 |
 MyDoom virus mocks rivals, threatens AV firms
October 21, 2004
Antivirus companies are threatened by the creators of MyDoom virus. The possible attack targets antivirus companies F-Secure, Symantec, Trend Micro and McAfee. It also ridicules rival worm Netsky.
A plain-text message embedded into the code of the MyDoom.AE, 31st variant of the MyDoom worm, read: "we will attack f-version reads: "Lucky's Av's ;P~. and we will work with Mydoom, P2P worms and exploit codes. Also we will attack f-secure, symantec, trendmicro, mcafee, etc. The 11th of march is the skynet day lol. When the beagle and mydoom loose, we wanna stop our activity <== so Where is the Skynet now? lol."
The message has left antivirus companies unsure of what to expect.
"It remains to be seen what they mean by threatening to attack us," said Mikko Hypponen, director of antivirus research for F-Secure. "That might mean a denial-of-service attack. We've been a target before, but they haven't tried any recently."
Hypponen said the message included comments on previous viruses, poking fun at the Netsky writer Sven Jaschan for being arrested: "Because Jaschan has been arrested, he is no longer a player in the virus war. And MyDoom wanted to highlight they had won the war."
The worm has yet to cause any significant damage because it was released over the weekend, Hypponen added.
On F-Secure's Web log, Hypponen wrote that he was astonished virus writers continued to create worms when they knew there was a $250,000 bounty for information leading to their capture.
Since the start of 2004, the people responsible for creating MyDoom and Netsky have released on average more than one new variant every week. The latest version includes a message warning antivirus researchers to expect more of the same.
John Donovan, managing director of Symantec in Australia, said it is likely the group is based in a country without any specific anti-malware laws so even if they are caught they are unlikely to face prosecution.
"The price on their heads is only good if they are in a country where they can get arrested for it. Most countries in the world have no legislation against the development of malicious code. In Australia they would be fined $1m or face ten years in prison," said Jahn.
There are two basic types of malware writer, said Donovan. One is looking for fame while the other is after money. The second group concerns him the most.
"These are people trying to develop malicious code that is undetectable. They don’t care what anyone else is writing, they do not want to trash systems and they certainly do not want to get into public slagging matches," he added
According to Donovan the bounty is less likely to worry the second group because they could be making a lot of money from illegal activities.
"They will write malicious code or tap into systems and sell information the highest bidder. They are not there for the notoriety; they are there to get cash. Potentially there is more money to be made being part of these gangs than collecting a bounty against them," said Donovan.
When asked to comment on its bounty programme, Microsoft Corp.'s representative declined.
|
|
