A lot of viruses nowadays are business ventures, cobbled together by an informal cabal of computer nerds and folk who want to make money (spammers, scammers). Of course some viruses are just kids in dorms and bedsits messing about for fun. But when the guy(s) behind Bagle.J say ‘don’t ruin our business’ they’re not speaking metaphorically. The Internet is like any other turf, and there’s only so much to go round. What we’re seeing here, I believe, is a turf war among criminals, or possibly between criminals and script kiddies (amateur, and amateurish, virus writers who do it for fun.)

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.