|
Tired of simply taking down systems for fun and status, three sizable and organized gangs of virus writers appear to be in a death-match competition for total supremacy in their misanthropic endeavors.
Over the past week, variants of three unique worms, "Zotob", "Bozori", and "IRCbot" started to shut down systems at several major media outlets and businesses around the world, but particularly in the United States on Tuesday. In a statement posted to the F-Secure website earlier today, chief security researcher, Mikko Hypponen, noted the bots now seem to be attacking each other.
"We seem to have a botwar on our hands," said Mr. Hypponen who works for the Scandinavian software security firm. "There appears to be three different virus writing gangs turning out new worms at an alarming rate - as if they would be competing who would build the biggest network of infected machines. The latest variants of Bozori even remove competing viruses like Zotob from the machines!"
Write 10,000 lines of code in 10 minutes!
Iron Speed Designer – Free Evaluation |
|
The worms appear to be primarily attacking systems running un-updated versions of Windows 2000 without a firewall. Larger organizations are likely infected by their own employees who take their laptops home, reconnecting to the internal system the next day.
According to Mr. Hypponen's statement, "This worm replicates by scanning machines at port 445/TCP and, when a victim is found, uses the exploit code to download the main virus file via ftp. At this point it sets up an ftp server on the infected machine and starts scanning for more targets continuing its spread."
For more information on this outbreak and advice (as it becomes available) on how to deal with it, please visit the F-Secure Blog at http://www.f-secure.com/weblog/.
|
,
Inc. 2549 Richmond Rd. Lexington KY, 40509
