Hidden 'backdoors' worry security firms

The recent spate of Netsky and Bagle worms is not just a problem now: it may compromise thousands of PCs for the foreseeable future, say security experts

Software "back doors" that can give hackers full control over an infected PC are becoming more difficult to detect because of the sheer number of viruses and worms that can now distribute this type of malware, say security experts.

The Bagle worm, which was first discovered in the middle of January, has so far spawned 26 variants. The worm's archrival Netsky, which was first released in mid-February, is already up to its 28th variant. Both worms' authors have so far evaded capture by authorities, and security researchers have never been under so much pressure to produce and distribute signature files. But the sheer number of variants means that some are inevitably missed

Alex Shipp, a senior antivirus technologist at email-security company MessageLabs, said that one of the dangers of having so many different variants is that many will go undetected and leave users' systems vulnerable.

"If they have a lot of different back doors, virus companies may find the one that is the most popular, but if nobody sends in a sample of a more obscure one, they won't know it's there," he said.

Raimund Genes, president of European operations at antivirus firm Trend Micro, said that because the virus authors seem to have a "commercial interest" in growing their army of zombie computers, secret back doors are inevitable.

"Sooner or later they will start planting back doors that are difficult to detect. They have already hijacked lot of computers -- that is the only way the new variants could pop up so fast," he said.

MessageLab's Shipp said the authors are probably making money by selling malicious services from their army of zombie systems: "They have a whole cache of PCs that they can sell to the highest bidder -- tp spammers or people that want to launch DDoS attacks," he said.

"If you don't have a proper firewall and other security, you could be compromised for quite a long time," Shipp added.