Virus writers exchanging information
08 Mar 2005
Authors of Bagle, Zafi and Netsky working together
Virus analysts at Kaspersky Lab have been investigating the recent Bagle outbreak, and come to the conclusion that the authors of Bagle, Zafi and Netsky are working hand in hand with each other.
SpamTool.Win32.Small.b, a malicious program which harvests email addresses from infected machines, was first detected by Kaspersky Lab analysts on 15th February. Email addresses of antivirus companies are excluded from the list it compiles. Further analysis of the situation reveals that the mass mail of this program was a preliminary stage in the attack carried out by Bagle on 1st March.
In researching the Bagle outbreak, virus analysts have concluded that the authors of Bagle, Zafi and Netsky and others are working closely together; they may not be personally known to each other, but they are all using information provided by the author of Bagle to mass mail their creations.
In the space of just 2 days, approximately 50 modifications of a range of malicious programs were mass mailed. The timing of these mailings clearly shows that they are automated or semi-automated.
These recent events confirm the trend towards the criminalisation of the Internet. And likely as not, events will continue to evolve in such a way: network attacks are now automated, take place in several stages, and are carefully timed and planned. The authors of malicious code are joining forces, exchanging information and techniques, in order to increase the impact of attacks.