New data from Microsoft suggests that at least 8 million Windows computers have been infected by the MSBlast, or Blaster, worm since last August--many times more than previously thought. The latest data comes from the software giant's ability to track the usage of an online tool that its engineers created to clean systems infected with the worm. Since the January release of the tool, more than 16 million of the systems that
NetSky variants accounted for 60 percent of all viruses reported in March, making it the most prolific worm in the month, according to a report released Wednesday by security software vendor Sophos.
Fifteen versions of NetSky infected computers during March--sometimes two
different variants appearing in a single day. And on Wednesday, yet another NetSky variant was discovered, NetSky.R, the second variant to appear this week. Antivirus experts attribute the frequency of the NetSky and Bagle viruses to competition between the virus writers.
If there's one thing that anti-virus software makers fear—aside from a mass change of heart by the virus writers—it's the creation of a virus-delivery mechanism that evades detection by their signature-based products. The development of detection files for every new virus is the meat and potatoes of what anti-virus vendors do. Because each virus is unique, anti-virus products require new signatures to detect each one, even those that are simply variants of previous malware.
A new version of the Netsky e-mail worm is on the loose. It's programmed to launch a distributed denial-of-service attack on peer-to-peer networks, contains a message blaming users for spreading viruses and says Netsky's authors want to stop hacking and illegal file trading, antivirus software companies warned.
Netsky.Q first appeared today and is spreading on the Internet. It is the 17th variant of the worm to be released since Netsky first appeared in February, antivirus companies said.
The Witty worm first hit computers known to be vulnerable and emerged so quickly that most companies had no time to apply a patch, according to an analysis of the program.
The worm started spreading around the Internet last week, less than 48 hours after the first public description of the flaw was released. That's the fastest development to date of a worm from a vulnerability, according to a report published Thursday by the Cooperative Association for Internet Data Analysis (CAIDA) and the University of California at San Diego.
Yet another version of the Bagle worm is on the loose and is already causing trouble in parts of Europe. Bagle.U appeared early Friday morning and has begun spreading quickly, even though it contains none of the social engineering tricks that Bagle's author has used to help previous versions succeed. This variant arrives in an e-mail with a blank subject line and no body text. The sending address, as always, is spoofed, and the name of the infected executable attachment is completely random.
The clash prompted the virus writers to pump out new versions and at the last count there were now 21 variants of Bagle and 20 of Netsky circulating.
Anti-virus firms said the makers of the malicious programs had worked hard to find new tricks for variants to use.
Despite the rash of variants neither is close to the number of different versions racked up by the Agobot virus.
Reports are pouring in of UK companies waking up to a barrage of emails resulting from the Netsky variant P hitting what one antivirus expert has described as its "peak".
The worm appeared earlier in the week to little fanfare but businesses across the UK have been logging on today to struggling mail servers, vast numbers of mail delivery failure notifications, interception alerts or instances of the virus itself - all relating to the spread of Netsky.P.
Four new versions of the Bagle e-mail worm appeared on Thursday, and anti-virus experts warn that new techniques by the worm's creator could make it harder to stop the new variants.
Software updates and alerts about Bagle.Q, R, S and T have been released. The new versions of the worm, which first appeared in January, do not carry file attachments containing the virus. Instead, they use a months-old Windows security hole to break into vulnerable machines, experts said.
A quickly spreading Internet worm destroyed or damaged tens of thousands of personal computers worldwide Saturday morning by exploiting a security flaw in a firewall program designed to protect PCs from online threats, computer experts said.
