Are virus writers working together?

Posted by: Digital Geek

Are virus writers working together? - 03/10/05 01:14 AM

Security vendors are divided as to whether several virus writers are working together and sharing information.

After investigating the recent Bagle outbreak, Kaspersky Lab virus analysts concluded that the authors of Bagle, Zafi and Netsky are working hand-in-hand.

The analysts substantiate their statement by pointing to a malicious programme that harvests e-mail addresses from infected machines, called SpamTool.Win32.Small.b, which was first detected on 15 February.

According to Kaspersky, further analysis reveals the mass mail of this programme was a preliminary stage in the attack carried out by Bagle on 1 March.

“In researching the Bagle outbreak, virus analysts have concluded that the authors of Bagle, Zafi and Netsky, as well as others, are working closely together. They may not be personally known to each other, but they are all using information provided by the author of Bagle to mass mail their creations.”

In the space of two days, approximately 50 modifications of a range of malicious programmes were mass mailed. The timing of these mailings clearly shows they are automated or semi-automated, says the company.

“These recent events confirm the trend towards the ‘criminalisation' of the Internet. And likely as not, events will continue to evolve in such a way: network attacks are now automated, take place in several stages, and are carefully timed and planned. The authors of malicious code are joining forces, exchanging information and techniques, in order to increase the impact of attacks,” says Kaspersky.

However, NOD32 SA CEO Justin Stanford says it is unlikely these virus writers are collaborating.

“It is hard to say for sure who wrote a virus, so it is tough to determine whether or not another virus was written by the same person. There have been so many Netsky, Bagle and Zafi variants that it is highly likely they were not all written by the same person,” says Stanford.

“Anyone can take a virus, pull its code apart, and 'learn' from it so they can make their own modifications. It is likely that one virus writer will do that to other viruses and essentially take inspiration from it.

“I would say it's impossible to know with certainty that certain writers are actually collaborating and literally sharing code between them. Indirectly all virus writers share stuff because most viruses these days are modifications or variations of previous viruses.”

Generally speaking, virus writers are unlikely to go outside their circle of friends, says Stanford.

“Otherwise, if they're on their own, and they're smart, they'll want to stay on their own. If they're stupid, they'll go bragging to others and end up in jail.

“Given the obvious animosity and competitiveness between the Bagle and Netsky writers originally, teaming up seems very unlikely.”

SOURCE