Who is behind this latest crop of viruses, and variants on viruses?
Mi2g, a London-based technology security company, reckon that MyDoom and Bagle ”is not the activity of hobbyists but organised criminals” and that Doomjuice.a, which carried the source code of MyDoom.a was “clearly written by the same perpetrators” with the motive of covering their tracks.
That said, mi2g reckon the original NetSky author may merely have been “involved in a turf war with MyDoom and then another turf war with Bagel”. (Yes, it does sound like a bad police series). “That,” mi2g says, “suggests the possibility of bragging rights or intellectual challenge as a motive instead of financial gain.” Evidence? ”NetSky.d was released at the beginning of March, and whilst it has its own agenda, it also modifies registry keys to delete the “au.exe” file used by two variants of the Bagle malware.”
This large number of variants in such a short timeframe, mi2g say, “is historically unprecedented”. It’s not clear who is behind these, mi2g say, but whoever it is, “the net beneficiary is organised crime as the number of compromised computers or zombies continues to increase”. These slave computers can be used for anything, from spam to phishing scams to DDoS extortions to working as fileservers for illicit or pirated material.
My guess? Success breeds copycat attacks, and there are an awful lot of folk out there who have the knowledge and the inclination for this kind of thing. It’s no surprise that these attacks are getting worse, and that there is a clear link between virus writing and scams. Hold onto your hat.