Tuesday, March 16, 2004

Criminals who have infected computers worldwide with destructive viruses and worms are sharing the code of their work online, encouraging others to create copycats that are just as disruptive as the originals.

Multiple versions of notorious computer bugs such as MyDoom, Beagle and Netsky, which are spread through e-mail, are circulating in the cyber-crime community.

The amount of code publicly available rose 5 percent in 2003, according to Symantec, a Cupertino, Calif., Internet security company that tracks viruses.

By sharing their code, virus and worm writers allow just about anyone to replicate their work, increasing the risk of infection for all computers.

Among the most damaging copycat worms in recent months was SoBig.F, the sixth version of the SoBig worm, which infected millions of computers and spread more than 1 billion unwanted e-mail messages in August. SoBig.F spread to more computers than any of its predecessors.

The MyDoom worm, which appeared in February and spread to millions of computers worldwide, has at least seven versions. The latest is programmed to flood Symantec’s Web site with information in an attempt to shut it down. Symantec sells software to block viruses and worms.

The recent worms Netsky and Beagle each have at least 14 versions. Nearly all the codes designed to disrupt computers in recent months are considered worms rather than viruses because they are capable of spreading on their own. Viruses can spread only if a user performs an action, such as passing a computer disk or transferring a file over the Internet.

Analysts said the original versions of the most recent worms were likely to have been written by skilled programmers. But the variants could be written by anyone with access to the original code.

“People are able, with less sophisticated computer programming skills, to create these threats,” said Sharon Ruckman, a senior director with Symantec.

An 18-year-old high school student was arrested in August. He was charged with creating a variant of the Blaster worm, which spread through computer networks to millions of computers. The teenager admitted to authorities that he found code from the original Blaster worm online and simply made minor changes. When he was arrested, he reportedly had been operating a Web site containing code to some viruses and worms.

The most common threats to computer users are worms that spread through e-mail. Worms can infect a computer when the user opens an e-mail attachment containing the worm. Once the attachment opens, the worm spreads to anyone listed in that computer’s e-mail address book. Often the worm creates a hole allowing hackers to steal personal information or send unwanted e-mail, or spam.

Symantec has reported finding found more than 38,000 Web sites containing source code for viruses and worms. In most instances, authorities are able to shut the sites down, but analysts also think that source code is transferred over the Internet in ways that are more difficult to trace. Virus and worm writers use small mailing lists, chat rooms and instant-messaging programs, as well as file-sharing networks such as Kazaa.

Analysts believe that only a small number of people have been given access to the source code of the most disruptive worms. But that hasn’t stopped the variants from infecting millions of computers.

“A lot of people are getting hit with these, especially when you see the e-mail viruses,” Miss Ruckman said.

Copyright © 2022 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide