Recent Posts

Community

Email Notifications

Personal Links

Archives

Harry Waldron - IT Security

Security Developments, Software Updates and Best Practices

MS05-039: Virus Writers compete in Botwars to create top variant

  About a year ago, the authors of Netsky/Bagle/MyDoom virus variants were engaged in a “virus war“ where they deleted existing copies of competing viruses when infecting a suseptible PC.  Similarly, the virus writers who have created Zobot, Bozori, IRCBot, and other MS05-039 variants have in a competitive effort to be the top worm creating MS05-039 based infections.  

F-Secure Weblog: August 17, 2005 "This is not a viruswar, this is a botwar!"

QUOTE: Here is a status update on the malware using the Plug-and-Play vulnerability (MS05-039). For the last four days we got 11 different samples of malware using this vulnerability. Currently there are three Zotob variants (.A, .B and .C), one Rbot (.YK), one Sdbot (.ADB), one CodBot, three IRCbots (.ES, .ET and .EX) and two variants of Bozori (.A, .B).

Variants from both IRCBot and Bozori families are deleting competing PnP bots. It seems there are two groups that are fighting: IRCBot and Bozori vs Zotobs and the other Bots.

See our high-tech illustration for details.

Posted: Aug 20 2005, 02:05 PM by Harry Waldron | with no comments