Sunday, August 21, 2005
Attack of the Worms
In the past week, the mainstream news media has been awash with speculation that cybergangs are having a turf war by unleashing worms and malware all over the internet. The reason security experts are speculating that a bot war is going on is that some worms are undoing versions of other worms that were previously in place on infected computers.
These worms contain bot code that allows criminals to remotely control a computer. The infected computers are organized into networks, which are rented out to fraudsters. The bot networks are then used in phishing, pharming, and a host of other computer crimes designed to steal financial or personal information (identity theft).
The first worm (Zotob) appeared last Sunday then disappeared. After that several Zotob variants appeared and a another new worm (Bozori) appeared. In addition to this newer versions of already identifed worms began showing up (Rbot, Sdbot, Codbot and IRCbot).
Even CNN, ABC and the New York Times were compromised in this series of attacks, along with computers all over the world.
To protect yourself against this attack (Microsoft 2000 users are the most vulnerable) go to Microsoft's malware removal tool, which is free. Symantec Zotob Removal Tool is another free option to see if there is any damage to your system, along with options for repair/removal.
My theory is that awareness and communication, along with some old fashioned prosecution and political action are cures for the current outburst of financial and cyber crimes. If you want to help, always report any known attempts to law enforcement. Here is a good resource for doing this:
You might also pass on the removal tools to anyone you know that might have been compromised. Perhaps, we can take a bite out of this activity ourselves?
If you are interested in previous posts, I have done on gangs involved in financial and cyber crimes, here are links to them: