'War of the Worms' Spurs Latest Cyber-Attack

The computers that crashed at ABC News and other media outlets may have been caught in the crossfire of a virtual "war of the worms" between rival criminal gangs waging a cyberspace turf war.

The turf? Control of computers like those at ABC News -- and maybe yours, too.

"It's a little bit like rabid dogs fighting over a choice piece of meat, and it's a little bit revolting," said Sam Curry, vice president of Computer Associates, the corporate cybersecurity company. "It's [an illustration of] no honor among thieves."

Companies including ABC, CNN, The Associated Press, The New York Times and Caterpillar all found their networks slowed to a virtual standstill on Tuesday.

Computer security experts blamed multiple variations of the "Zotob" computer worm for the cyberspace attack, which primarily affected systems running the Windows 2000 operating system. Curry said Windows 2003 and Windows XP also are vulnerable, particularly if not protected by the latest Microsoft security patches, firewalls and antivirus software.

But in this case, besides disabling computers, the many different versions of the worm are competing against each other on the affected machines, vying to seize decisive control and build computer armies sometimes called "botnets," according to Graham Cluley, senior technology consultant at the Sophos antivirus company.

"There is an enormous amount of money to be made," Cluley said. "There's an opportunity here. It's like a gold rush."

By controlling entire armies of unprotected PCs, criminals might be in a position to steal information like passwords and credit card numbers. They also might rent out the botnets to launch waves of spam, or use the large numbers of computers under their control to bombard corporate systems and demand extortion money. They also could use infected computers to launch new cyberspace attacks and increase their numbers further.

"Around 50 percent of all spam is actually sent from innocent people's computers without their knowledge," Cluley said. "This isn't just about innocent people in the back bedroom. This is about organized crime trying to make money."

Threatening the Defenders?

In the latest attacks, Curry found evidence the worm-writers are thumbing their noses -- or worse -- at those trying to stop them. He found an apparent message to antivirus companies that some versions of Zotob may have left in the host files of infected computers: "MSG TO avs: the first av who detect this worm will be the first killed within the next 24hrs!!!"

"The new dimension is they're making overt threats against the antivirus companies," Curry said.

"If they can shut down the defenses for as many people as possible, then they increase the window in which they can get as many victims as possible."

While it's unclear whether botnet operators have threatened antivirus companies in the past, there is precedent for turf battles between rival gangs of computer criminals. In 2004, Cluley noted, creators of the Bagle and Netsky worms taunted each other in embedded messages, and Netsky used code designed to remove several versions of Bagle from infected computers.

A Case of Worm vs. Worm

Now, however, security experts say the cyber criminals are stepping up the pace in their virtual street war, creating more worms that will delete rival worms in order to hijack ever-greater armies of computer "robot PCs" likely to be used for criminal activity.

Page
  • 1
  • |
  • 2
  • |
  • 3
null
Join the Discussion
You are using an outdated version of Internet Explorer. Please click here to upgrade your browser in order to comment.
blog comments powered by Disqus
 
You Might Also Like...