ZDNet AnchorDesk: Virus 'gangs' to blame for recent epidemic:
"It's a busy time for computer viruses and worms. Over the last three weeks, we've seen nearly two dozen variations of Bagle, Netsky, and MyDoom circulate the Net. What gives? It looks like gang warfare is responsible, drive-by shootings on the information highway."

YOU HEARD ME right. "Gangs" of virus writers are currently trying to outdo one another and protect their turf. What they're fighting for is control of thousands of Trojan horses that create stealth peer-to-peer networks out of virus-infected computers worldwide. Such networks can be used to launch next-generation computer viruses or distributed denial-of-service attacks. They can also be sold to spammers who use them to anonymously send messages to our inboxes. Because of all their uses, virus writers consider these networks worth fighting for.

Unfortunately, you and I aren't just bystanders, we're the targets. And the only solution I can offer is what I've been saying for years: Update your antivirus software and don't open unsolicited e-mail messages. I wish there were a magic fix I could offer that would inoculate us all from these viruses, but, unfortunately, I can't. These infections aren't even very original. They use good old-fashioned social engineering, and not a software flaw, to spread.

There appear to be three distinct gangs: the MyDoomers, who are using source code from the MyDoom.b worm to set up stealth networks; the Bagles, who wrote their own unique viral code to establish the same sorts of networks; and the Netskys, who seem to have started the whole imbroglio by thwarting the plans laid down by MyDoom and Bagle.

THE FIGHT seems to have broken out on Feb. 18, when Netsky.b appeared on the Net and began removing traces of MyDoom and Bagle from infected computers. Netsky.b not only removed the viral code, but also the Trojan horse "back doors." These are the tunnels of communication that allow the MyDoom and Bagle gangs to communicate with infected systems and thus set up the valuable peer-to-peer networks. Needless to say, the authors of the Bagle and MyDoom variants took offense--as Netsky spread, their networks began to shrink in size and thus their ability to do harm online diminished.

One week later, on Feb. 25, the Netsky.c variant appeared a hidden message embedded in the code: "We are the skynet--you can't hide yourself---we kill malware...MyDoom.f is a thief of our idea!" (Such messages are known as "greetz.") A few days later, Bagle.J and MyDoom.G responded: "Hey, NetSky...Don't ruin our business, wanna start a war?" and "To NetSky's creator(s): imho, skynet is a decentralized peer-to-peer neural network. We have seen P2P in Slapper in Sinit only. They may be called skynets, but not your...app." (Slapper is a Linux worm that established its own P2P network starting in August 2002; Sinit is a common Trojan horse that also established its own P2P network, starting in October 2003.)

Greetz are not new; often they are directed at rival Internet gangs or antivirus researchers. In December of 2001, rival members of Israeli script kiddie gangs unwittingly released the Goner virus. In that case, the virus (which they called Pentagone) contained greetz with Internet nicknames of the authors: "Pentagone coded by: suid, tested by: ThE_SkuLL and Isatanl." Originally, the authors named in the greetz denied their involvement; shortly thereafter, however, they took credit for the virus when the news media started saying the code was cut and pasted from elsewhere. A short time later, the Israeli youths were arrested and sentenced to 2.5 years in jail.…

http://reviews-zdnet.com.com/AnchorDesk/4520-7297_16-5124832.html?tag=adss