The world may be at the beginning of its first cyber war, as three virus-writing groups have begun warring to control a vast army of compromised Internet-connected computers, experts warn.
PC anti-virus company Central Command sent out this warning in a stark message released last night. It claims that "a global assault for control of millions of computers is occurring,"
Three virus groups, authors of the Internet worms known as MyDoom, Bagle and Netsky are battling to control all the PCs which have had trojan horses and back-door ports opened as a result of recent malware attacks, including the MyDoom viruses.
"The short period of time between each new worm release, by the same set of virus writing groups, is real reason for alarm, especially since so many of them have successfully compromised systems worldwide," warned Steven Sundermeier, VP products and services at Central Command.
"Since February 27 the author(s) of the Bagle have release nine separate variants (Worm/Bagle.C-K). Four of these have been seen successfully proliferating around the world. Likewise, over the same period of time, the author(s) of the Netsky Internet worm have released three versions of their own (Worm/Netsky.D-F). Netsky's apparent agenda is the disabling of the Bagle and MyDoom worms. The author(s) of MyDoom have responded with the release of MyDoom.G, an updated version that was not disabled by Netsky", he explained.
The warning emerges just days after the UK Department of Trade and Industry issued survey results compiled by PricewaterhouseCoopers showing that 89 per cent of UK businesses are connected to the Internet and 72 per cent of all companies had received virus-infected emails in the last year. Most chillingly, these statistics showed that 50 per cent of UK business have suffered from virus infection or denial of service attacks in the last year.
"Damage from virus incidents varied from less than a day's disruption and no cost to major disruption to services for a month or more," the report said.
Chris Potter, the PricewaterhouseCoopers partner who led the survey team said: "While almost every UK business has anti-virus software in place, the incidence of attack is rising. New viruses like MyDoom and Netsky sweep the world within hours of their release. Software is only as good as its last update and increasingly companies have set their anti-virus software to automatically update itself immediately a new release is available. However, anti-virus software alone does not solve the problem – it's vital to install the latest operating system security updates and patches as well. To check this, companies need effective monitoring and audit processes."
Malware authors are becoming ever more sophisticated. A report on Silicon.com this week quoted David Emm, marketing manager at McAfee Avert, who said: "It's not unusual to see lots of variants, but I can't remember when we have seen so many in such a short amount of time." The sheer number of worms lends weight to Central Command's warning of a virus war.
UK security experts mi2g also believe the current epidemic is not being caused by computer hobbyists. A report "The malware tsunami – key questions" released by the company this week said: "In liaising with government agencies, the mi2g Intelligence Unit has learnt that the zombie creating function of the latest malware – especially MyDoom and Bagle – is linked to the requirement to create proxies for spam campaigns, phishing scams and DDoS extortion. This is not the activity of hobbyists but organized criminals."
These analysts also believe the author of the NetSky virus is involved in a "turf war" with MyDoom and Bagel virus authors.
"There is a large tsunami of variants being released in a short space of time. This is historically unprecedented. It is also too early to answer this question. The number and frequency of variants being released suggests some dedicated resources are being applied to achieve a specific objective."
Echoing comments from Central Command, mi2g – who believes that part of the current problem must be attributed to the Microsoft-dominated operating system market, which it calls a "software monoculture" – said: "Either way, the net beneficiary (of current outbreaks) is organized crime as the number of compromised computers or zombies continues to increase. Those zombies can be used for a variety of malevolent or clandestine purposes from launching spam campaigns to phishing scams and also from carrying out DDoS extortions to working as fileservers for illicit or pirated material."
While Macs are not directly affected by the current malware plague, every virus-laden email received by Mac users is a result of the outbreak. Many Windows PC users have not yet installed the security updates released by Microsoft, and neither have they invested in virus protection.
mi2g compares the current outbreak to the Great Fire of London: "It is likely that proprietary software solutions may succumb to the equivalent of the 1665 Great Plague and then the Great Fire of London in the following year brought about in cyber space by trans-national criminal syndicates perpetrating spam, phishing scams and zombie orchestrated DDoS attacks."