Viruses & Malware

The average size of email-bourne viruses so far this year has been well under 20 kilobytes. A young virus writer, sitting in his underwear in his parent's dark basement, takes a hex editor and modifies a few bytes of the latest Netsky.M (16.5kb), Beagle.J (12kb) or Mydoom.G (20kb) mutation, spawns a new virus variant, and then releases it into the wild. The resulting few thousand compromised machines, a conservative estimate perhaps, will sit naked as drones or "bots" on the Internet, waiting patiently for their summons and commands.

Password-protected attachments are the latest tactic virus writers are using to trick unsuspecting users into spreading computer worms.

Corporate email filters often block ordinary zipped attachments by default but may allow password-protected attachments through their defences. The trick is also designed to foil anti-virus software that can only unzip and check unlocked attachments. Furthermore, users may be more confident that a locked file comes from a trusted source and open it.

Why have we seen so many new virus attacks in recent weeks? I believe it's because there has been little effort made by law enforcement officials to find or stop the virus authors. Maybe there is more effort coming from law enforcement than I'm observing—but if that's true, what they're doing is incredibly inefficient, and it's helping to give the green light to every black-hat coder out there. Script kiddies have gone berserk, seeing that nobody is being caught or prosecuted, and they form a unique smokescreen for the more talented culprits.

A new worm purporting to contain a patch to defend against MyDoom is attacking Windows machines throughout Europe and parts of North America.

Ahhh-choo! Ahh, lucky you. Every time you are exposed to a virus, your immune system builds resistance to that particular bug. So, why can't we build computers that do the same thing?
"If our bodies functioned like computers, we'd be extinct," said Steve Hofmeyr, founder and chief scientist of Sana Security. "The body is a dynamic place that profits from changes," he told TechNewsWorld. "Our immune systems adapt with us from birth to puberty and through the aging process."

Another day, another variant—or two—of Bagle.

Current top of the threats is Netsky.D, the fourth version of an e-mail worm that scours networks seeking new addresses to send itself to.

Users will know if their PC has caught the virus because infected machines will beep at certain times on 2 March.

Many of the viruses on the list of top threats are variants of others that appeared only in the last few weeks.
The original Netsky virus appeared on 16 February but since then has spawned seven variants.

Five new versions of the Bagle worm escaped on to the Web at the weekend. Just one, the medium-risk Bagle-C, has spread widely. The new bagles - C through to G - have minor differences only. It seems that unknown virus writers are trying different tactics to fool users into spreading their malicious code. All seven Bagle variants affect Windows PCs only. Bagle-C commonly arrives by email as a zipped EXE file with the icon of an Excel spreadsheet file and various different subject lines and attachment names. The body of the messages is empty, and the sender address in the email is spoofed.

The latest variant of the Netsky worm is clogging up email gateways in a flood compared to SoBig, experts say

A new variant of the Netsky worm was spreading very quickly on Monday. The news comes on a day where firms are already dealing with five new variants of the Bagle worm.

Five new variants of the Bagle worm were released into the wild over the weekend, with two causing particular problems for enterprise antivirus software scanner technology, say experts.

Bagle versions C, D, E, F and G started propagating over the weekend and although the first three are very similar to the original Bagle -- being spread through email and infecting PCs of users who open the attachment -- Bagle.F and Bagle.G are designed to slip past most enterprise antivirus gateways.