A virtual blitz of worms is descending on the internet, report antivirus software vendors.
In the past four days, six new variants of the mass-mailing Bagle worm and two new variants of the Netsky worm have been spotted.
Said Ken Dunham, director of malicious code at iDefense: ”It’s interesting to note that a variant of Netsky attempts to remove a variant of Bagle, Bagle.C. It looks like a turf war out there, with the bad guys fighting over the infected computers.”
Mikko Hypponen, director of antivirus research at F-Secure, said the new Bagle variants, Bagle.C, D, E, F, G and H, appear to have been written by the same virus author.
The new variants surfaced in quick succession from Friday.
”It seems the writer is waging a virus war,” he noted.
”Apparently he has been monitoring closely how quickly the antivirus vendors have released detections, then made the necessary alterations to avoid detection and released the new versions immediately.”
Meanwhile, one of the new Netsky variants, Netsky.D, is described as the worst new worm to emerge since Friday.
Brett Myroff, CEO of local Sophos distributor Netxactics, said the virulent new variant seemed set to become one of the most prevalent worms of the year.
The worm arrives in an e-mail carrying a PIF file attachment.
Myroff noted that although many personal computer users were wise to the potential dangers of attachments with EXE, SCR and VBS file endings, they may not realise that PIF files can also carry malicious code.
Kaspersky Labs reports that in addition to targeting Bagle.C, Netsky.D also deletes the keys of another virus, MyDoom, from a system registry and tries to terminate Kaspersky AntiVirus. — Sapa