Bagle eats Netsky as the worm turns
The latest variants of the Bagle worm are designed to attack and destroy the Netsky worm, in a development that has security companies worried that even more spam is on the way.
Earlier this month, security researchers discovered that the authors of MyDoom and Bagle were exchanging insults, and that the author of the Netsky worm was using text hidden inside the virus's code. Researchers believe that the insults were flying because the Netsky worm had been designed to kill any copies of the Bagle and MyDoom worms.
Finnish security company F-Secure's Mikko Hyppönen told ZDNet UK that Bagle has never before retaliated with anything but insults: "This is the first time Bagle has retaliated and tried to hit back by removing the Netsky worm," he said.
The latest variants of Bagle (N, O and P) can kill some of Netsky's processes and also delete its start-up keys from the Windows Registry, said Hyppönen. This is not a good sign for Internet users because although Netsky was a virus and caused many problems, it may have actually reduced the amount of spam circulating around the Web: "Although viruses are always bad, by removing the email proxy inserted by MyDoom and Bagle, Netsky probably has limited the size of these attack networks quite considerably, which has limited the amount of spam people receive," he said.
Last Tuesday, the author of Netsky told security researchers through a coded message that he was not going to produce any more variants, but he warned them he would be publishing the worm's source code. Since then, there have been three new variants of Netsky, but without many of the original traits, which makes researchers believe the new variants have been written by different people.
This change in Netsky's "ownership" combined with a more aggressive Bagle is likely to mean that more computers will be infected and converted into spam proxies, which will mean more spam. "It depends on how widespread the new versions [of Bagle] become -- at the moment they are not very widespread, but that may change. I have accepted the fact that the end users will click on attachments -- that is something we have to take for granted and build protection around that," he said.